A new Directory Role is now available (in preview) to delegate Azure Information Protection management.

This new role – Information Protection Administrator – allow you the delegation of the AIP management, granting permissions to configure policies labels and settings, configure and manage AIP templates or activate/deactivate AIP functionality.

image

As usual you can grant this role from the Azure AD\Users management blade or even better using the Azure AD Privileged Identity Management (PIM)