Forum Discussion
Auto label based on content matching by Information protection scanner
I have on premises repository in TBs. I have already configured information protection scanner and added repository where files are placed and my scanner is scanning the files also. I want to auto l...
Hi Mike!
This is interesting. So I have the AIP Scanner installed and it is not labeling. I understand from following this thread that we need to add the Service Account to the auto label policies (with the SITs defined). My question though is where do we add the Service Account on this "choose locations" page...
for example, the UNC path I am trying to point to is I:\Security\AIP Scanner Test Data
Thanks for any guidance!
Best regards,
Luke Fisher
miller34mike
Microsoft
Microsoft
Hey Luke!
So, yes, you need to add the service account to the auto-labeling scope, but not that auto-labeling scope. You need to have one of your labels configured for auto-labelling and then have that label deployed to your service account through the label policy.
I'd recommend checking out this article for getting everything setup.
miller34mike Thanks for the great write up in that link Mike! I am left wondering though if we can't use the auto labeling policies we set up already (screenshot below). They were created through the "Auto-Labeling" section of the Information Protection blade.
They have been running in pilot for a few months and we'd like to avoid having to scrap them and get back to creating the auto label policies through the labels themselves if possible. They are all designed to pick up SITs and auto label as Confidential. I'd like to point them to the on-premises file shares as mentioned above. Is this a possibility or are we back to the drawing board so to speak?
- miller34mike
Hey, Luke_Michael_Fisher
The Auto-label policies you're referencing there cannot be point towards your on-premises files. Thos must be auto-labeled through the label itself. Those auto-label policies you're referencing are for cloud files/exchange online only.
- I want to run the scanner in discovery mode only.
I have custom content types configured in label's auto label policy. I want to scan on-prem fileshare but I dont want to label them for now, just a scan result to see which content types are being matched with files stored in on-prem repository.
I have scanner account which has read-only rights on on-prem folders. Labels are published to that scanner account. Please guide how can I generated results without labeling the files. also are those results available on activity explorer?
