Forum Discussion

securityxpert1122's avatar
securityxpert1122
Copper Contributor
Aug 03, 2023

Auto label based on content matching by Information protection scanner

I have on premises repository in TBs. I have already configured information protection scanner and added repository where files are placed and my scanner is scanning the files also.  I want to auto label them based on content matching.

for example:

Auto label files as "Confidential" when there is a match of world "budget"

Auto label files as "Internal use only" when there is a match of word "leave request form" 

 

I know auto labeling is available for M365 for example exchange, ondrive and sharepoint. but How can I achieve above using information protection scanner.

Please help. Thanks

 

 

Azure Information Protection
Azure Information Protection Scanner
Azure Purview
    • securityxpert1122's avatar
      securityxpert1122
      Copper Contributor
      Aug 15, 2023
      I followed exactly what you said but labels are not being applied.
      Shall I create auto labeling policy also?
  • miller34mike's avatar
    miller34mike
    Icon for Microsoft rankMicrosoft
    Aug 04, 2023

    Hi, securityxpert1122 

     

    Thank you for posting your question here, I understand you're looking to apply labels automatically in your on-premises repositories through the MPIP scanner.

     

    To do this, you will actually need to set the auto labeling option within the sensitivity label itself that you want to be applied and then make sure that label or the labels are assigned to your service account through a label policy.

     

    Then when you configure the content scan jobs in the purview admin portal, I recommend leaving the label settings as the policy default.

     

    You can read more on this here:

     

    https://learn.microsoft.com/en-us/purview/deploy-scanner-configure-install?tabs=azure-portal-only#configure-the-scanner-to-apply-classification-and-protection

     

     

    • Luke_Michael_Fisher's avatar
      Luke_Michael_Fisher
      Copper Contributor
      Nov 08, 2023

      miller34mike 

      Hi Mike!

      This is interesting. So I have the AIP Scanner installed and it is not labeling. I understand from following this thread that we need to add the Service Account to the auto label policies (with the SITs defined). My question though is where do we add the Service Account on this "choose locations" page...

       

      for example, the UNC path I am trying to point to is I:\Security\AIP Scanner Test Data

       

      Thanks for any guidance!

       

       

      Best regards,

      Luke Fisher

      • miller34mike's avatar
        miller34mike
        Icon for Microsoft rankMicrosoft
        Nov 09, 2023

        Luke_Michael_Fisher 

         

        Hey Luke!

         

        So, yes, you need to add the service account to the auto-labeling scope, but not that auto-labeling scope. You need to have one of your labels configured for auto-labelling and then have that label deployed to your service account through the label policy.

         

        I'd recommend checking out this article for getting everything setup.

         

        On-premises DLP with Microsoft Purview (cloudy-sec.com)

Resources