Running the AIP Scanner in detect-only mode

Reading time: 2 minutes

Azure Information Protection Scanner

The AIP Scanner has been around for some time and I do notice an upbeat in the use of the platform. Organizations I speak with want to have a clearer understanding of the data they are planning to migrate to the Microsoft cloud. In addition to more common parameters like the date of last modification or the filetype, these organizations are also interested in the sensitivity of the data.

This is where the AIP Scanner comes in, as it allows you to scan your on-premises network shares and SharePoint Server environments. Sidenote: from SharePoint 2013 upwards. Deploying the scanner takes some time, but is documented by Microsoft here: https://learn.microsoft.com/en-us/purview/deploy-scanner. And I’ve also written some articles on this as well.

Detect-only

In the scenario I described above, the goal is to determine the sensitivity of documents stored on network shares. A small sidenote on this. The Entra ID account you use for the scanner does not have to be added to a specific Information Protection label policy for this detect-only to work. You will need to add this account to a policy when you need to apply sensitivity labels to the documents.

Small tip: create a specific label policy for this.

To scan the data, we create a specific content repository in the scanner settings. Just a reminder, these settings are found in the Microsoft Purview admin center | Settings | Information Protection Scanner. Add your repository. In my example, I use the \\azureipscanner\scanner_docs location.

Small tip: for testing purposes, use a location with a small set of dummy content.

In the repository settings, make sure to use these settings. The option Label files based on content is required, even though no labels are applied. This is weird, but in my experience, no information is detected when this option is left off.

Where to find the results?

Some years ago you needed to go to either the server itself or the Azure Information Protection portal to get to the results. The first option is relevant and can be used. But you will need to access the server for this. The storage location is %localappdata%\Microsoft\MSIP\scanner\Reports (when using the account the scanner uses). Here you will find a summary and a detailed overview (see below).

However, as we are working from Microsoft Purview, we can also use the admin center for this. To get an overview of scanned documents, you go to Data classification | Activity explorer. The default columns for this overview will not be very helpful. So change these to show only the relevant ones and the Sensitive info type. This last one will show you the detected sensitive information (SITs), including any custom SITs you may have added.

Quick note: I cannot explain the double entries in the screenshot….

One nice thing about this portal is when selecting the sensitive type, you get an overview of all SITs that were discovered in the specific document. This is also present in the locally stored log file. And as you can see, this document has a lot of medical type information.

And this makes sense, as this document is an example document used in the medical profession. So the detection of the SITs worked. And yes – it also detected a New Zealand Inland Revenue number and Polish REGON Number. But these are false positives and might require another blog article 🙂

Note: this is dummy content!

Working with this data

If needed, you can export this data to a CSV file. This allows you to sort, filter, and do all the other nice Excel things you want to do. The portal is kind of limited in that sense, which is a drawback. However the export function should enable you to create the overviews you need.

As for the next steps, these are not related to the AIP Scanner. You might want to clean up your data before migrating it. Or you might want to apply a sensitivity label and migrate it as well. Or choose another option altogether. That’s part of your migration scenario.

Finishing up

I wanted to write this short article as I myself am sometimes finding it difficult to find information on the AIP Scanner. I hope that this helps you along.