AIP Scanner++ is now available to download!
Many customers have found themselves having terabytes of data of unstructured data but aren’t certain how much of that needs to be protected. In previous years going through your data trying to find the sensitive data has proven quite difficult. To combat this Microsoft have introduced the AIP scanner to help with bulk encryption of data, however they have also provided a way to discover different types of data that is scattered throughout customers networks.
How it can be achieved!
The AIP scanner now includes a feature that allows the discovery of sensitive data by scanning against all of the information types defined in Office 365 and custom types that customers can create. The new parameter that is associated with the ‘set-AIPScannerConfiguration’ and is called ‘-DiscoverInformationTypes’. When this property is set to ‘All’, the scanner will use any custom conditions that customers have specified for labels in the Azure Information Protection policy, and the list of information types that are available to specify for labels in the Azure Information Protection policy. When customers use this option labels are not required to be configured for any conditions however it is worth noting that this setting is only for discovery. If customers would like to be able to classify and protect the identified items they will need to configure automatic conditions on the labels to classify/protect the documents based on the information type (AIP P2/EMS E5) or use a default label to apply classification and labelling to an entire repository (AIP P1/EMS E5).
The following command will allow you to scan all your repositories against all information types:
‘Set-AIPScannerConfiguration -Enforce Off -Schedule OneTime -Type Full -DiscoverInformationTypes All’
After running the scan the log files can be found at ‘c:\users\<scanner service account profile>\appdata\local\Microsoft\MSIP\Scanner\Reports’
