Blog Post

Microsoft Security Community Blog
2 MIN READ

Auditing sensitive data on Windows endpoints using the Azure Information Protection client

Kevin McKinnerney's avatar
Kevin McKinnerney
Icon for Microsoft rankMicrosoft
May 10, 2019
Getting an accurate visualization of sensitive data in your environment is a challenge that all companies face. This is even more of a challenge when you have thousands of employees that work remotel...
Updated May 11, 2021
Version 4.0
information protection and governance
microsoft information protection
montgomeryplattner's avatar
montgomeryplattner
Copper Contributor
Aug 01, 2019

Kevin McKinnerney - Should this be listed as RunAuditInformationTypeDiscovery or RunAuditInformationTypesDiscovery in the advanced settings of an AIP policy? I am seeing a conflict between this article and the https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-customizations#disable-sending-discovered-sensitive-information-in-documents-to-azure-information-protection-analytics. I've added both to our Global scope but am still getting "Information Types Matches: None" when looking at the document information protection properties in the Data Discovery blade of AIP. The passive data discovery feature does not seem to be working. The only instance where this correctly populates the matched information types is on an endpoint that was scanned with the AIP scanner.