Blog Post

Security, Compliance, and Identity Blog
10 MIN READ

Installation, Configuration, and Usage of the AIP Scanner

Kevin McKinnerney's avatar
Kevin McKinnerney
Icon for Microsoft rankMicrosoft
Aug 01, 2018
The Azure Information Protection Scanner is a program designed to detect, classify, and optionally protecting documents stored on File Shares and On-Premises SharePoint servers. The overview below is...
Updated May 11, 2021
Version 7.0
microsoft information protection
Kevin McKinnerney's avatar
Kevin McKinnerney
Icon for Microsoft rankMicrosoft
Aug 08, 2018

The Service Account is an account you create on premises and sync into Azure AD.  It requires the rights as explained in this article but these are standard and should not be a problem in most environments.

 

  • Service requires Log on locally right and Log on as a service right (the second will be given during scanner service install)
  • Service account requires Read permissions to each repository for discovery and Read/Write permissions for classification/protection

Additional information about the Service Account and advanced permissions can be found at https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner#prerequisites-for-the-azure-information-protection-scanner and https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner#deploying-the-scanner-with-alternative-configurations