Hello Mavi Etzyon-Grizer Dean_Gross you can use this
AIP Client: (deployed/in-progress)
Whitelist AIP URLS : (Yes/No)
SQL DB = (Name) or (SERVER\Instance)
Label Configuration Req
##########################
Create and publish at least one lable to the scanner
Recommended to set up automatic rules, or if not, must use info types to be discovered = All
##########################
Create Scanner cluster = CLUSTERNAME
COntent Scan Job
Network Scan Job (optional)
Configure AAD App and grand permissions
##########################
AppName = AIP-ScannerUL
Web URI = https://localhost
AppId =
AppSecret =
TenantId = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Rights to give
Azure Rights Management Services (3)
Content.DelegatedReader
Content.DelegatedWriter
Content.SuperUser
Microsoft Information Protection Sync Service (1)
UnifiedPolicy.Tenant.Read
Accounts and apps
###########################
Service Account (AD account) =
DelegatedUser (AAD Account) =
Share Admin Account =
Standard (Weak) Account (only domain user group) =
Installing scanner service
##########################
Installing account
sysadmin + local admin on the scanner
Scanner service account
granted all rights by installing user
$serviceaccount = Get-Credential -Username SERVICEACCOUNTNAME -Message -ScannerAccount
Install-AIPscanner -SqlServerInstance SQLDBNAME -Cluster CLUSTERNAME - ServiceUserCredentials $serviceaccount
Set-AIPAuthentication -AppId "" -AppSecret "" -TenantId "" -DelegatedUser "DELEGATEDUSERNAME" -onBehalfOf $serviceaccount
Verify the installation
##########################
Start-AIPscannerDiagnostics -onBehalfOf $serviceaccount
Network Discovery
##########################
$shareadminaccount = Get-Credential -Username SHAREADMINACCOUNTNAME -Message -ShareAdminAccount
$publicaccount = Get-Credential -Username STANDARDACCOUNTNAME -Message -PublicUser
Install-MIPNetworkDiscovery -SqlServerInstance SQLDBNAME -Cluster CLuSTERNAME - ServiceUserCredentials $serviceaccount -ShareAdminUserAccount $shareadminaccount -StandardDomainUserAccount $publicaccount