MicrosoftHi Denis,
I am also getting an error on my nodes stating "Error: Policy does not include any automatic labeling condition" in AIP. While I set the content scan job to only discover info types defined in a policy, I do have a label in the Office 365 Security and Compliance Center that automatically applies protection. That label is also published in a label policy. So not sure what's going on. I will note that the AIP Scanner service account is not part of that label policy published in the S&C Center. Could that be my issue?
I did stop the AIP service, delete the 'mip' folder under "C:\Users\AIP.Scanner\AppData\Local\Microsoft\MSIP\mip\MSIP.Scanner.exe" and verified it was recreated when the AIP service restarted. So it seems to be picking-up the policy. Otherwise, the only difference between my dev tenant, where targeted AIP scanning works, and the prod tenant is the difference with the label policy members. In dev I have the label policy applied to all users, while prod only has pilot users defined.
I'll also note that while my AIP scans were successful when searching for all the sensitive info types, I recently received a different error about an invalid database schema. Upgrading the client from 2.6.11 to 2.8.85 and running Update-AIPScanner all seemed to go fine, but maybe something didn't work right there. I don't need to obtain an Azure AD token for the AIP scanner service again after a UL client upgrade, do I?
And thanks for the above info. With the recent changes to AIP with the UL client, finding current and relevant info on AIP is like finding a needle in a stack of slightly older needles. 🙂 Plenty of info out there, but mostly outdated content as it references the AIP classic client and the like. And almost none of it is from people who've deployed and managed this in a production environment. So you're troubleshooting steps are a huge help!
