Forum Discussion

Justin_V1620's avatar
Justin_V1620
Copper Contributor
May 23, 2025

Need help with MSIP Scanner

Hello, I was hoping to get some help with our on prem MSIP Scanner.   start-scannerDiagnostics command looks good below. But the scan just keeps running and never finishes. The MSIPScanner log fil...
Ankit365's avatar
Ankit365
Brass Contributor
May 26, 2025

According to the May 2025 Microsoft Learn documentation, for a scan job to start scanning content, you must ensure that:
At least one data repository (like a file share or SharePoint Server site) is defined and accessible;
At least one scan rule is assigned to the scan job, which either applies a sensitivity label or uses a detection condition (such as a SIT);
The scanner profile is published and active, and the scanner service account has read access to the paths in the scan rule.
Even if all other diagnostics pass — authentication, database, connectivity —, the scanner will sit idle with TotalScannedFiles: 0 and profile: null if the configuration is not actionable. To resolve this, revisit your scan profile in the Purview portal, confirm that it's linked to a valid scan rule, ensure the paths are reachable from the scanner node, and republish the configuration. Restarting the scanner service after that typically forces it to pull the updated profile and begin scanning.

Also, make sure you have set the correct config in your Purview Portal settings for scanning. The read only scanner, which only scans and does not apply labels or make any changes, requires a correct set of configurations. I made the same mistake, and it was fixed after a little research last year.

JustinV2025's avatar
JustinV2025
Copper Contributor
May 29, 2025

Hello Ankit, Thank you so much for the reply! I think our scanner has a few issues and we resolved at least one of them. Our scanner was stuck, and clearing the files in %LocalAppData%\\Microsoft\\MSIP\\mip\\<processname>\\mip, then running start-scannerDiagnostics -ResetConfig and then finally running start-scan -reset seems to have helped it along. We can now run scans and they will complete, however there is still an issue with the results. The content scan job results show it's essentially failing on every file and in the logs it show "Failed, Repository configuration incorrect. No action to apply"  even though we have set "Info types to be discovered - ALL" and I know for certain there are SSN's and other sensitive files in this location. We do not have any DLP Rules configured at this time, and don't want to take action on the files. Our hope is that we can use the scanner to identify sensitive information types, and add their record to the Information Protection Activity Explorer, and then export this to a spreadsheet to manually work with customers to delete their files. 

  • JustinV2025's avatar
    JustinV2025
    Copper Contributor
    May 30, 2025

    We are looking fantastic now, everything is working, and the issue was exactly as you described and we found some additional details here https://alberthoitingh.com/2020/12/08/handeling-errors-information-protection-scanner/

    We did not have the setting "Label files based on content" enabled because I thought it would mess with the files, but turns out, this is required for the scanner to inspect the files for sensitivity types.

    • Ankit365's avatar
      Ankit365
      Brass Contributor
      May 30, 2025

      Glad it worked.. 🙂

Resources