Forum Discussion

securityxpert1122's avatar
securityxpert1122
Copper Contributor
Nov 22, 2023

Purview scanner to scan on-prem files and show result without labeling the files

We have configured the scanner to scan the on-prem files with auto labeling condition set in label (confidential) to show us the results in activity explorer with the matching results of sensitive info types which is configured inside Label.

 

We set the options that tells the scanner to inspect files for policy based SITs available labels report results in activity explorer, but don’t apply any label. So that we can identify false positives, fine tune our custom sensitive info types and then enforce label to on-prem files afterwards.

 

However, we could not see any results in activity explorer.

 

Question: how does scanner works only in discovery mode - show us the files which contains the sensitive info types and can be labeled based on auto labeling policy. Does it show results in activity explorer? 

 

Shall it work in similar way as auto labeling simulation works? Since auto labeling simulation shows results in activity explorer but scanner does not. Please help to identify issue. Thanks

 

 

  • Hi securityxpert1122 

     

    I believe you asked this question on a different thread where I posted an article to help with this. However, with Discovery mode, I would recommend creating a DLP policy looking for files containing the data you want to be aware of and leave it in audit only mode. The files matching the policy would reflect in Activity Explorer as a "Policy match".

     

    Also, as you'll see in the article linked below, you can tell the scanner which sensitive info types to scan for itself and all scan results will be stored in a .csv file on the scanner server.

     

    On-premises DLP with Microsoft Purview (cloudy-sec.com)

Resources