Forum Discussion
AIP scanner job error: Policy is missing
We deployed AIP scanner couple of weeks ago and completed a scan and got the scan report. This week edited the scan job to automatically label the documents with a default label. Now we noticed ...
Hello,
The error "Policy is missing" in the Azure Information Protection (AIP) scanner typically occurs when the scanner cannot retrieve the necessary policy configuration to apply labels or perform the scan job.
After modifying the scan job to auto-label documents, ensure that the updated policy has been correctly published to the AIP scanner. It’s possible the scanner node did not receive the updated labeling policy.
Manually synchronize the policy for the AIP scanner using the following PowerShell command:
Start-AIPScan -PolicySync
Ensure the scanner is correctly configured to pick up the new labeling policy. Sometimes, policy changes are not applied due to caching or connectivity issues.
Solution: Verify the scanner configuration in the Azure portal or through the AIP scanner's configuration files and ensure the proper label is selected for auto-labeling.
Ensure that the label you are trying to apply has the correct permissions and is published in the labeling policy assigned to the scanner.
Solution: Go to the Azure Information Protection portal and check if the label is properly published in the policy and that the scanner service account has access to apply the label.
Verify that the service account running the AIP scanner has adequate permissions to retrieve the policy and apply the labels. Any recent changes to the account permissions could affect this.
Solution: Ensure that the service account has Reader or Information Protection Administrator roles in Azure.
Sometimes changes in the policy take time to propagate across the scanner nodes, especially in environments with multiple nodes.
Solution: Wait for a reasonable amount of time for the policy changes to propagate or restart the AIP scanner service to force a refresh.
Stop-AIPScanner
Start-AIPScanner
Best Regards,
Ali Koc
The error "Policy is missing" in the Azure Information Protection (AIP) scanner typically occurs when the scanner cannot retrieve the necessary policy configuration to apply labels or perform the scan job.
After modifying the scan job to auto-label documents, ensure that the updated policy has been correctly published to the AIP scanner. It’s possible the scanner node did not receive the updated labeling policy.
Manually synchronize the policy for the AIP scanner using the following PowerShell command:
Start-AIPScan -PolicySync
Ensure the scanner is correctly configured to pick up the new labeling policy. Sometimes, policy changes are not applied due to caching or connectivity issues.
Solution: Verify the scanner configuration in the Azure portal or through the AIP scanner's configuration files and ensure the proper label is selected for auto-labeling.
Ensure that the label you are trying to apply has the correct permissions and is published in the labeling policy assigned to the scanner.
Solution: Go to the Azure Information Protection portal and check if the label is properly published in the policy and that the scanner service account has access to apply the label.
Verify that the service account running the AIP scanner has adequate permissions to retrieve the policy and apply the labels. Any recent changes to the account permissions could affect this.
Solution: Ensure that the service account has Reader or Information Protection Administrator roles in Azure.
Sometimes changes in the policy take time to propagate across the scanner nodes, especially in environments with multiple nodes.
Solution: Wait for a reasonable amount of time for the policy changes to propagate or restart the AIP scanner service to force a refresh.
Stop-AIPScanner
Start-AIPScanner
Best Regards,
Ali Koc