Gain visibility into sensitive data across your organization with Azure Information Protection analytics


The information protection lifecycle wouldn’t be complete without the ability to understand the state of your sensitive data – along with the ability to remediate potential issues. Today we are announcing the public preview of Azure Information Protection analytics, which gives you insights into labeled and protected documents and emails across your organization. Those insights now become possible as a result of sending information protection audit events from Azure Information Protection clients and scanner to a centralized location based on Azure Log Analytics service. 



The Usage report dashboard provides information on the volume labeled and protected documents and emails over time, label distribution of files by label type, along with where the label was applied.


AIP usage report.png

Azure Information Protection analytics gives you better visibility into your labeled and protected files.



The data discovery dashboard provides information on the location of sensitive data within your organization, such as: location of documents labeled as confidential, data containing GDPR, PCI and other highly regulated information.


You can drill into file repositories (scanned by the Azure Information Protection scanner) to inspect where sensitive data resides, as well as what sensitive content they contain (such as financial info, PII or other information based on content inspection).


AIP data discovery.png

Azure Information Protection analytics gives you better visibility into where your sensitive data resides across file repositories and endpoint devices.



If you wish to inspect audit raw data, export the result to Excel or PowerBI, or write your own custom queries, you can do so by clicking on the Log Analytics icon from the dashboard. AIP audit log data is stored in table: InformationProtectionLogs_CL.


AIP log analytics.png

Azure Log Analytics view of AIP audit logs allows you to inspect the raw data and write your own queries.



Prerequisites for Azure Information Protection analytics preview

To view the Azure Information Protection reports, make sure that the following requirements are in place.




More information

An Azure subscription that includes Log Analytics

See the Azure Log Analytics pricing page.

If you do not have an Azure subscription or you do not currently use Azure Log Analytics, this page includes a link for a free trial.

The current preview version of the Azure Information Protection client v1.38.7.0 or above

If you haven't already installed the current preview version of the client, you can download and install it from the Microsoft Download Center.

For the Discovery report:

- You have deployed the Azure Information Protection scanner

For installation instructions, see Deploying the Azure Information Protection scanner to automatically classify and protect files.

If you are upgrading from a previous version of the scanner, see Upgrading the Azure Information Protection scanner.


By now, you might be wondering what these dashboards look like with data collected from your own endpoints. Get the prerequisites squared away, and then head over to the Azure portal to have a look. If you need more information, see our new documentation, Central reporting for Azure Information Protection.


We look forward to your feedback!


Azure Information Protection team




Occasional Visitor

How does the a scanner get recognized under the Node blade?  I currently have a scanner configured and running, however, it does not appear under the node blade.


Node Preview Blade.PNG




Hi Robert,

Thank you for your input. AIP scanner node blade requires AIP version and up. If the issue still persists, please open a support ticket.



Senior Member

I am using scanner version The scanner does show up under the Nodes menu. However, after doing a scan on a share it does not show up in the data discovery in the location area. Is there something I am missing? Thanks

Occasional Visitor

Hi Lior, 


Great Job! Happy to partner with you guys, by adding to the AIP/MIP even further advanced querying, GDPR/CCPA and policy enforcement (even for Mac and Linux!)


Guy Leibovitz (Cognigo)




how do i "Reset" the results, 

for example i changed the policy and running the scanner again and i want to "reset" the dashboard to only show the new results ? 




You would have to re-run AIP scanner on the same repositories and you will see the latest results in AIP Discovery blade.


Thank you


but running the scanner again wont "delete" the previous info in the dashboard, how do you " reset the dashboard " ?

Occasional Contributor

If I want to use Analytics for Azure Information Protection, does it need to azure subscription?

I am now using Microsoft 365 E5 License for making AIP environment, but it looks difficult to know without Analytics checking file activity adapted AIP policy. Do you have any way to use these features on AIP?

Occasional Visitor

Is there a way to report on the number of users/machines that have installed the AIP client within your organization?