cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Information Protection - How to identify and reassign ownership to files when staff leave?

Gerry Morley
Brass Contributor

‎Jul 02 2020 04:18 AM

‎Jul 02 2020 04:18 AM

Azure Information Protection - How to identify and reassign ownership to files when staff leave?

Hi there - just implementing Azure information protection for the first time and I'm trying to find out the best way to deal with the scenario where a users leaves a company and the business/IT administrator wants to be able to find all the files that user had protected using AIP labels and that the ex employee was the sole owner of and then wishes to reassign the ownership of those files (either automatically or manually) to another user in the company.

 

I know the super user can be created who can take ownership of an AIP protected file however the problem is

(i) how do you identify all the files a particular person was the sole owner of across both an on premise file server (where scanner has been deployed) and SharePoint? 

(ii) how do then use the output from (i) and reassign ownership to all the relevant files.

 

Thanks

Gerry

Labels:
4,083 Views
1 Like
3 Replies
Reply
3 Replies
PeterRising

‎Jul 02 2020 10:12 AM

‎Jul 02 2020 10:12 AM

Re: Azure Information Protection - How to identify and reassign ownership to files when staff leave?

@Gerry Morley 

 

As an AIP superuser, you will be able to view all protected shares via https://track.azurerms.com/ but as far as I am aware there is no specific search mechanism to identify content which has been effectively orphaned by a departed user.

1 Like
Reply
Gerry Morley

‎Jul 03 2020 12:26 AM

‎Jul 03 2020 12:26 AM

Re: Azure Information Protection - How to identify and reassign ownership to files when staff leave?

@PeterRising Thanks for the reply.

 

I got told on answers.microsoft.com 

"you may use the below cmdlet to get label and protection status for all files in a folder, and export the result to a CSV file, then you can filter the RMSOwner and RMSIssuer in the CSV file.

Get-AIPFileStatus -Path \\***\***\ | Export-Csv C:\***\AIP-status.csv"

 

Though I haven't tested this  - it sounds like this may cover part (i)

 

So the next step, part (ii), would be then to figure out how to take that output and use it as input to a command to reassign ownership (if such is possible)?

1 Like
Reply