Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

AIP On-Premise Scanner Searching Document Properties

Copper Contributor

Hi there,


My workplace has set up the AIP on-premise scanner and we're carrying out testing to make sure we can search for all content that we're looking for. 

So far we've created custom SITs with keyword lists, labels to test applying and Data Loss Prevention policies and mainly this is working well.

However, according to the doucmentation here:


We should be able to create options in DLP policies to check for custom document properties but there's nothing in the documentation that explains how to do this. We've looking within MVP and community blogs, YouTube videos etc but can't see how this is achieved. We can see the option within DLP policy creation to add document properties as search options but not how to make sure we are setting this properly as we get no results when running scans for document properties.


Has anyone used this ability within the on-premise scanner configuration?


Ideally we'd like to be able to search for key words in file names as well as within custom document tags for Office documents.


Any pointers greatfully received.

2 Replies

Hi @GDamble71 


Thank you for posting your issue!


I think the best article that will help you with this is linked below by @JoanneCKleinMicrosoft which covers using a Documents property in a policy. You may notice she uses SharePoint as an example but it is still relevant to what you're attempting to do, as the condition is the same. Just make sure you're using the On-Premises Repository as the only location when configuring your DLP policy and this should start properly detecting files that have document properties you specify.


A SharePoint Content Type DLP Policy – Joanne C Klein

Hi Mike,

Thanks very much Mike.
I'll look to run through that and test to confirm. I'd looked at Joanne's blogs and had saw that one but thought that there might not be a tie in to the on-premise scanner. My misunderstanding of the setup.
I'll use the SharePoint file upload to allow me to see the correct property to map a custom property name to for testing.