Aug 03 2023 12:27 PM - last edited on Nov 09 2023 11:03 AM by miller34mike
I have on premises repository in TBs. I have already configured information protection scanner and added repository where files are placed and my scanner is scanning the files also. I want to auto label them based on content matching.
Auto label files as "Confidential" when there is a match of world "budget"
Auto label files as "Internal use only" when there is a match of word "leave request form"
I know auto labeling is available for M365 for example exchange, ondrive and sharepoint. but How can I achieve above using information protection scanner.
Please help. Thanks
Aug 04 2023 07:06 AM
Thank you for posting your question here, I understand you're looking to apply labels automatically in your on-premises repositories through the MPIP scanner.
To do this, you will actually need to set the auto labeling option within the sensitivity label itself that you want to be applied and then make sure that label or the labels are assigned to your service account through a label policy.
Then when you configure the content scan jobs in the purview admin portal, I recommend leaving the label settings as the policy default.
You can read more on this here:
Aug 09 2023 04:50 AM
Just following up to see if my initial reply helped with your question?
Aug 15 2023 06:48 AM
Aug 18 2023 03:42 AM
Hi, @securityxpert1122 ,
What is the below setting currently set to on your content scan job?
Aug 18 2023 04:42 AM
Nov 08 2023 11:54 AM
This is interesting. So I have the AIP Scanner installed and it is not labeling. I understand from following this thread that we need to add the Service Account to the auto label policies (with the SITs defined). My question though is where do we add the Service Account on this "choose locations" page...
for example, the UNC path I am trying to point to is I:\Security\AIP Scanner Test Data
Thanks for any guidance!
Nov 09 2023 11:09 AM
So, yes, you need to add the service account to the auto-labeling scope, but not that auto-labeling scope. You need to have one of your labels configured for auto-labelling and then have that label deployed to your service account through the label policy.
I'd recommend checking out this article for getting everything setup.
Nov 13 2023 07:06 AM
@miller34mike Thanks for the great write up in that link Mike! I am left wondering though if we can't use the auto labeling policies we set up already (screenshot below). They were created through the "Auto-Labeling" section of the Information Protection blade.
They have been running in pilot for a few months and we'd like to avoid having to scrap them and get back to creating the auto label policies through the labels themselves if possible. They are all designed to pick up SITs and auto label as Confidential. I'd like to point them to the on-premises file shares as mentioned above. Is this a possibility or are we back to the drawing board so to speak?
Nov 22 2023 09:42 AM
Nov 22 2023 09:43 AM
Nov 25 2023 05:48 AM
I encourage you to read through this blog post I've linked below. It will run you through the full configuration of the scanner, including how to leverage it in discovery mode.
Nov 25 2023 04:37 PM
The Auto-label policies you're referencing there cannot be point towards your on-premises files. Thos must be auto-labeled through the label itself. Those auto-label policies you're referencing are for cloud files/exchange online only.