cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MIP Scanner deployment - watch our video!
By
Mavi Etzyon-Grizer
Published Dec 30 2020 12:26 PM 8,925 Views
Mavi Etzyon-Grizer
Microsoft
‎Dec 30 2020 12:26 PM

MIP Scanner deployment - watch our video!

‎Dec 30 2020 12:26 PM

Attached is quick video that walks you through our scanner architecture and deployment steps!

FYI - when referring to "Discover and Protect" video we are referring to the Ignite one: Discover and protect your on-premises data using Microsoft Information Protection

 

 

Enjoy!

 

 

9 Comments
AlonsoTI
Copper Contributor
‎Dec 30 2020 03:14 PM
‎Dec 30 2020 03:14 PM

Good video Mavy :D

ChristopheHumbert
Bronze Contributor
‎Dec 31 2020 05:57 AM
‎Dec 31 2020 05:57 AM

Hello @Mavi Etzyon-Grizer 

 

Would it possible to have the checklist file

 

Thanks in advance

 

Happy new year 2021

Best Regards

Dean Gross
Silver Contributor
‎Jan 17 2021 10:04 AM
‎Jan 17 2021 10:04 AM

Thanks for doing this, watching someone else go through all of the steps is very helpful. Please do more of these for all of the various MIP installation/configuration tasks.

 

Please share the checklist also. 

@Mavi Etzyon-Grizer 

0 Likes
Like
ChristopheHumbert
Bronze Contributor
‎Jan 18 2021 01:40 AM
‎Jan 18 2021 01:40 AM

Hello @Mavi Etzyon-Grizer @Dean Gross you can use this

AIP Client: (deployed/in-progress)
Whitelist AIP URLS : (Yes/No)
SQL DB =  (Name) or (SERVER\Instance)

Label Configuration Req
##########################
Create and publish at least one lable to the scanner
Recommended to set up automatic rules, or if not, must use info types to be discovered = All
##########################

Create Scanner cluster = CLUSTERNAME
COntent Scan Job
Network Scan Job (optional)


Configure AAD App and grand permissions
##########################
AppName		=	AIP-ScannerUL
Web URI 	=	https://localhost
AppId		=
AppSecret	=
TenantId	=	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Rights to give
Azure Rights Management Services (3)
Content.DelegatedReader
Content.DelegatedWriter
Content.SuperUser

Microsoft Information Protection Sync Service (1)
UnifiedPolicy.Tenant.Read

Accounts and apps
###########################
Service Account (AD account) 						= 
DelegatedUser (AAD Account)							= 
Share Admin Account									=
Standard (Weak) Account	(only domain user group)	= 


Installing scanner service
##########################
Installing account
sysadmin + local admin on the scanner

Scanner service account
granted all rights by installing user

$serviceaccount = Get-Credential -Username SERVICEACCOUNTNAME -Message -ScannerAccount

Install-AIPscanner -SqlServerInstance SQLDBNAME -Cluster CLUSTERNAME - ServiceUserCredentials $serviceaccount

Set-AIPAuthentication -AppId "" -AppSecret "" -TenantId "" -DelegatedUser "DELEGATEDUSERNAME" -onBehalfOf $serviceaccount

Verify the installation
##########################
Start-AIPscannerDiagnostics -onBehalfOf $serviceaccount


Network Discovery
##########################
$shareadminaccount = Get-Credential -Username SHAREADMINACCOUNTNAME -Message -ShareAdminAccount
$publicaccount = Get-Credential -Username STANDARDACCOUNTNAME -Message -PublicUser

Install-MIPNetworkDiscovery -SqlServerInstance SQLDBNAME -Cluster CLuSTERNAME - ServiceUserCredentials $serviceaccount -ShareAdminUserAccount $shareadminaccount -StandardDomainUserAccount $publicaccount
ChristopheHumbert
Bronze Contributor
‎Jan 18 2021 11:53 PM
‎Jan 18 2021 11:53 PM

BTW the install of MIPnetworkDisovery is not necessary. You better put the Install AIPScanner with all the users necessary. It installs the AIPnetworkdiscovery in the same time

 

BTW try to avoid having proxy on your scanner...this is a real pain..

0 Likes
Like
ChristopheHumbert
Bronze Contributor
‎Jan 20 2021 06:35 AM
‎Jan 20 2021 06:35 AM

Hello @Mavi Etzyon-Grizer 

it seems that the SharedAdminAccount  is not use against shared folder/path during a content scan...Is this a bug?

 

Thanks

0 Likes
Like
Hen David
Microsoft
‎Jan 20 2021 06:56 AM
‎Jan 20 2021 06:56 AM

@ChristopheHumbert Can you please explain what do you mean in your last comment?

0 Likes
Like
ChristopheHumbert
Bronze Contributor
‎Jan 20 2021 07:10 AM
‎Jan 20 2021 07:10 AM

Hello @Hen David 

 

I have setup the scanner with 3 different accounts as explained

The service account

The sharedadmin account which has access to the share file

the simple user

 

The content scan was not able to crawl the content of the shared folder. As a temp measure we have allowed the service account to access the fileshare

 

Best regards

0 Likes
Like
Hen David
Microsoft
‎Jan 22 2021 04:05 AM
‎Jan 22 2021 04:05 AM

@ChristopheHumbert got it.

Can you please raise a support ticket on this?

0 Likes
Like
Version history
Last update:
‎May 11 2021 02:04 PM
Updated by: