Start Free Trial

asked on 5/14/2020

Azure Information Protection Scanner - Server Nodes not being added in Azure

Hi, having a problem with adding a scanner node in Azure Information Protection.

I've followed the Microsoft Docs on Setting up the server for using the Unified Labelling client, Installed SQL express etc.

Ran Install-AIPscanner in powershell, that all seemed to go through successfully as the database and service were created (service created using a service account that is synced in Azure).

Went into Azure and followed the guide for creating the Application API and then ran the Powershell commands to create a security token using "onbehalfof" so the Scanner service account was associated with the token.

As far as i can tell that's all i needed to do for the Node to appear, yet the list is still empty, does anyone know at what point in the process the scanner should be added?

Powershell Databases Azure Golang

Last Comment

5/15/2020

5/14/2020

Wondering if the profile was done and any error
https://www.cloudsecuritea.com/2020/02/azure-information-protection-scanner-error-no-profiles-found/?cn-reloaded=1
Thereafter is to config AIP profile.

Once your profile is configured, you will notice that it shows “Nodes” set to 0. This will be set to 1 once you have fully installed the AIP Scanner client. In order to do so, you will require
A service principal account to be used to connect to the Azure Rights Management service non-interactively to protect or unprotect files. This is done using the Set_RMSServerAuthentication cmdlet.
Two applications registered in Azure Active Directory which will be used for the Set-AIPAuthentication cmdlet
A Web App/API application
A Native Application

A detailed set of steps to complete this configuration is available in this Microsoft doc. Once the service account and application registrations have been successfully created, you can run the Install-AIPScanner command in PowerShell where you will need to specify the SQL Server instance and the name of the profile created in the Azure portal. This will need to be done on every windows server hosting a client repository, meaning this will need to be done on any SharePoint server or Windows server that you are interested in collecting data from. An exception to this is when your target repositories are UNC paths, and all UNC paths are accessible from a single Windows server using the same local service account.

https://blog.stealthbits.com/using-the-azure-information-protection-aip-scanner-to-discover-sensitive-data/

ASKER CERTIFIED SOLUTION

5/15/2020

Blurred text

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

Databases

Databases are organized collections of data, most commonly accessed through management systems including schemas, tables, queries and processes that allow users to enter and manipulate the information or utilize it in other fashions, such as with web applications or for reporting purposes.

62K

Questions

--

Followers

--

Top Experts

Get a personalized solution from industry experts

Ask the experts

"Invaluable tool for our organization"
Josh Regalski
"This is the best money I have ever spent."
@rwheeler23
"Your help has saved me hundreds of hours of internet surfing."
@fblack61
"Just a dang good service!"
@golferski
"Worth every penny."
Steve Hougom
"It’s been a life saver."
Maria Halt
"Best support site I’ve seen!"
Bob Schneider
"I would be lost without them."
@fblack61
"Saved my job multiple times."
Walt Forbes
"I love this site."
Maria Duwe
"Friendly respectful help."
Andrew Kowtalo
"Such top-notch experts."
@magento
"The best money I have ever spent."
@rwheeler23
"Beyond any comprehensible value"
George Morris
"Invaluable tool for our organization"
Josh Regalski
"This is the best money I have ever spent."
@rwheeler23

Read over 600 more reviews

TRUSTED BY