Avatar of Mark
Mark

asked on 

Azure Information Protection Scanner - Server Nodes not being added in Azure

Hi, having a problem with adding a scanner node in Azure Information Protection.

I've followed the Microsoft Docs on Setting up the server for using the Unified Labelling client, Installed SQL express etc.  

Ran Install-AIPscanner in powershell, that all seemed to go through successfully as the database and service were created (service created using a service account that is synced in Azure).

Went into Azure and followed the guide for creating the Application API and then ran the Powershell commands to create a security token using "onbehalfof" so the Scanner service account was associated with the token.

As far as i can tell that's all i needed to do for the Node to appear, yet the list is still empty, does anyone know at what point in the process the scanner should be added?
PowershellDatabasesAzureGolang

Avatar of undefined
Last Comment
Mark
Avatar of btan
btan

Wondering if the profile was done and any error
https://www.cloudsecuritea.com/2020/02/azure-information-protection-scanner-error-no-profiles-found/?cn-reloaded=1 
Thereafter is to config AIP profile.

Once your profile is configured, you will notice that it shows “Nodes” set to 0. This will be set to 1 once you have fully installed the AIP Scanner client. In order to do so, you will require
  • A service principal account to be used to connect to the Azure Rights Management service non-interactively to protect or unprotect files. This is done using the Set_RMSServerAuthentication cmdlet.
  • Two applications registered in Azure Active Directory which will be used for the Set-AIPAuthentication cmdlet
    • A Web App/API application
    • A Native Application

A detailed set of steps to complete this configuration is available in this Microsoft doc. Once the service account and application registrations have been successfully created, you can run the Install-AIPScanner command in PowerShell where you will need to specify the SQL Server instance and the name of the profile created in the Azure portal. This will need to be done on every windows server hosting a client repository, meaning this will need to be done on any SharePoint server or Windows server that you are interested in collecting data from. An exception to this is when your target repositories are UNC paths, and all UNC paths are accessible from a single Windows server using the same local service account.

https://blog.stealthbits.com/using-the-azure-information-protection-aip-scanner-to-discover-sensitive-data/ 
ASKER CERTIFIED SOLUTION
Avatar of Mark
Mark

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Databases
Databases

Databases are organized collections of data, most commonly accessed through management systems including schemas, tables, queries and processes that allow users to enter and manipulate the information or utilize it in other fashions, such as with web applications or for reporting purposes.

62K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo