SBD04 - AIP Scanner - Microsoft 365 Compliance
Vložit
- čas přidán 7. 06. 2024
- In this episode, we will walk you through the Azure Information Protection (AIP) Scanner architecture, recommendation, installation and configuration. We will also go through the AIP logs in the Log Analytics workspace. This AIP Scanner End-to-End demo will help you understanding the requirements, prerequisites and the expected results, when you are carrying out the data discovery tasks within your on-premises repositories.
Timestamps:
00:00 Introduction
00:27 Agenda
00:50 Previous Episode Recap
01:16 SBD Environment Recap
02:02 AIP Scanner Architecture - Overview
02:52 AIP Scanner Recommended Configuration
03:34 Walkthrough of Environment
05:40 AIP Scanner Installation Demo
07:16 AIP Scanner Configuration (Azure Portal) Demo
14:32 AIP Scanner Configuration (Scanner Machine) Demo
17:16 Authentication Configuration Demo
25:05 Verify Configuration Demo
25:54 Log Analytics Configuration Demo
27:26 Data Discovery Demo
31:10 SBD Requirements Update
33:32 Outro
Excellent Demo. This is the only video that covers everything. Thank you.
Glad it was helpful! Thanks so much.
this was a very comprehensive demo. Thanks for being so thorough.
Thanks for watching and for your feedback!!
Agree with Dean - this was a incredibly thorough demo. Thanks
Thanks very much for your feedback, greatly appreciated.
I'm with you, pineapple and pizza is nothing I want to have either
Thanks for the great explanation about the AIP scanner configuration
Thanks very much for your feedback, greatly appreciated!
When I get to the step at 22:54 to set the AIP authentication I get this message "Set-AIPAuthentication : Unable to authenticate and setup Microsoft Azure Information Protection". I've researched, gone over the steps several times, still get this error. Any ideas?
Here's something that no one gives a clear description. The scanner agent MUST be installed on the server where you want to SCAN files. In other words, you must install the scanner agent on the on-premises file server(s) or the share point server(s). By installing the scanner agent on the file server, then it will be listed on the Azure portal as a Node.
Am I correct in thinking the log analytics section of this demonstration now deprecated in favour of the Purview portal?
Yes that is correct. All the logs now are moved to Purview Activity Explorer
I do all steps without any problem up until "Acquired access token on behalf of..." but I don't see any scanner under nodes. Can you help, please?
Thanks for the question. It will be hard to say without investigating. Maybe checking the logs and ensure the AIP service is running.
In the discovery phase, can it detect information if the file is a scanned PDF and not a form? Example, If I scan a SS card, will it detect that it has a SS#?
are you referring to OCR?, if yes, then not yet :)
Can the AIP Scanner capability be extended to one drive, Teams and Sharepoint online ?
Thanks for the question. Content Explorer is the feature responsible for data discovery for cloud workload. we have a demo'ed that as well.
@@m365compliance-scenariobas9 Thank you.
Hello Team,
Great videos,
AIP Scanner for on-premise
Content Explorer Cloud
quick question.
Can I discover data on Mobile devices?
Thanks for your coolest and feedback!. Unfortunately this is not supported yet in the MIP solution.
Why doesn't anyone explain which permissions the delegated account needs?
So what's the trick to getting this to work on a server other than the local one you built this demo on? Documentation from MSFT is lacking and every demo I've seen just shows it on 1 box which isn't that helpful for turning this PoC into an actual solution.
Thanks for your comment. What did you mean by "local"? as in on-prem server (physical) or a VM?. There was no real need to configure multiple boxes in the demo, however it is do-able for larger environments. Please elaborate on issues you are facing when configuring additional nodes in your case.
@@m365compliance-scenariobas9 so we did exactly as this video, the only difference is we put a SQLExpress instance on the demo box along with the scanner, not a separate SQL server or at least I assume that was a whole other SQL box in your demo. But I noticed out of my 3 repositories, (2 of which are on another server on prem, same network, can talk etc) the other is on the local machine that is the node withthe scanner, it never scans the other servers file location. But it never errors out. I can't figure out what I am missing there, I also have 0 SQL knowledge being as this SQLExpress instance was my first experience so the issue is likely in the chair at this point.
There could be a file-share permission issue, have you checked event logs? AIP client logs on the AIP server?. how about SQL logs? is the DB accessible to the AIP service? can you see AIP token issued?. As you can see there are a lot of moving parts and place you can look at for further troubleshooting.
Almost irrelevant now that AIP is in Purview and no longer in Azure portal.