Install-AIPScanner

Installs the Azure Information Protection scanner.

Syntax

Install-AIPScanner
       [-ServiceUserCredentials] <PSCredential>
       [-SqlServerInstance] <String>
       [-Profile <String>]
       [<CommonParameters>]

Description

The Install-AIPScanner cmdlet installs and configures the Azure Information Protection Scanner service on a computer running Windows Server 2016 or Windows Server 2012 R2. The Azure Information Protection scanner uses this service to scan files on data stores that use the Server Message Block (SMB) protocol, and on SharePoint on premises. By using the conditions that you configure for automatic classification in the Azure Information Protection policy, files that this scanner discovers can then be labeled. Labels apply classification, and optionally, apply protection or remove protection.

For more information about how to configure the Azure Information Protection policy, see Configuring the Azure Information Protection policy.

You must run this cmdlet before you run any other cmdlet for the Azure Information Protection scanner.

The command creates a Windows service named Azure Information Protection Scanner. It also creates and configures a database on SQL Server to store configuration and operational information for the scanner. The service that you specify to run the scanner is automatically granted the required rights to read and write to the database that is created. The default database name for the scanner is AIPScanner_<computer_name>. When you specify a profile name by using the Profile parameter, the database name for the scanner changes to AIPScanner_<profile_name>.

To run this command, you must have local administrator rights for the Windows Server computer, and Sysadmin rights on the instance of SQL Server that you will use for the scanner.

After you have run this command, use the Azure portal to configure the settings in the scanner profile and specify the data repositories to scan. Before you run the scanner, you must run the Set-AIPAuthentication cmdlet one time to sign in to Azure AD for authentication and authorization.

For step-by-step instructions to install, configure, and use the scanner, see Deploying the Azure Information Protection scanner to automatically classify and protect files.

The scanner is not currently supported for the Azure Information Protection unified labeling client.

Examples

Example 1: Install the Azure Information Protection Scanner service by using a SQL Server instance and a customized database name

PS C:\> Install-AIPScanner -SqlServerInstance SQLSERVER1\AIPSCANNER -Profile EU

This command installs the Azure Information Protection Scanner service by using a SQL Server instance named AIPSCANNER, which runs on the server named SQLSERVER1. In addition, the installation creates a customized database name of AIPScanner_EU.

You are prompted to provide the Active Directory account details for the scanner service account. If an existing database named AIPScanner_EU isn't found on the specified SQL Server instance, a new database with this name is created to store the scanner configuration. The command displays the installation progress, where the install log is located, and the creation of the new Windows Application event log named Azure Information Protection Scanner

At the end of the output, you see The transacted install has completed.

Example 2: Install the Azure Information Protection Scanner service by using the SQL Server default instance

PS C:\> Install-AIPScanner -SqlServerInstance SQLSERVER1

This command installs the Azure Information Protection Scanner service by using the SQL Server default instance that runs on the server named SQLSERVER1. As with the previous example, you are prompted for credentials, and then the command displays the progress, where the install log is located, and the creation of the new Windows Application event log.

Example 3: Install the Azure Information Protection Scanner service by using SQL Server Express

PS C:\> Install-AIPScanner -SqlServerInstance SQLSERVER1\SQLEXPRESS

This command installs the Azure Information Protection Scanner service by using SQL Server Express that runs on the server named SQLSERVER1. As with the previous examples, you are prompted for credentials, and then the command displays the progress, where the install log is located, and the creation of the new Windows Application event log.

Parameters

-Profile

Specifies that the scanner uses a customized database name for its configuration. If this parameter is not specified, the default database name for the scanner is AIPScanner_<computer_name>. When you specify a profile name, the database name for the scanner changes to AIPScanner_<profile_name>.

If the database doesn't exist when the scanner is installed, the Install-AIPScanner command creates it.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ServiceUserCredentials

Specifies a PSCredential object for the service account to run the Azure Information Protection Scanner service. For the user name, use the following format: Domain\Username. You are prompted for a password.

To obtain a PSCredential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Cmdlet. If you do not specify this parameter, you are prompted for the user name and password.

This account must be an Active Directory account. For additional requirements, see Prerequisites for the Azure Information Protection scanner.

Type:PSCredential
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SqlServerInstance

Specifies the SQL Server instance on which to create a database for the Azure Information Protection scanner.

For information about the SQL Server requirements, see Prerequisites for the Azure Information Protection scanner.

For the default instance, specify the server name. For example: SQLSERVER1.

For a named instance, specify the server name and instance name. For example: SQLSERVER1\AIPSCANNER.

For SQL Server Express, specify the server name and SQLEXPRESS. For example: SQLSERVER1\SQLEXPRESS.

Type:String
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

System.Object