Set-AIPScannerConfiguration

Relevant for: AIP unified labeling and classic clients

Sets optional configuration for the Azure Information Protection scanner.

Syntax

Set-AIPScannerConfiguration
   [-ReportLevel <ReportLevel>]
   [-OnlineConfiguration <OnlineConfiguration>]
   [<CommonParameters>]

Description

The Set-AIPScannerConfiguration cmdlet sets local configuration settings for the Azure Information Protection scanner.

You configure most of the scanner configuration settings in the Azure portal, but must use this cmdlet if you need to import configuration settings from a file because the scanner cannot support online configuration, or if you need to change the report level for the locally created reports.

Any changes will be used the next time the scanner runs. If you need the changes to take effect immediately, restart the Azure Information Protection Scanner service on the Windows server computer.

Note

To provide a unified and streamlined customer experience, the Azure Information Protection classic client and Label Management in the Azure Portal are deprecated as of March 31, 2021. While the classic client continues to work as configured, no further support is provided, and maintenance versions will no longer be released for the classic client.

We recommend that you migrate to unified labeling and upgrade to the unified labeling client. Learn more in our recent deprecation blog.

Examples

Example 1: Set the Azure Information Protection scanner to use online configuration

PS C:\> Set-AIPScannerConfiguration -OnlineConfiguration On

Configuration was set successfully.

This command sets the scanner to get its configuration directly from the Azure Information Protection service.

Parameters

-OnlineConfiguration

Specifies whether the scanner gets its configuration settings directly from the Azure Information Protection service (the default), or uses an offline configuration file.

  • On: The default setting. The scanner gets its configuration settings directly from the Azure Information Protection service.

  • Off: The scanner is prevented from getting its configuration settings directly from the Azure Information Protection service. Instead, the scanner is configured by settings that you import from a file.

If the scanner cannot support online configuration, you must still configure the scanner in the Azure portal. Then, export the scanner configuration from the portal to a .json file and import this file by using the Import-AIPScannerConfiguration cmdlet.

Type:OnlineConfiguration
Position:named
Accept pipeline input:False
Accept wildcard characters:False
-ReportLevel

Define the level of logging for the scanner reports. By default, only files that are successfully labeled by the scanner or contain sensitive information types are included in the log file.

Log files are stored in the %localappdata%\Microsoft\MSIP\Scanner\Reports folder. A summary report (.txt) includes the time taken to scan, the number of scanned files, and statistics of how many files were classified and protected. Detailed reports (.csv) has details for each file. The folder stores up to 60 reports for each scanning cycle and all but the latest report is compressed to help minimize the required disk space.

Log level Description
Debug Logs every file that was discovered and the resulting action. This level of logging is useful for troubleshooting but slows down the Azure Information Protection scanner. This category includes files that don't meet any of the conditions and files that are skipped because of an unsupported file type.
For example, trying to label a file for classification-only when the file type doesn't support this action, and trying to label files that are automatically excluded.

For more information, see the following information from the admin guides:
- Unified labeling client
- Classic client
Info (Default) Logs only the files that:
- Were successfully labeled by the scanner
- Would have been labeled by the scanner, if the scanner was not in discovery mode
- Contain sensitive information types
Error Logs only the files that the scanner attempted to label or identify but could not. For example, a file was in use, or the scanner service did not have write access to the file.
Off Disables reporting, which results in the best performance for the scanner.

The local Windows Applications and Services event log, Azure Information Protection contains additional logging information. The events include the start and end times for each scanning cycle, when a scanned file has a label applied, and when protection is applied or removed. For more information, see Event log IDs and descriptions for the scanner.

Type:ReportLevel
Accepted values:Off, Debug, Info, Error
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

System.Object