Azure Information Protection Scanner

When you have configured your Azure Information Protection policy for labels that apply automatic classification, files that this scanner discovers can then be labeled. Labels apply classification, and optionally, apply for protection or remove protection.
The scanner can inspect any files that Windows can index, by using iFilters that are installed on the computer. Then, to determine if the files need labeling, the scanner uses the Office 365 built-in data loss prevention (DLP) sensitivity information types and pattern detection, or Office 365 regex patterns. Because the scanner uses the Azure Information Protection client, it can classify and protect the same file types.

 Scanner Prerequisites

• Windows Server 2016 or Windows Server 2012 R2.
• fast and reliable network connection to the data stores to be scanned
• Make sure that this computer has the Internet connectivity that it needs for Azure Information Protection
• SQL Server 2012 is the minimum version ( Standard, Enterprise)
• SQL Server to store the scanner configuration:
  • Local or remote instance
  • Sysadmin role to install the scanner
• Service account to run the scanner service
  • Log on locally right
  • Log on as a service
• Permissions to the data repositories: You must grant Read and Write permissions for scanning the files and then applying for classification and protection
• To ensure that the scanner always has access to protected files, make this account a superuser for the Azure Rights Management service, and ensure that the superuser feature is enabled.
• The Azure Information Protection client is installed, Do not install the client with just the PowerShell module.
• Configured labels that apply automatic classification, and optionally, protection