This might sound like a bad excuse for not writing up a whole blog post, but in fact I had planned to write a few words about the Azure Information Protection Scanner and the recently announced Azure Information Protection Analytics that provides a central reporting capability for the AIP Scanner. Those that have used the AIP Scanner before, will agree that, gathering scanner results data was quite tedious as you had to grab plain text files from the local system and then process them manually or though some home-brew scripting to visualize the results.
However since I prefer to produce value–add blog content and not just reproduce stuff, I did a little bit of research this evening prior writing down my blog post and found out that what I had intended to describe is already mostly available, especially with regards to automating the AIP Scanner installation and the Azure information Protection Analytics workspace setup. Therefore, I just turn this blog post into a brief summary of references that I’ve been using myself over the past months while working with the AIP Scanner. I hope it’s going to be useful for those that need a jump start into the topic.
If you haven’t deployed the AIP Scanner before, I recommend reading the official Microsoft documentation.
- Deploying the Azure Information Protection scanner to automatically classify and protect files
- Central reporting for Azure Information Protection
Real hands-on experience is described in the following articles:
- Installation, Configuration, and Usage of the AIP Scanner
- Full AIP Scanner Configuration (AIP Premium P1 Edition)
- Azure Information Protection Scanner
- Configuring AIP Scanner
Then there is a Microsoft Case description from Microsoft how they use the AIP scanner.
- Automating data protection with Azure Information Protection scanner
And finally, two articles that describe the recently announced Azure Information Protection Analytics. This is really a great enhancement as it now provides central logging for Azure Information Protection Scanner environments by storing the results into Azure Log Analytics.
- Cataloging your Sensitive Data with AIP, Even Before Configuring Labels!
The above article also contains some very cool PowerShell code to fully automate the creation of the AIP Service Account, Azure App registrations and token script generation. The manual process is described here.
- Data discovery, reporting and analytics for all your data with Microsoft Information Protection
Bonus tip: If you’re concerned about the costs for Azure Log Analytics, you can start with the FREE Tier plan, your data will only be retained for 30 days, but it will give you a god idea of how much log analytics usage you might be using, you can then later change the pricing tier to “per GB”.