More Fun with the AIP Scanner (EMS E3/AIP P1 Capabilities)

The Scenario:

So you recently read my post about configuring the Azure Information Protection Scanner and love the capabilities, but alas, you only have EMS E3/AIP P1 licensing so you can't use the AIP Scanner since Automatic Labeling is an EMS E5/AIP P2 feature, right? Well, almost.  It has recently been brought to my attention that there is one Automatic label that is available to EMS E3/AIP P1, and that is the Default Label.  A default label is used to make it easier to start classifying all of your data and is typically set to a non-protected (unencrypted) label such as General so as not to upset standard business processes.

However, the designers of the AIP Scanner are AWESOME and decided that you could assign a different default label for each AIP Repository!  This means that if you want to use your Confidential (or HR Only, Legal Only....) label as the default label for a specific repository, you can do just that!  So, you can stand up an AIP Scanner instance and use it to apply a label to an entire folder on a file share or specific on prem SharePoint document list/library and everything in that folder/library will be classified, labeled, and protected with that label.

The Solution: do we make this amazing functionality happen?? Simple! First, make sure you have the AIP Scanner fully deployed up to the point where you are ready to add repositories (see my previous blog if you need help here) and then use the PowerShell command below to add your repository (using fake values for the repository and label details, change the red items).

PS C:\> Add-AIPScannerRepository -Path \\NAS\HR -SetDefaultLabel On -DefaultLabelId f018e9e7-0cfc-4c69-b27a-ac3cb7df43cc -OverrideLabel On -DefaultOwner ""

Note that we are also setting OverrideLabel to On and assigning a default owner that will have full control of the documents.  This command is actually stolen from fully documented at and as always, if that page is updated it is authoritative over any content here.

And that is it!  Now you can start using the AIP Scanner to classify, label, and protect entire file shares and on prem SharePoint libraries with only an EMS E3/AIP P1 license!  Please leave comments below and rate to let me know if you enjoy my posts.

The rest of my content can be found at



Comments (0)

Skip to main content