The scanner doesn't apply visual markings to documents. See the following from https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#when-office-apps-apply-content-marking-and-encryption
Solutions that apply sensitivity labels to files outside Office apps do so by applying labeling metadata to the file. In this scenario, content marking from the label's configuration isn't inserted into the file but encryption is applied.
When those files are opened in an Office desktop app, the content markings are automatically applied by the Azure Information Protection unified labeling client when the file is first saved. The content markings are not automatically applied when you use built-in labeling for desktop, mobile, or web apps.
Scenarios that include applying a sensitivity label outside Office apps include:
- The scanner, File Explorer, and PowerShell from the Azure Information Protection unified labeling client
- Auto-labeling policies for SharePoint and OneDrive
- Exported labeled and encrypted data from Power BI
- Microsoft Cloud App Security
For these scenarios, using their Office apps, a user with built-in labeling can apply the label's content markings by temporarily removing or replacing the current label and then reapplying the original label.