Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,342 questions
Sensitive Information Type targeted scan using Purview Information Protection Scanner
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKH%3C/text%3E%3C/svg%3E)
Khang Ho
0
Reputation points
Hello,
I'm currently have a Purview Information Protection scanner running to scan for sensitive information type in discovery mode with the "Info types to be discovered" set to all. However, i'm looking to change that to only SSN by changing the "info types to be discovered" to "policy only".
I have a auto-labeling policy for exchange (since there is no option for on-prem shared drives) that only look for SSN. My understanding is that this is where the on-prem scanner would reference the specific sensitive information type to look for, but I've been getting the following error when changing the "info types to be discovered" to "policy only".
"Error: Policy doesn't include any automatic labeling condition". I'm not quite sure why its happening because I do have a condition turned on.
Please let me know if I might have missed something
Thanks for your help!
{count} votes
-
PRADEEPCHEEKATLA-MSFT 85,511 Reputation points Microsoft Employee2024-07-17T05:46:08.66+00:00 @Khang Ho - Thanks for the question and using MS Q&A platform.
It seems like you are trying to change the "info types to be discovered" setting in your Purview Information Protection scanner to only scan for SSN using your auto-labeling policy. However, you are encountering an error message that says "Error: Policy doesn't include any automatic labeling condition".
Based on the error message, it seems like the auto-labeling policy you have created does not have any automatic labeling conditions set up for it. To resolve this issue, you will need to make sure that your auto-labeling policy has at least one automatic labeling condition set up for it.
Here are the steps you can follow to set up automatic labeling conditions for your auto-labeling policy:
- Sign in to the Microsoft 365 compliance center with your admin credentials.
- Go to the "Sensitivity" page and select "Auto-labeling policies".
- Select the auto-labeling policy you want to edit.
- Under "Automatic labeling conditions", select "Add a condition".
- In the "Add a condition" pane, select "Sensitive information types".
- In the "Sensitive information types" pane, select "Add a sensitive information type".
- In the "Add a sensitive information type" pane, select "SSN" from the list of available sensitive information types.
- Select "Done" to save your changes.
Once you have set up at least one automatic labeling condition for your auto-labeling policy, you should be able to change the "info types to be discovered" setting in your Purview Information Protection scanner to "policy only" without encountering the "Error: Policy doesn't include any automatic labeling condition" message.
I hope this helps! Let me know if you have any further questions.
-
Khang Ho 0 Reputation points
2024-07-17T15:14:23.72+00:00 Good morning, I appreciate your help with this.
After following your instructions, and trying to start the scan a few times, I am still getting a similar error
I currently have a auto-labeling policy turned on with a condition to only look for SSN (please see the attached image). Since it "on-prem drives" isn't an option, I just use exchange email. I think that would be fine (please let me know if that could be an issue).
I have also attached my current setting for my content scan job. We're only interested in discovering SSN in our environment so everything is off.
If you have suggestions on what I should check for, please let me know.
-
Khang Ho 0 Reputation points
2024-07-17T15:41:53.68+00:00 good m
-
PRADEEPCHEEKATLA-MSFT 85,511 Reputation points Microsoft Employee
2024-07-18T05:33:08.12+00:00 @Khang Ho Thank you for providing more information. Based on the screenshot you provided, it looks like you have correctly configured your auto-labeling policy to only look for SSN. However, it's possible that there may be an issue with the configuration of your content scan job.
In your content scan job settings, you have disabled all of the "Info types to be discovered" options. This means that the scanner will not scan for any sensitive information types, including SSN. To scan for SSN, you will need to enable the "SSN" option under "Info types to be discovered".
Additionally, it's worth noting that the "Exchange email" option you have selected as the data source for your auto-labeling policy may not be sufficient for scanning on-premises shared drives. You may want to consider using a different data source, such as "File share", to ensure that your scanner is able to scan all of the relevant data sources in your environment.
Once you have updated your content scan job settings to include the "SSN" option and confirmed that your data source is correctly configured, you should be able to start the scan without encountering any errors. If you continue to experience issues, please let me know and I can help you troubleshoot further.
-
Khang Ho 0 Reputation points
2024-07-18T14:19:39.7266667+00:00 Good morning,
When you said the option "Info types to be discovered" only have 2 options, "All" and "Policy only" so i'm not sure where I would enable the "SSN" option inside content scan job. If you meant to said to have the option "label file based on content" enabled then yes, I have enabled that.
About your second point, there is no option for "file share", no i'm not sure how I would configure that.
Thanks,
Khang
-
PRADEEPCHEEKATLA-MSFT 85,511 Reputation points Microsoft Employee
2024-07-22T04:44:18.3966667+00:00 @Khang Ho - I agree that this issue looks strange and I wasn't able to reproduce this issue. If you have a support plan could you please file a support ticket for deeper investigation and do share the SR# with us?
-
Khang Ho 0 Reputation points
2024-07-22T14:19:20.92+00:00 Good morning,
Yes, I just opened a support ticket. SR# 2407220040005546
Thank you for your help with this.
-
PRADEEPCHEEKATLA-MSFT 85,511 Reputation points Microsoft Employee
2024-07-23T05:12:15.9533333+00:00 @Khang Ho - Thanks for sharing the support request number.
Once the issue has been resolved, please do consider sharing the solution, which might be beneficial to other community members reading this thread.
Sign in to comment