Have already opened a SR, but it's not going well so far. Perhaps someone here will have insight!
I've installed two on-prem scanners, which are communicating fine with Azure and the repository. Feel confident the scanner job is configured correctly to work with DLP policy. Enforce = On.
We are doing a very simple test with a DLP policy (configured in Purview) that looks for files with certain sensitivity labels. No action configured, it just emails admin and me. I made sure that the scanner service account is in the scope for the published information protection label policy. Also made sure a few Word documents were out there with the right sensitivity labels checked. The AIP SuperUser role has not been enabled.
This error appears in the scanner log:
Warn 2023-02-01 10:27:32.8691 MSIP.Scanner MSIP.Scanner (11824) Rule: <DLP Policy Rule> contains unsupported action <domain\service account> 7 "Microsoft.InformationProtection.Scanner.ScannerService+<StartScanning>d__42.MoveNext
Microsoft.InformationProtection.Scanner.ScannerService.DownloadDlpPolicy
System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start
Microsoft.InformationProtection.Scanner.ScannerService+<DownloadDlpPolicy>d__34.MoveNext
Microsoft.InformationProtection.Scanner.DLP.DlpPolicy.LoadFromCache
Microsoft.InformationProtection.Scanner.DLP.DlpPolicy..ctor
Microsoft.InformationProtection.Scanner.DLP.DlpSinglePolicy..ctor
Microsoft.InformationProtection.Scanner.DLP.RuleParser.LoadStream
Microsoft.InformationProtection.Scanner.DLP.RuleParser.ParseRules
Microsoft.InformationProtection.Scanner.DLP.RuleParser.ParseRule"
Any insight is greatly appreciated!