AIP scanner not labelling the files on file share

Pa_D 1,071 Reputation points

We configured the scanner which is scanning the files and status of scan job is healthy. But is not labelling the files when we turned on Enforce setting on scan job.

One other clue we noticed is, the log file does not show that enforce is set to On (even though we have kept is ON in scan job)

Here is the output of log file,
Scan started at: 2021-02-24 01:11:58Z
Scan ended at: 2021-02-24 01:13:58Z
Scan duration: 0 days, 0 hours, 1 minutes, 59 seconds
Scan id: 81e1058b-5fb0-4ef4-9d33-b0cb2968a01f

Repository: \aip-fs05\mis. Enforce mode is Off

Scanned files:166802

Remove label:0
Remove protection:0

Skipped due to - No match:0
Skipped due to - Not supported:0
Skipped due to - Already labeled:0
Skipped due to - Already scanned:128710
Skipped due to - Require justification:0
Skipped due to - Unknown reason:0
Skipped due to - Excluded:38092
Skipped due to - Attribute:0


Here is scan job configuration, (Here you can see "Enforce" is set to ON)


This is the AIP label setting

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
525 questions
0 comments No comments
{count} vote

Accepted answer
  1. JamesTran-MSFT 36,506 Reputation points Microsoft Employee

    Thank you for the detailed post!

    While researching your issue, I found a similar Tech Community question which looks like it might be what you're experiencing. I'll post the customer's solution below:


    If this doesn't help resolve your issue, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

1 additional answer

Sort by: Most helpful
  1. Shim Kwan 281 Reputation points


    How far did you get with MS Support?

    We have a simple AIP Policy and labeling is "enforced", the AIP scanner logs clearly show PCI DSS data detected, but the AIP Scanner does not label anything.
    Not even a default label is being applied by the AIP Scanner.


    0 comments No comments