From 34eab4bf3001db2686f1d5b01424136c7dbd4677 Mon Sep 17 00:00:00 2001 From: KC Cross Date: Wed, 10 Apr 2024 13:01:33 -0700 Subject: [PATCH 1/2] Adding new module for MIP purviewinformationprotection module added to repo --- informationprotection/docfx.json | 87 +++ .../docs-conceptual/index.md | 12 + .../docs-conceptual/intro.md | 9 + informationprotection/docs-conceptual/toc.yml | 5 + .../Add-ScannerRepository.md | 398 +++++++++++++ .../Clear-Authentication.md | 58 ++ .../Export-DebugLogs.md | 93 +++ .../Get-FileStatus.md | 133 +++++ .../Get-ScanStatus.md | 177 ++++++ .../Get-ScannerConfiguration.md | 76 +++ .../Get-ScannerContentScan.md | 105 ++++ .../Get-ScannerRepository.md | 136 +++++ .../Import-ScannerConfiguration.md | 99 ++++ .../Install-Scanner.md | 285 +++++++++ .../New-CustomPermissions.md | 109 ++++ .../PurviewInformationProtection.md | 369 ++++++++++++ .../Remove-FileLabel.md | 212 +++++++ .../Remove-ScannerContentScan.md | 92 +++ .../Remove-ScannerRepository.md | 126 ++++ .../Set-Authentication.md | 181 ++++++ .../Set-FileLabel.md | 543 ++++++++++++++++++ .../Set-ScannerConfiguration.md | 109 ++++ .../Set-ScannerContentScan.md | 415 +++++++++++++ .../Set-ScannerDatabase.md | 219 +++++++ .../Set-ScannerRepository.md | 395 +++++++++++++ .../Start-Scan.md | 102 ++++ .../Start-ScannerDiagnostics.md | 144 +++++ .../purviewinformationprotection/Stop-Scan.md | 48 ++ .../Uninstall-Scanner.md | 68 +++ .../Update-ScannerDatabase.md | 125 ++++ .../mapping/monikerMapping.json | 11 + 31 files changed, 4941 insertions(+) create mode 100644 informationprotection/docfx.json create mode 100644 informationprotection/docs-conceptual/index.md create mode 100644 informationprotection/docs-conceptual/intro.md create mode 100644 informationprotection/docs-conceptual/toc.yml create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Clear-Authentication.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Export-DebugLogs.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Get-FileStatus.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScanStatus.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Install-Scanner.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/New-CustomPermissions.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Remove-FileLabel.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Set-Authentication.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Set-FileLabel.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Start-Scan.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Stop-Scan.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md create mode 100644 informationprotection/informationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md create mode 100644 informationprotection/mapping/monikerMapping.json diff --git a/informationprotection/docfx.json b/informationprotection/docfx.json new file mode 100644 index 0000000000..025b927d0f --- /dev/null +++ b/informationprotection/docfx.json @@ -0,0 +1,87 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md" + ], + "src": "docs-conceptual", + "version": "officewebapps-ps", + "dest": "officewebapps", + "exclude": [ + "**/obj/**", + "**/includes/**", + "README.md", + "LICENSE", + "LICENSE-CODE", + "ThirdPartyNotices" + ] + }, + { + "files": [ + "toc.yml" + ], + "src": "docs-conceptual", + "version": "officewebapps-ps", + "dest": "officewebapps/officewebapps-ps" + }, + { + "files": [ + "**/*.yml" + ], + "exclude": [ + "toc.yml" + ], + "src": "officewebapps-ps", + "version": "officewebapps-ps", + "dest": "module" + }, + { + "files": [ + "toc.yml" + ], + "src": "officewebapps-ps", + "version": "officewebapps-ps", + "dest": "module/officewebapps-ps" + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "**/includes/**" + ] + } + ], + "versions": { + "officewebapps-ps": { + "dest": "officewebapps-ps" + } + }, + "overwrite": [], + "externalReference": [], + "globalMetadata": { + "ms.service": "office-online-server-powershell", + "uhfHeaderId": "MSDocsHeader-Dev_Office", + "author": "serdarsoysal", + "ms.author": "mikeplum", + "manager": "laurawi", + "ms.date": "11/28/2017", + "ms.topic": "reference", + "products": [ + "https://authoring-docs-microsoft.poolparty.biz/devrel/e87e9701-158d-46fb-8165-fb54b7c45d88", + "https://authoring-docs-microsoft.poolparty.biz/devrel/8bce367e-2e90-4b56-9ed5-5e4e9f3a2dc3" + ], + "ms.devlang": "powershell", + "feedback_system": "Standard", + "feedback_product_url": "https://github.com/MicrosoftDocs/office-docs-powershell/issues" + }, + "fileMetadata": {}, + "template": [], + "dest": "officewebapps-ps" + } +} \ No newline at end of file diff --git a/informationprotection/docs-conceptual/index.md b/informationprotection/docs-conceptual/index.md new file mode 100644 index 0000000000..837c7b7e1e --- /dev/null +++ b/informationprotection/docs-conceptual/index.md @@ -0,0 +1,12 @@ +--- +title: Microsoft Purview Information Protection cmdlet help reference +description: "Learn about the Microsoft Purview Information Protection cmdlet help reference." +--- + +# Microsoft Purview Information Protection client cmdlet help reference + +Welcome to the Microsoft Purview Information Protection **Help** reference. The Purview Information Protection cmdlets provide the command line interface for administration and management. + +Here, you will find all of the Microsoft Purview Information Protection PowerShell **Help** topics. These topics are 'open source' and open for contributions. If you are interested in contributing to this content, go to the source GitHub repo and look through the README. + +The repo is located here: and you can find the README displayed at the bottom of the page. diff --git a/informationprotection/docs-conceptual/intro.md b/informationprotection/docs-conceptual/intro.md new file mode 100644 index 0000000000..068939a7f0 --- /dev/null +++ b/informationprotection/docs-conceptual/intro.md @@ -0,0 +1,9 @@ +--- +title: Microsoft Purview Information Protection cmdlet reference +--- + +# Microsoft Purview Information Protection cmdlet reference +Welcome to the Microsoft Purview Information Protection cmdlet reference. The Office Online Server cmdlets provide the command line interface for administration and management. + +Here you will find all of the Microsoft Purview Information Protection PowerShell help topics. These topics are 'open source' and open for contributions. If you are interested in contributing to this content head over to the source GitHub repo and look through the README. +The repo is located here: https://github.com/microsoftdocs/office-docs-powershell and you can find the README displayed at the bottom of the page. diff --git a/informationprotection/docs-conceptual/toc.yml b/informationprotection/docs-conceptual/toc.yml new file mode 100644 index 0000000000..2f726b4da1 --- /dev/null +++ b/informationprotection/docs-conceptual/toc.yml @@ -0,0 +1,5 @@ +- name: Overview + href: index.md + items: + - name: Introduction + href: intro.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md new file mode 100644 index 0000000000..906e263814 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md @@ -0,0 +1,398 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258951 +schema: 1.0.0 +--- + +# Add-ScannerRepository + +## SYNOPSIS +Adds a repository to a Microsoft Purview Information Protection scanner content scan job. + +## SYNTAX + +``` PowerShell +Add-ScannerRepository -Path [-OverrideContentScanJob ] [-EnableDlp ] + [-Enforce ] [-LabelFilesByContent ] [-RelabelFiles ] + [-AllowLabelDowngrade ] [-EnforceDefaultLabel ] [-DefaultLabelType ] + [-DefaultLabelId ] [-DefaultOwner ] [-RepositoryOwner ] + [-PreserveFileDetails ] [-IncludeFileTypes ] [-ExcludeFileTypes ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +Adds a repository for your content scan job to scan. + +## EXAMPLES + +### Example 1 Add a new repository using the configured content scan jobs settings +```powershell +PS C:\WINDOWS\system32> Add-ScannerRepository -Path 'c:\repoToScan' +``` + +This example adds the **repoToScan** repository to your content scan job, using the content scan job's current settings. + +### Example 2 Add a new repository, overriding the content scan job's current settings + +```powershell +PS C:\WINDOWS\system32> Add-ScannerRepository -Path 'c:\repoToScan' -OverrideContentScanJob On -Enforce On -DefaultOwner 'ms@gmail.com' +``` + +This example adds the **repoToScan** repository to your content scan job, overriding the currently configured content scan job settings. + +### Example 3 Add a new repository, excluding .msg and .tmp files + +```powershell +PS C:\WINDOWS\system32> Add-ScannerRepository -Path 'c:\repoToScan' -OverrideContentScanJob On -IncludeFileTypes '' -ExcludeFileTypes '.msg,.tmp' +``` + +This example defines a content scan job that includes all file types except for .msg and .tmp files. + +## PARAMETERS + +### -AllowLabelDowngrade +Determines whether the content scan job allows for labeling downgrade actions. + +Relevant only when the following parameters are set to **on:** + +- **OverrideContentScanJob** +- **RelabelFiles** + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultLabelId +Defines the ID of the default label used when automatically labeling content with a default label. + +- Mandatory if the **DefaultLabelType** parameter is set to **custom**. + +- Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + + +```yaml +Type: Guid +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultLabelType +Determines the type of default label used when automatically labeling content with a default label. + +When used, define the label ID you want to use as the default ID using the **DefaultLabelId** parameter. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + + +```yaml +Type: DefaultLabelType +Parameter Sets: (All) +Aliases: +Accepted values: None, PolicyDefault, Custom + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultOwner +Defines the default owner value used for the files scanned, using the account email address. By default, this is the scanner account. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableDlp +Determines whether the content scan job uses the Microsoft Purview data loss prevention (DLP) sensitivity information types when scanning your content. + +> [!TIP] +> If you configure this parameter, you may also want to configure a specific repository owner using the **RepositoryOwner** parameter. +> + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enforce +Determines whether the content scan job enforces content scanning and labeling according to your policy. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnforceDefaultLabel +Determines whether using a default label is always used when relabeling content. + +Relevant only when the following parameters are set to **on:** + +- **RelabelFiles** +- **OverrideContentScanJob** + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExcludeFileTypes +Determines any file types that are ignored during your content scan job. Define multiple file types using a comma-separated list. + +If you define this parameter, define the **IncludeFileTypes** parameter as null. For example, see **Example 3** above. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeFileTypes +Explicitly determines the file types that are scanned by your content scan job. Define multiple file types using a comma-separated list. + +If you define this parameter, define the **ExcludeFileTypes** parameter as null. For example, see **Example 3** above. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LabelFilesByContent +Determines whether the **Label files based on content** content scan job option is enabled or disabled. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OverrideContentScanJob +Determines whether the settings for this repository override the settings defined for the content scan job. + +If set to **On**, define any settings you want to override using additional parameters. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Defines the path to the repository you want to add to the content scan job. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreserveFileDetails +Determines whether the file details, including the date modified, last modified, and modified by settings are preserved while scanning and auto-labeling. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelabelFiles +Determines whether the content scan job is allowed to relabel files. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RepositoryOwner +Specifies the SAMAccountname (**domain\user**), UPN (**user@domain**), or SID of a group that owns the repository. + +The owners are granted full control permissions on the file if the permissions on the file are changed by a matched DLP rule. + +Relevant only when the following parameters are set to **on**. + +- **OverrideContentScanJob** +- **EnableDlp** + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Get-ScannerContentScan](Get-ScannerContentScan.md) + +- [Get-ScannerRepository](Get-ScannerRepository.md) + +- [Remove-ScannerContentScan](Remove-ScannerContentScan.md) + +- [Remove-ScannerRepository](Remove-ScannerRepository.md) + +- [Set-ScannerContentScan](Set-ScannerContentScan.md) + +- [Set-ScannerRepository](Set-ScannerRepository.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Clear-Authentication.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Clear-Authentication.md new file mode 100644 index 0000000000..89930523f9 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Clear-Authentication.md @@ -0,0 +1,58 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258497 +schema: 1.0.0 +--- + +# Clear-Authentication + +## SYNOPSIS +Clears the user settings and RMS templates for the current user. + +## SYNTAX + +``` +Clear-Authentication [] +``` + +## DESCRIPTION +The Clear-AIPAuthentication cmdlet resets the user settings for the Azure Rights Management service. + +- Files in **%LocalAppData%\Microsoft\MSIP\AppDetails** are not deleted if you authenticate by using a token from Azure AD when you run Set-Authentication. + +- All Rights Management templates from the **%LocalAppData%\Microsoft\MSIPC\msip** folder are deleted for the current user. + +- Rights Management templates are not deleted from the **%LocalAppData\Microsoft\MSIPC** folder that Office uses. + +For a list of files and registry entries that are deleted, see the the details about the **Reset Settings** option in the following admin guides: + +## EXAMPLES + +### Example 1 +``` +PS C:\> Clear-Authentication +``` + +This command is functionally the equivalent of selecting the **Reset Settings** from the Help and Feedback menu option, and deleting the templates. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. + +For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Set-Authentication](Set-Authentication.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Export-DebugLogs.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Export-DebugLogs.md new file mode 100644 index 0000000000..0efa013f3a --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Export-DebugLogs.md @@ -0,0 +1,93 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258759 +schema: 1.0.0 +--- + +# Export-DebugLogs + +## SYNOPSIS + +Gathers and exports Microsoft Purview Information Protection client and scanner log files to a compressed file. + +## SYNTAX + +``` +Export-DebugLogs [-FileName] [-OnBehalfOf ] [] +``` + +## DESCRIPTION +The **Export-DebugLogs** cmdlet gathers all client and scanner log files from **%localappdata%\Microsoft\MSIP\Logs** and saves them to a single, compressed file that has a **.zip** format. This file can then be sent to Microsoft Support if you are requested to send log files to help investigate a reported issue with the Microsoft Purview Information Protection client or scanner from this client. + +Use the *OnBehalfOf* parameter if you need to export log files from a service account. For example, an account that has been created to run non-interactively, such as the account for the MicrosoftPurview Information Protection scanner. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Export-DebugLogs -FileName C:\Logs\AIPLogs.zip +``` + +This command gathers and saves all exported logs to the AIPLogs.zip file in the existing **C:\Logs** folder. + +## PARAMETERS + +### -FileName + +The path and file name for the exported log files. + +The path can be local or a network path (mapped drive letter or UNC). + +Any folders in the path must already exist. If you specify a file name that already exists in the specified folder, the original file is overwritten. + +When you specify the file name, include the **.zip** file name extension. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OnBehalfOf + +To use this parameter, you must run your PowerShell session with the **Run as Administrator** option. + +Specifies the variable that includes the credentials object to use when you need to export log files from an account other than the account you are currently signed in with. For example, you need to collect log files for the service account that runs the Microsoft Purview Information Protection scanner. In this scenario, if the scanner is installed on the same computer as you're running this cmdlet, the log files also include some information from the scanner's configuration database. + +Use the [Get-Credentials](/powershell/module/Microsoft.PowerShell.Security/Get-Credential) cmdlet to create the variable that stores the credentials. + + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. + +For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-FileStatus.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-FileStatus.md new file mode 100644 index 0000000000..c8eba61fc4 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-FileStatus.md @@ -0,0 +1,133 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258952 +schema: 1.0.0 +--- + +# Get-FileStatus + +## SYNOPSIS +Gets the Microsoft Purview Information Protection label and protection information for a specified file or files. + +## SYNTAX + +``` +Get-FileStatus [-Path] [] +``` + +## DESCRIPTION +The **Get-FileStatus** cmdlet returns the status of a specified file or all files in a specified path. This status includes whether the file has a label, and if it does, the label name, who applied it, how it was applied, and when. + +If your files are stored in SharePoint Online, use the [Get-FileSensitivityLabelInfo](/powershell/module/sharepoint-online/get-filesensitivitylabelinfo) cmdlet from the **SharePointOnlinePowerShell** module instead. + +The status returned in the **Get-FileStatus** cmdlet also includes whether the file is protected by Rights Management, and if it is, what Rights Management template was used to apply this protection. If the file was protected with custom permissions (an ad-hoc rights policy) instead of a template, "Restricted Access" is displayed instead of the template name. In addition, the [Rights Management owner and Rights Management issuer](/information-protection/configure-usage-rights#rights-management-issuer-and-rights-management-owner) is displayed, and when the file was protected. + +This cmdlet returns label information from your own tenant only. + +Note that password-protected files always return the protection status of **False**. + +You can run this cmdlet non-interactively. + +## EXAMPLES + + +### Example 1: Get the label and protection status of a single file + +``` +PS C:\> Get-FileStatus -Path \\Finance\Projects\Project.docx + +FileName : \\Finance\Projects\Project.docx +IsLabeled : True +MainLabelId : 074e257c-1234-1234-1234-34a182080e71 +MainLabelName : Confidential +SubLabelId : d9f23ae3-1234-1234-1234-f515f824c57b +SubLabelName : Finance group +LabelingMethod : Privileged +LabelDate : 12/12/2016 12:24:36 PM +IsRMSProtected : True +RMSTemplateId : e6ee2481-1234-1234-1234-f744eacd53b0 +RMSTemplateName : Contoso - Confidential Finance +RMSOwner : John@Contoso.com +RMSIssuer : John@Contoso.com +ContentId : 4ca757d2-83bf-4ec3-b93b-c7fe9433bf33 +``` + +This command provides information about a file that is labeled as "Confidential \ Finance group", which is a label that is configured for your tenant. This file was labeled manually by John and it is also protected by using the Rights Management template, "Contoso - Confidential Finance". + +### Example 2: Get the label and protection status for all files in a folder and export the results to a CSV file +``` +PS C:\> Get-FileStatus -Path \\Finance\Projects\ | Export-Csv C:\Reports\Report.csv +``` + +This command gets the label and protection information of all files on the Finance server, in the Projects folder and any of its subfolders. The results are exported to the file named **Report.csv** so that they can be more easily searched and sorted. If a previous report exists in **C:\Reports\Report.csv**, it will be overwritten. + +### Example 3: List the files labeled "Confidential" and export the results to a CSV file +``` +PS C:\> Get-FileStatus -Path \\Finance\Projects\ | Where-Object {$_.MainLabelName -eq 'Confidential'} | Export-Csv C:\Reports\Report.csv +``` + +This command gets the label and protection information for just the files that are labeled "Confidential" (regardless of their sublabel) on the Finance server, in the Projects folder and any of its subfolders. The results are exported to the file named **Report.csv** so that they can be more easily searched and sorted. If a previous report exists in **C:\Reports\Report.csv**, it will be overwritten. + +### Example 4: Count of files with a "Confidential" label +``` +PS C:\> (Get-FileStatus -Path C:\Projects\ | Where-Object {$_.MainLabelName -eq 'Confidential'}).Count + +5 +``` + +This command provides the number of files with the "Confidential" label that are in the **C:\Projects** folder and any of its subfolders. In this example, 5 files are found. + +## PARAMETERS + +### -Path + +Specifies a local path, network path, or SharePoint Server URL to the files for which you want to get the label and protection information. Wildcards are not supported. + +For SharePoint paths, the following are supported: + +- SharePoint Server 2019 +- SharePoint Server 2016 +- SharePoint Server 2013 + +For example: + +- C:\Folder\ +- C:\Folder\Filename +- \\\Server\Folder +- http://sharepoint.contoso.com/Shared%20Documents/Folder + +Paths can include spaces when you enclose the path value with quotes. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: FullName, FileName + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. + +For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### Microsoft.InformationProtection.Powershell.AIP.Results.GetAIPFileStatusResult + +## NOTES + +## RELATED LINKS + +[Set-Authentication](Set-Authentication.md) + +[Set-FileLabel](Set-FileLabel.md) diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScanStatus.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScanStatus.md new file mode 100644 index 0000000000..bc67976af2 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScanStatus.md @@ -0,0 +1,177 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258954 +schema: 1.0.0 +--- + +# Get-ScanStatus + +## SYNOPSIS +Gets the current status of the service for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Get-ScanStatus [] +``` + +## DESCRIPTION + +The **Get-ScanStatus** cmdlet returns the following details about the current scanner cluster status: + +- **Cluster name** + +- **Cluster status**, including: + + - Offline: The service is not started + - Idle: The service is running but not currently scanning + - Scanning: The service is running and is currently scanning files + - Error. The scanner service is running but it has encountered an error that prevents it from scanning files. For example, the service cannot access the database for the scanner configuration. + +- **Scan start time**: The time the last scan started, in UTC time format. +- **Time from start**: The scanning duration, in the following format: `Days.HH:MM:SS` +- **Node information**: A list of the nodes in the scanner cluster + +To obtain further details, use one or both of the following methods: + +- Use the **NodesInfo** variable to view details about the current scanning status for each node. For more information, see the examples below. + +- Use the **Verbose** parameter to view details such as the number of scanned files, amount of data scanned, and details for each repository scanned. + + When using the **Verbose** parameter, drill down further to find more details for the repositories by using the **RepositoriesStatus** or the **CurrentScanSummary** variables. + + Possible repository statuses include: + + - **Skipped**, if the repository was skipped + - **Pending**, if the current scan has not yet started scanning the repository + - **Scanning**, if the current scan is running on the repository + - **Finished**, if the current scan has completed running on the repository + + + +For more information, see [Verify scanning details per scanner node and repository](/azure/information-protection/deploy-aip-scanner-tsg#verify-scanning-details-per-scanner-node-and-repository). + +## EXAMPLES + +### Example 1: Get the current status of the scanner service + +``` +PS C:\> Get-ScanStatus +Cluster : contoso-test +ClusterStatus : Scanning +StartTime : 03/10/2021 9:05:02 AM +TimeFromStart : 00:00:00:37 +NodesInfo : {t-contoso1-T298-corp.contoso.com,t-contoso2-T298-corp.contoso.com,t-contoso3-T298-corp.contoso.com} +``` + +This output shows that a scan is currently running on the `contoso-test` cluster, and was started 37 seconds ago, at 03/10/2021 9:05:02 AM. + +The output also shows that the `contoso-test` cluster has 3 nodes. + +### Example 2: Use the Verbose parameter to get data for the current scan + +``` +PS C:\> Get-ScanStatus -Verbose + +ScannedFiles MBScanned CurrentScanSummary RepositoriesStatus +------------ --------- ------------------ ------------------ + 2280 78478187 Microsoft.InformationProtection.Scanner.ScanSummaryData {​​​​​​{​​​​​​ Path = C:\temp, Status = Scanning }​​​​​​ +``` + +This output shows only a single repository. In cases of multiple repositories, each one will be listed separately. + +### Example 3: Use the NodesInfo variable to get details about the scanning status on each node + +```powershell +PS C:\> Get-ScanStatus + +Cluster : contoso-test +ClusterStatus : Scanning +StartTime : 12/22/2020 9:05:02 AM +TimeFromStart : 00:00:00:37 +NodesInfo : {t-contoso1-T298-corp.contoso.com,t-contoso2-T298-corp.contoso.com} + +PS C:\WINDOWS\system32> $x=Get-ScanStatus +PS C:\WINDOWS\system32> $x.NodesInfo + +NodeName Status IsScanning Summary +-------- -------- ---------- ------- +t-contoso1-T298-corp.contoso.com Scanning True Microsoft.InformationProtection.Scanner.ScanSummaryData +t-contoso2-T298-corp.contoso.com Scanning Pending Microsoft.InformationProtection.Scanner.ScanSummaryData + +PS C:\Windows\system32> $x.NodesInfo[0].Summary + + +ScannerID : t-contoso1-T298-corp.contoso.com +ScannedFiles : 2280 +FailedFiles : 0 +ScannedBytes : 78478187 +Classified : 0 +Labeled : 0 +.... +``` + +This output first displays details about the current scan status as well as a list of nodes in the cluster, and then details for each node, in a table. + +Further drilldown using the node integer shows a long list of details about the scan on the selected node, such as the number of scanned, classified, and labeled files, as well as the number of bytes scanned. + +When using the **NodesInfo** variable to drill down to node details, node integers start with **0**. + + +### Example 4: Use the Verbose parameter and the RepositoriesStatus variable + +```powershell +PS C:\Windows\system32> $x=Get-ScanStatus - Verbose +PS C:\Windows\system32> $x.RepositoriesStatus + +Path Status +---- ------ +C:\temp Scanning +``` + +The output shows the scan status for each repository configured for the content scan job. + +### Example 5: Use the Verbose parameter and the CurrentScanSummary variable + +```powershell +PS C:\Windows\system32> $x.CurrentScanSummary + + +ScannerID : +ScannedFiles : 2280 +FailedFiles : 0 +ScannedBytes : 78478187 +Classified : 0 +Labeled : 0 +.... +``` + +The output shows further details about the scan currently running, including the number of scanned, failed, classified, and labeled files, as well as the number of bytes scanned. + +## INPUTS + +### None + + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-Scan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md new file mode 100644 index 0000000000..01185c7165 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md @@ -0,0 +1,76 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2259002 +schema: 1.0.0 +--- + +# Get-ScannerConfiguration + +## SYNOPSIS +Gets the configuration settings for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Get-ScannerConfiguration [] +``` + +## DESCRIPTION +The **Get-ScannerConfiguration** cmdlet gets the configuration settings for the Microsoft Purview Information Protectionscanner. + +If you run [Import-ScannerConfiguration](./Import-ScannerConfiguration.md), this action automatically configures the scanner to get its configuration offline. As a result, when you run this Get-ScannerConfiguration cmdlet after importing settings from a file, **OnlineConfiguration** displays **Off**. + + +## EXAMPLES + +### Example 1: Gets the configuration for the Microsoft Purview Information Protection scanner +``` +PS C:\> Get-ScannerConfiguration +OnlineConfiguration : On +ReportLevel : Info +LogLevel : Trace +Cluster : contoso-test +SqlInstance : localhost\sqlexpress +DatabaseName : AIPScannerUL_contoso-test +Cloud : Commercial +``` + +This command gets the current PowerShell configuration settings for the Microsoft Purview Information Protection scanner. + +In this example, the output shows that the scanner is using the default configuration for online configuration, the report level of **Info**, and a logging level of **Trace**. The cluster name, SQL instance, and database names are listed, and the cloud type is **Commercial**. + + + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. + +For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-Scan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md new file mode 100644 index 0000000000..a082b21c9d --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md @@ -0,0 +1,105 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258675 +schema: 1.0.0 +--- + +# Get-ScannerContentScan + +## SYNOPSIS +Gets details about an Microsoft Purview Information Protection scanner content scan job. + +## SYNTAX + +``` +Get-ScannerContentScan [] +``` + +## DESCRIPTION +Returns a full list of all the parameters configured for the content scan job. + +For more information about content scan jobs, see the [Microsoft Purview Information Protection scanner](/information-protection/deploy-aip-scanner-configure-install#create-a-content-scan-job). + +## EXAMPLES + +### Example 1 Content scan job settings defined by PowerShell +```powershell +PS C:\WINDOWS\system32> Get-ScannerContentScan + +Schedule : Manual +DiscoverInformationTypes: All +RecommendedAsAutomatic : False +EnableDlp : Off +Enforce : On +LabelFilesByContent : On +RelabelFiles : Off +AllowLabelDowngrade : Off +EnforceDefaultLabel : Off +DefaultLabelType : PolicyDefault +DefaultLabelId : +DefaultOwner : Scanner +RepositoryOwner : +PreserveFileDetails : On +IncludeFileTypes : +ExcludeFileTypes : .lnk,.exe.,.com,.cmd,.bat,.dll,.ini,.sca,.drm,.sys,.cpl,.inf,.drv,.dat,.tmp,.msp,.msi,.pdb,.jar,.ocx,.rtf,.rar,.msg +Repositories: +c:\repoToScan1 +c:\repoToScan2 +``` + +This example shows a sample command and response when the content scan job has been configured via PowerShell. + +### Example 2 Content scan job settings defined by PowerShell +```powershell +PS C:\WINDOWS\system32> Get-ScannerContentScan + +Schedule : Manual +DiscoverInformationTypes: PolicyOnly +RecommendedAsAutomatic : False +EnableDlp : +Enforce : +LabelFilesByContent : +RelabelFiles : +AllowLabelDowngrade : +EnforceDefaultLabel : +DefaultLabelType : +DefaultLabelId : +DefaultOwner : +RepositoryOwner : +PreserveFileDetails : +IncludeFileTypes : +ExcludeFileTypes : +Repositories: +c:\repoToScan1 +``` + +This example shows a sample command and response when the content scan job has been configured by importing a file, or using the Microsoft Purview compliance portal. In this case, the individual content scan job parameters are not applicable, and do not return values. + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Add-ScannerRepository](Add-ScannerRepository.md) + +- [Get-ScannerRepository](Get-ScannerRepository.md) + +- [Remove-AIPScannerContentScanJob](Remove-AIPScannerContentScanJob.md) + +- [Remove-ScannerRepository](Remove-ScannerRepository.md) + +- [Set-ScannerContentScan](Set-ScannerContentScan.md) + +- [Set-ScannerRepository](Set-ScannerRepository.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md new file mode 100644 index 0000000000..dd00b10e2b --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md @@ -0,0 +1,136 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258676 +schema: 1.0.0 +--- + +# Get-ScannerRepository + +## SYNOPSIS +Gets repository data for an Microsoft Purview Information Protection scanner content scan job. + +## SYNTAX + +``` +Get-ScannerRepository [-Path ] [] +``` + +## DESCRIPTION +Gets a list of data repositories that the content scan job is configured to scan. + +For more information about content scan jobs, see the [Microsoft Purview Information Protection scanner documentation](/information-protection/deploy-aip-scanner-configure-install#create-a-content-scan-job). + +## EXAMPLES + +### Example 1 Get details for all repositories for the content scan job +```powershell +PS C:\WINDOWS\system32> Get-ScannerRepository + +Path: c:\repoToScan1 +OverrideContentScanJob: : Off +EnableDlp: Off +Enforce: On +LabelFilesByContent: On +RelabelFiles: Off +AllowLabelDowngrade: Off +EnforceDefaultLabel: Off +DefaultLabelType: PolicyDefault +DefaultLabelID: +DefaultOwner: Scanner +RepositoryOwner: +PreserveFileDetails: On +IncludeFileTypes: +ExcludeFileTypes : .lnk,.exe.,.com,.cmd,.bat,.dll,.ini,.sca,.drm,.sys,.cpl,.inf,.drv,.dat,.tmp,.msp,.msi,.pdb,.jar,.ocx,.rtf,.rar,.msg + +Path: c:\repoToScan2 +OverrideContentScanJob: : On +EnableDlp: Off +Enforce: Off +LabelFilesByContent: On +RelabelFiles: On +AllowLabelDowngrade: On +EnforceDefaultLabel: Off +DefaultLabelType: PolicyDefault +DefaultLabelID: +DefaultOwner: Scanner +RepositoryOwner: +PreserveFileDetails: On +IncludeFileTypes: +ExcludeFileTypes : .lnk,.exe.,.com,.cmd,.bat,.dll,.ini,.sca,.drm,.sys,.cpl,.inf,.drv,.dat,.tmp,.msp,.msi,.pdb,.jar,.ocx,.rtf,.rar,.msg + +``` + +This example shows a response that includes all repositories configured for the content scan job. + +### Example 2 Get details for a specific repository in the content scan job +```powershell +PS C:\WINDOWS\system32> Get-ScannerRepository -Path 'c:\repoToScan1' + +Path: c:\repoToScan1 +OverrideContentScanJob: : Off +EnableDlp: Off +Enforce: On +LabelFilesByContent: On +RelabelFiles: Off +AllowLabelDowngrade: Off +EnforceDefaultLabel: Off +DefaultLabelType: PolicyDefault +DefaultLabelID: +DefaultOwner: Scanner +RepositoryOwner: +PreserveFileDetails: On +IncludeFileTypes: +ExcludeFileTypes : .lnk,.exe.,.com,.cmd,.bat,.dll,.ini,.sca,.drm,.sys,.cpl,.inf,.drv,.dat,.tmp,.msp,.msi,.pdb,.jar,.ocx,.rtf,.rar,.msg +``` + +This example shows the a response that includes all repositories configured for the content scan job. + +## PARAMETERS + +### -Path +Defines the path to a specific repository you want to return data for. + +This parameter value must be the exact path or path pattern as is defined in the content scan job. + +However, this parameter also supports the ***** and **?** wildcards: + +For example: + +- Entering `-Path c:\repo?` returns details for any repositories named **repo**, with an additional single-character suffix, such as **c:\repo1**. + +- Entering `-Path c:\repo*` returns details for any repositories named **repo** with any additional characters as a suffix, such as **c:\repoToScan**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: True +``` +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Add-ScannerRepository](Add-ScannerRepository.md) + +- [Get-ScannerContentScan](Get-ScannerContentScan.md) + +- [Remove-ScannerContentScan](Remove-ScannerContentScan.md) + +- [Remove-ScannerRepository](Remove-ScannerRepository.md) + +- [Set-ScannerContentScan](Set-ScannerContentScan.md) + +- [Set-ScannerRepository](Set-ScannerRepository.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md new file mode 100644 index 0000000000..6f4d95c3ae --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md @@ -0,0 +1,99 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258761 +schema: 1.0.0 +--- + +# Import-ScannerConfiguration + +## SYNOPSIS +Imports local configuration for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Import-ScannerConfiguration -FileName [] +``` + +## DESCRIPTION +The **Import-ScannerConfiguration** cmdlet imports local configuration settings for the Microsoft Purview Information Protection scanner, and automatically configures the scanner to use offline configuration. + +Use this cmdlet after you've configured the following in the Microsoft Purview compliance portal: + +- Configured a cluster (unified labeling client only) or a profile +- Configured a content scan job for the scanner +- Exported the settings to a file instead of having the scanner connect to the Microsoft Purview Information Protection service. + +For example, use this cmdlet when the computer running the scanner doesn't have Internet connectivity. + +If you need to make configuration changes to the scanner after you have run this cmdlet, make those changes in the Microsoft Purview compliance portal, export the content scan job again, and rerun this cmdlet. + +If you want to change the scanner to use online configuration after you have run this cmdlet, use the [Set-ScannerConfiguration](./Set-ScannerConfiguration.md) and set the *OnlineConfiguration* parameter to **On**. + +Any changes will be used the next time the scanner runs. If you need the changes to take effect immediately, restart the Microsoft Purview Information Protection scanner on the Windows server computer. + + + +## EXAMPLES + +### Example 1: Import local configuration settings for the Microsoft Purview Information Protection scanner +```powershell +PS C:\> Import-ScannerConfiguration -FileName "C:\Scannerconfig\Eu-set.json" +Configuration was imported successfully. + +``` + +The scanner is configured to prevent getting its configuration directly from the Microsoft Purview Information Protection service, and the configuration settings are imported from a file named **C:\Scannerconfig\Eu-set.json**. + +## PARAMETERS + +### -FileName +Specifies a file that contains scanner configuration settings. To create this file, export your content scan job from the Microsoft Purview compliance portal. + +The file is used to do a one-time import of configuration settings into the scanner configuration database. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. + +For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-Scan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Install-Scanner.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Install-Scanner.md new file mode 100644 index 0000000000..caf7050be3 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Install-Scanner.md @@ -0,0 +1,285 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: +schema: 1.0.0 +--- + +# Install-Scanner + +## SYNOPSIS +Installs the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Install-Scanner [-ServiceUserCredentials] [-StandardDomainsUserAccount ] + [-ShareAdminUserAccount ] [-SqlServerInstance] [-Cluster | -Profile ] [-WhatIf] [-Confirm] + [] +``` + +## DESCRIPTION +The **Install-Scanner** cmdlet installs and configures the Microsoft Purview Information Protection scanner on a computer running Windows Server 2022, Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2. + +The Microsoft Purview Information Protection scanner uses this service to scan files on data stores that use the Server Message Block (SMB) protocol, and on SharePoint on premises. Files that this scanner discovers can then be labeled to apply classification, and optionally, apply protection or remove protection. + +For more information about how to configure the labels and policy settings, see: [Overview of sensitivity labels](/microsoft-365/compliance/sensitivity-labels) + + +> [!IMPORTANT] +> You must run this cmdlet before you run any other cmdlet for the Microsoft Purview Information Protection scanner. +> +The command creates a Windows service named Information Protection Scanner. It also creates and configures a database on SQL Server to store configuration and operational information for the scanner. The service that you specify to run the scanner is automatically granted the required rights to read and write to the database that is created. + +To run this command, you must have local administrator rights for the Windows Server computer, and Sysadmin rights on the instance of SQL Server that you will use for the scanner. + +After you have run this command, use the Microsoft Purview compliance portal to configure the settings in the scanner cluster and specify the data repositories to scan. Before you run the scanner, you must run the [Set-Authentication](Set-Authentication.md) cmdlet one time to sign in to Azure AD for authentication and authorization. + +For step-by-step instructions to install, configure, and use the scanner, see [Learn about the information protection scanner](/information-protection/deploy-aip-scanner). + + +## EXAMPLES + +### Example 1: Install the Microsoft Purview Information Protection Scanner service by using a SQL Server instance and a cluster +``` +PS C:\> Install-Scanner -SqlServerInstance SQLSERVER1\AIPSCANNER -Cluster EU +``` + +This command installs the Microsoft Purview Information Protection Scanner service by using a SQL Server instance named **MIPSCANNER**, which runs on the server named **SQLSERVER1**. + +In addition, the installation creates the **AIPScannerUL_\** database name to store the scanner configuration, unless an existing database with the same name is already found. + +You are prompted to provide the Active Directory account details for the scanner service account. + +The command displays the installation progress, where the install log is located, and the creation of the new Windows Application event log named Microsoft Purview Information Protection Scanner + +At the end of the output, you see **The transacted install has completed**. + +### Example 2: Install the Microsoft Purview Information Protection Scanner service by using the SQL Server default instance +``` +PS C:\> Install-Scanner -SqlServerInstance SQLSERVER1 -Cluster EU +``` + +This command installs the Microsoft Purview Information Protection scanner service by using the SQL Server default instance that runs on the server named **SQLSERVER1**. + +As with the previous example, you are prompted for credentials, and then the command displays the progress, where the install log is located, and the creation of the new Windows Application event log. + +### Example 3: Install the Microsoft Purview Information Protection scanner service by using SQL Server Express +``` +PS C:\> Install-Scanner -SqlServerInstance SQLSERVER1\SQLEXPRESS -Cluster EU +``` + +This command installs the Microsoft Purview Information Protection Scanner service by using SQL Server Express that runs on the server named **SQLSERVER1**. + +As with the previous examples, you are prompted for credentials, and then the command displays the progress, where the install log is located, and the creation of the new Windows Application event log. + +## PARAMETERS + +### -Cluster + +Specifies the name of the scanner's database for the scanner configuration, using the following syntax: **AIPScannerUL_**. + +If the database that you name doesn't exist when the scanner is installed, this command creates it. + +Using either this parameter or the **Profile** parameter is mandatory. We recommend using this parameter instead of the **Profile** parameter. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Profile + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Profile +Specifies the name of the scanner's database for the scanner configuration. + +Using either this parameter or the **Cluster** parameter is mandatory. We recommend using the **Cluster** parameter instead of the this parameter. + +The database name for the scanner is **AIPScannerUL_\**. + +If the database that you name doesn't exist when the scanner is installed, this command creates it. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ServiceUserCredentials +Specifies the account credentials used to run the Microsoft Purview Information Protection scanner. + +- The credentials used must be an Active Directory account. + +- Set the value of this parameter using the following syntax: `Domain\Username`. + + For example: `contoso\scanneraccount` + +- If you do not specify this parameter, you are prompted for the username and password. + +For more information, see [Prerequisites for the Microsoft Purview Information Protection scanner](/information-protection/deploy-aip-scanner#prerequisites-for-the-azure-information-protection-scanner). + +> [!TIP] +> Use a **PSCredential** object by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. In this case, you are prompted for the password only. +> +> For more information, type `Get-Help Get-Cmdlet`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShareAdminUserAccount +Specifies the credentials for a strong account in an on-premises network, used to get a full list of file share and NTFS permissions. + +- The credentials used must be an Active Directory account with Administrator/FC rights on your network shares. This will usually be a Server Admin or Domain Admin. + +- Set the value of this parameter using the following syntax: `Domain\Username` + + For example: `contoso\admin` + +- If you do not specify this parameter, you are prompted for both the username and password. + +> [!TIP] +> Use a **PSCredential** object by using the [**Get-Credential**](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. In this case, you are prompted for the password only. +> +>For more information, type `Get-Help Get-Cmdlet`. + + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SqlServerInstance +Specifies the SQL Server instance on which to create a database for the Microsoft Purview Information Protection scanner. + +For information about the SQL Server requirements, see [Prerequisites for the Microsoft Purview Information Protection scanner](/information-protection/deploy-aip-scanner#prerequisites-for-the-azure-information-protection-scanner). + +- **For the default instance**, specify the server name. For example: **SQLSERVER1**. + +- **For a named instance**, specify the server name and instance name. For example: **SQLSERVER1\MIPSCANNER**. + +- **For SQL Server Express**, specify the server name and **SQLEXPRESS**. For example: **SQLSERVER1\SQLEXPRESS**. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StandardDomainsUserAccount +Specifies the credentials for a weak account in an on-premises network, used to check access for weak users on the network and expose discovered network shares. + +- The credentials used must be an Active Directory account, and a user of the **Domain Users** group only. + +- Set the value of this parameter using the following syntax: `Domain\Username` + + For example: `contoso\stduser` + +- If you do not specify this parameter, you are prompted for both the username and password. + +> [!TIP] +> Use a **PSCredential** object by using the [**Get-Credential**](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. In this case, you are prompted for the password only. +> +>For more information, type `Get-Help Get-Cmdlet`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-PScan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/New-CustomPermissions.md b/informationprotection/informationprotection-ps/purviewinformationprotection/New-CustomPermissions.md new file mode 100644 index 0000000000..6700032fb1 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/New-CustomPermissions.md @@ -0,0 +1,109 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2092526 +schema: 1.0.0 +--- + +# New-CustomPermissions + +## SYNOPSIS + +Creates an ad-hoc protection policy for custom permissions. + +## SYNTAX + +``` +New-CustomPermissions -Users -Permissions [-ExpirationDate ] + [] +``` + +## DESCRIPTION +The **New-CustomPermissions** cmdlet creates an ad-hoc protection policy object for custom permissions that you store as a variable and then use to protect a file or files when you run the labeling cmdlet, [Set-FileLabel](./Set-FileLabel.md). + +If the label that is applied is configured for protection settings, the custom permissions from the ad-hoc protection policy replace the protection settings from the label. + +## EXAMPLES + +### Example 1 - Create an ad-hoc protection policy object for a single user +``` +PS C:\> $permissions = New-CustomPermissions -Users user1@contoso.com -Permissions Viewer +``` + +This command creates an ad-hoc protection policy object that grants **user1** from **contoso.com** usage rights from the Reviewer permissions and stores this policy in a variable named permissions. This ad-hoc protection policy can then be used to apply protection to a file or files. + +There is no output displayed for this command. + +### Example 2 - Create an ad-hoc protection policy object for multiple users and that has an expiration date +``` +PS C:\> $permissions = New-CustomPermissions -Users user1@contoso.com, user2@vanarsdel.com -Permissions Reviewer -ExpirationDate (Get-Date -Month 1 -Day 1 -Year 2020) +``` + +This command creates an ad-hoc protection policy object that grants users from different organizations usage rights from the Reviewer permissions, and also applies an expiration date. The ad-hoc protection policy object is stored in a variable named permissions, which can then be used to apply this protection to a file or files. + +There is no output displayed for this command. + +## PARAMETERS + +### -ExpirationDate +Specifies an expiration date for the ad-hoc protection policy. + +After this expiry date, the specified users will no longer be able to access the file or files. However, the owner and a super user can always access the file, even after the expiry period is reached. + +```yaml +Type: DateTime +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Permissions +Specifies a permissions level that groups usage rights that are typically used together. Use this parameter and the *Users* parameter to grant usage rights to specified users. + +To see which individual usage rights are included in each of the permissions levels, see [Rights included in permission levels](/azure/information-protection/configure-usage-rights#rights-included-in-permissions-levels). + +```yaml +Type: Permissions +Parameter Sets: (All) +Aliases: +Accepted values: Viewer, Reviewer, CoAuthor, CoOwner + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Users +Specifies users who will have rights to use the file or files. Use this parameter and the *Permission* parameter to grant rights to specified users or groups. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +[Set-AIPFileLabel](Set-AIPFileLabel.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md b/informationprotection/informationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md new file mode 100644 index 0000000000..cebe8ed692 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md @@ -0,0 +1,369 @@ +--- +Module Name: PurviewInformationProtection +Module Guid: NA +Download Help Link: NA +Help Version: NA +Locale: en-US +--- + +# PurviewInformationProtection Module + +## Using PowerShell with the Microsoft Purview Information Protection client +The Microsoft Purview Information Protection module is installed with the Microsoft Purview Information Protection client. The associated PowerShell module is *PurviewInformationProtection*. + +The PurviewInformationProtection module enables you to manage the client by running commands for automation scripts; for example: + +- [Install-Scanner](https://go.microsoft.com/fwlink/?linkid=2258955): Installs and configures the Information Protection Scanner service on a computer running Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2. +- [Get-FileStatus](https://go.microsoft.com/fwlink/?linkid=2258952): Gets the Information Protection label and protection information for a specified file or files. +- [Start-Scan](https://go.microsoft.com/fwlink/?linkid=2258855): Instructs the Information Protection scanner to start a one-time scan cycle. +- [Set-FileLabel -Autolabel](https://go.microsoft.com/fwlink/?linkid=2259827): Scans a file to automatically set an information protection label for a file, according to conditions that are configured in the policy. + +## Install the PurviewInformationProtection PowerShell module + +### Installation prerequisites + +- This module requires Windows PowerShell 4.0. This prerequisite is not checked during installation. Make sure that you have the correct version of PowerShell installed. +- Make sure that you have the most recent version of the PurviewInformationProtection PowerShell module (purviewinfoprotect.dll*) by running `Import-Module purviewinfoprotect`. + +### Installation details + +[Install and configure](/purview/deploy-scanner-configure-install.md) the full version of the Microsoft Purview Information Protection client. + +The PurviewInformationProtection PowerShell module installs automatically when you install the full version of the information protection client. Alternatively, you can install the module only by using the *PowerShellOnly=true* parameter. + +Thep module is installed in the **\ProgramFiles (x86)\PurviewInformationProtection** folder, and then adds this folder to the `PSModulePath` system variable. The .dll file for this module is *purviewinfoprotect.dll*. + +> [!IMPORTANT] +> The PurviewInformationProtection module doesn't support configuring advanced settings for labels or label policies. For more information on configuring these advanced settings, see [Custom configurations for the Microsoft Purview Information Protection client](#custom-configurations-for-the-microsoft-purview-information-protection-client). + +> [!TIP] +> To use cmdlets with path lengths greater than 260 characters, use the following [group policy setting](https://learn.microsoft.com/archive/blogs/jeremykuhne/net-4-6-2-and-long-paths-on-windows-10) that is available starting Windows 10, version 1607: +**Local Computer Policy** > **Computer Configuration** > **Administrative Templates** > **All Settings** > **Enable Win32 long paths** +> +>For Windows Server 2016, you can use the same group policy setting when you install the latest Administrative Templates (.admx) for Windows 10. +> +>For more information, see the [Maximum Path Length Limitation](https://learn.microsoft.com/windows/desktop/FileIO/naming-a-file#maximum-path-length-limitation) section from the Windows 10 developer documentation. + +## Prerequisites for using the PurviewInformationProtection PowerShell module + +In addition to the prerequisites for installing the PurviewInformationProtection module, you must also activate the [Azure Rights Management service](https://learn.microsoft.com/azure/information-protection/what-is-azure-rms). + +In some cases, you may want to [remove protection](https://go.microsoft.com/fwlink/?linkid=2259827) from files for others using your own account. For example, you may want to remove protection for others for the sake of data discovery or recovery. If you are using labels to apply protection, you can remove that protection by setting a new label that doesn't apply protection, or you can remove the label. + +For cases like this, the following requirements must also be met: + +- The [super user](azure/information-protection/configure-super-users) feature must be enabled for your organization. +- Your account must be configured an an Azure Rights Management super user. + +## Running information protection labeling cmdlets unattended + +By default, when you run the cmdlets for labeling, the commands run in your own user context in an interactive PowerShell session. To automate running sensitivity labeling cmdlets, read the following sections: + +- [Prerequisites for automating labeling cmdlets](#prerequisites-for-automating-labeling-cmdlets) +- [Create and configure Microsoft Entra applications for Set-Authentication](#create-and-configure-microsoft-entra-applications-for-set-authentication) +- [Running the Set-Authentication cmdlet](#run-the-set-authentication-cmdlet) + +### Prerequisites for automating labeling cmdlets + +To run information protection labeling cmdlets unattended, use the following access details: + +- **A Windows account** that can sign in interactively. +- **A Microsoft Entra account for delegated access**. For ease of administration, use a single account that's synchronized from Microsoft Entra to Microsoft Entra ID. + +For the delegated user account, configure the following requirements: + +| Requirement | Details | +| ----------- | ------- | +| Label policy | Make sure that you have a label policy assigned to this account and that the policy contains the published labels you want to use.

If you use label policies for different users, you might need to create a new label policy that publishes all your labels, and publish the policy to just this delegated user account. | +| Decrypting content | If this account needs to decrypt content, for example, to re-protect files and inspect files that others have protected, make this account an Azure Rights Management super user and make sure the super user feature is enabled. | +| Onboarding controls | If you have implemented [onboarding controls](azure/information-protection/activate-service#configuring-onboarding-controls-for-a-phased-deployment) for a phased deployment, make sure that this account is included in the onboarding controls you've configured. | + +- **A Microsoft Entra access token** that sets and stores credentials for the delegated user to authenticate to Microsoft Purview Information Protection. When the token in Microsoft Entra ID expires, you must run the cmdlet again to acquire a new token. + +The parameters for [Set-Authentication](https://go.microsoft.com/fwlink/?linkid=2258854) use values from an app registration process in Microsoft Entra ID. + +Run the labeling cmdlets non-interactively by first running the `Set-Authentication` cmdlet. The computer running the cmdlet downloads the labeling policy that's assigned to your delegated user account in the Microsoft Purview portal. + +### Create and configure Microsoft Entra applications for Set-Authentication + +The `Set-Authentication` cmdlet requires an app registration for the *AppId* and *AppSecret* parameters. + +To create a new app registration for the `Set-Authentication` cmdlet: + +1. In a new browser window, sign in to the Azure portal to access the Microsoft Entra tenant that you use with Microsoft Purview Information Protection. + +1. Navigate to **Microsoft Entra ID** > **Manage** > **App registrations**, and select **New registration**. + +1. In the **Register an application** pane, specify the following values, and then click Register: + +| Option | Value | +| ------ | ----- | +| Name | `DelegatedUser`
Specify a different name as needed. The name must be unique per tenant. | +| Supported account types | Select **Accounts** in this organizational directory only | +| Redirect URI (optional) | Select **Web**, and then enter `https://localhost`. | + +4. In the **DelegatedUser** pane, copy the value for the **Application (client) ID**. The value looks similar to this example: `77c3c1c3-abf9-404e-8b2b-4652836c8c66`.

This value is used for the *AppId* parameter when you run the `Set-Authentication` cmdlet. Paste and save the value for later reference. + +1. From the sidebar, select **Manage** > **Certificates & secrets**. + +1. In the **DelegatedUser - Certificates & secrets** pane, in the **Client secrets** section, select **New client secret**. + +1. For **Add a client secret**, specify the following, and then select **New client secret**. + +| Field | Value | +| ----- | ----- | +| Description | `Purview Information Protection client` | +| Expires | Specify your choice of duration (*1 year*, *2 years*, or *Never expires*) | + +8. Back on the **AIP-DelegatedUser - Certificates & secrets** pane, in the **Client secrets* section**, copy the **VALUE** string. This string will resemble the following example:

+`OAkk+rnuYc/u+]ah2kNxVbtrDGbS47L4` + +> [!IMPORTANT] +> **Save this string.** it is not displayed again and **cannot be retrieved later**. As with any sensitive information that you use, store the saved string value securely and restrict access to it. + +9. From the sidebar, select **Manage** > **API permissions**. + +1. On the the **DelegatedUser --API permissions** page, select **Add a permission**. + +1. On the the **Request API permissions** pane, make sure that you're on the **Microsoft APIs** tab, and select **Azure Rights Management Services**.

When you're prompted for the type of permissions that your application requires, select **Application permissions**. + +1. For **Select permissions**, expand **Content** and select the following + - **Content.DelegatedReader** + - **Content.DelegatedWriter** + +1. Choose **Add permissions**. + +1. Back on the **AIP-DelegatedUser - API permissions** page, select **Add a permission** again. + +1. In the **Request AIP permissions** pane, select **APIs my organization uses**, and search for **Microsoft Information Protection Sync Service.** + +1. In the **Request API permissions** pane, select **Application permissions**. + +1. For **Select permissions**, expand **UnifiedPolicy**, select **UnifiedPolicy.Tenant.Read**, and then choose **Add permissions**. + +1. Back on the **AIP-DelegatedUser - API permissions page**, select **Grant admin consent for **** and select **Yes** at the confirmation prompt. + +### Run the Set-Authentication cmdlet + +Once you have configured your Microsoft Entra applications, run the `Set-Authentication`. + +> [!IMPORTANT] +> You'll need your tenant ID to run this cmdlet. To get your tenant ID, open the Azure portal and navigate to **Microsoft Entra ID** > **Manage** > **Properties** > **Directory ID**. + +1. Open Windows PowerShell with the **Run as administrator** option. + +1. In your PowerShell session, create a variable to store the credentials of the Windows user account that will run non-interactively. For example, if you created a service account for the scanner. + +### Prerequisites for running labeling cmdlets unattended + +To run Purview Information Protection labeling cmdlets unattended, use the following access details: + +- **A Windows account** that can sign in interactively. + +- **a Microsoft Entra account**, for delegated access. For ease of administration, use a single account that's synchronized from Active Directory to Microsoft Entra ID. + + For the delegated user account: + + |Requirement |Details | + |---------|---------| + |**Label policy** | Make sure that you have a label policy assigned to this account and that the policy contains the published labels you want to use.

If you use label policies for different users, you might need to create a new label policy that publishes all your labels, and publish the policy to just this delegated user account. | + |**Decrypting content** | If this account needs to decrypt content, for example, to reprotect files and inspect files that others have protected, make it a [super user](../configure-super-users.md) for Azure Information Protection and make sure the super user feature is enabled. | + |**Onboarding controls** | If you have implemented [onboarding controls](../activate-service.md#configuring-onboarding-controls-for-a-phased-deployment) for a phased deployment, make sure that this account is included in your onboarding controls you've configured. | + +- **a Microsoft Entra access token**, which sets and stores credentials for the delegated user to authenticate to Azure Information Protection. When the token in Microsoft Entra ID expires, you must run the cmdlet again to acquire a new token. + + The parameters for **Set-Authentication** use values from an app registration process in Microsoft Entra ID. For more information, see [Create and configure Microsoft Entra applications for Set-Authentication](#create-and-configure-azure-ad-applications-for-set-aipauthentication). + +Run the labeling cmdlets non-interactively by first running the [Set-Authentication](https://go.microsoft.com/fwlink/?linkid=2258854) cmdlet. + +The computer running the **Authentication** cmdlet downloads the labeling policy that's assigned to your delegated user account in the Microsoft Purview compliance portal. + + + +### Create and configure Microsoft Entra applications for Set-Authentication + +The **Set-Authentication** cmdlet requires an app registration for the *AppId* and *AppSecret* parameters. + +**To create a new app registration for the unified labeling client Set-Authentication cmdlet**: + +1. In a new browser window, sign in the [Azure portal](https://portal.azure.com/) to the Microsoft Entra tenant that you use with Azure Information Protection. + +1. Navigate to **Microsoft Entra ID** > **Manage** > **App registrations**, and select **New registration**. + +1. On the **Register an application** pane, specify the following values, and then click **Register**: + + |Option |Value | + |---------|---------| + |**Name** | `AIP-DelegatedUser`
Specify a different name as needed. The name must be unique per tenant. | + |**Supported account types** | Select **Accounts in this organizational directory only**. | + |**Redirect URI (optional)** | Select **Web**, and then enter `https://localhost`. | + +1. On the **AIP-DelegatedUser** pane, copy the value for the **Application (client) ID**. + + The value looks similar to the following example: `77c3c1c3-abf9-404e-8b2b-4652836c8c66`. + + This value is used for the *AppId* parameter when you run the **Set-Authentication cmdlet**. Paste and save the value for later reference. + +1. From the sidebar, select **Manage** > **Certificates & secrets**. + + Then, on the **AIP-DelegatedUser - Certificates & secrets** pane, in the **Client secrets** section, select **New client secret**. + +1. For **Add a client secret**, specify the following, and then select **Add**: + + |Field |Value | + |---------|---------| + |**Description** | `Azure Information Protection unified labeling client` | + |**Expires** | Specify your choice of duration (1 year, 2 years, or never expires) | + +1. Back on the **AIP-DelegatedUser - Certificates & secrets** pane, in the **Client secrets** section, copy the string for the **VALUE**. + + This string looks similar to the following example: `OAkk+rnuYc/u+]ah2kNxVbtrDGbS47L4`. + + To make sure you copy all the characters, select the icon to **Copy to clipboard**. + + > [!IMPORTANT] + > It's important that you save this string because it is not displayed again and it cannot be retrieved. As with any sensitive information that you use, store the saved value securely and restrict access to it. + > + +1. From the sidebar, select **Manage** > **API permissions**. + + On the **AIP-DelegatedUser - API permissions** pane, select **Add a permission**. + +1. On the **Request API permissions** pane, make sure that you're on the **Microsoft APIs** tab, and select **Azure Rights Management Services**. + + When you're prompted for the type of permissions that your application requires, select **Application permissions**. + +1. For **Select permissions**, expand **Content** and select the following, and then select **Add permissions**. + + - **Content.DelegatedReader** + - **Content.DelegatedWriter** + +1. Back on the **AIP-DelegatedUser - API permissions** pane, select **Add a permission** again. + + On the **Request AIP permissions** pane, select **APIs my organization uses**, and search for **Microsoft Information Protection Sync Service**. + +1. On the **Request API permissions** pane, select **Application permissions**. + + For **Select permissions**, expand **UnifiedPolicy**, select **UnifiedPolicy.Tenant.Read**, and then select **Add permissions**. + +1. Back on the **AIP-DelegatedUser - API permissions** pane, select **Grant admin consent for \<*your tenant name*>** and select **Yes** for the confirmation prompt. + + Your API permissions should look like the following image: + + :::image type="content" source="./media/api-permissions-app.png" alt-text="API permissions for the registered app in Microsoft Entra ID"::: + +Now you've completed the registration of this app with a secret, you're ready to run [Set-Authentication](https://go.microsoft.com/fwlink/?linkid=2258854) with the parameters *AppId*, and *AppSecret*. Additionally, you'll need your tenant ID. + +> [!TIP] +>You can quickly copy your tenant ID by using Azure portal: **Microsoft Entra ID** > **Manage** > **Properties** > **Directory ID**. + +### Running the Set-Authentication cmdlet + +1. Open Windows PowerShell with the **Run as administrator option**. + +1. In your PowerShell session, create a variable to store the credentials of the Windows user account that will run non-interactively. For example, if you created a service account for the scanner: + + ```PowerShell + $pscreds = Get-Credential "CONTOSO\srv-scanner" + ``` + + You're prompted for this account's password. + +1. Run the **Set-Authentication** cmdlet, with the *OnBeHalfOf* parameter, specifying as its value the variable that you created. + + Also specify your app registration values, your tenant ID, and the name of the delegated user account in Microsoft Entra ID. For example: + + ```PowerShell + Set-Authentication -AppId "77c3c1c3-abf9-404e-8b2b-4652836c8c66" -AppSecret "OAkk+rnuYc/u+]ah2kNxVbtrDGbS47L4" -TenantId "9c11c87a-ac8b-46a3-8d5c-f4d0b72ee29a" -DelegatedUser scanner@contoso.com -OnBehalfOf $pscreds + ``` + +## Common parameters for PowerShell cmdlets + +For information about common parameters, see [About common parameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## Next steps + +For cmdlet help when you are in a PowerShell session, type `Get-Help -online`. For example: + +```PowerShell +Get-Help Set-FileLabel -online + + + + + +## AzureInformationProtection Cmdlets +### [Add-ScannerRepository](Add-ScannerRepository.md) +Adds a repository to an Information Protection scanner content scan job. + +### [Clear-Authentication](Clear-Authentication.md) +Clears the user settings and RMS templates for the current user. + +### [Export-DebugLogs](Export-DebugLogs.md) +Gathers and exports Information Protection client and scanner log files to a compressed file. + +### [Get-FileStatus](Get-FileStatus.md) +Gets the sensitivity label and protection information for a specified file or files. + +### [Get-ScannerConfiguration](Get-ScannerConfiguration.md) +Gets the configuration settings for the Information Protection scanner. + +### [Get-ScannerContentScan](Get-ScannerContentScan.md) +Gets details about your content scan job. + +### [Get-ScannerRepository](Get-ScannerRepository.md) +Gets repository data for an Information Protection scanner content scan job. + +### [Get-ScanStatus](Get-ScanStatus.md) +Gets the current status of the service for the Azure Information Protection scanner. + +### [Import-ScannerConfiguration](Import-ScannerConfiguration.md) +Imports a local configuration for the Information Protection scanner. + +### [Install-Scanner](Install-Scanner.md) +Installs the Information Protection scanner. + +### [New-CustomPermissions](New-CustomPermissions.md) +Creates an ad-hoc protection policy for custom permissions. + +### [Remove-FileLabel](Remove-FileLabel.md) +Removes the sensitivity label from a file. + +### [Remove-ScannerContentScan](Remove-AIPScannerContentScanJob.md) +Deletes the entire Information Protection scanner content scan job. + +### [Remove-ScannerRepository](Remove-ScannerRepository.md) +Removes a repository from an Information Protection scanner content scan job. + +### [Set-Authentication](Set-Authentication.md) +Sets the authentication credentials for the Information Protection client. + +### [Set-FileLabel](Set-FileLabel.md) +Sets or removes an Azure Information Protection label for a file mnaually or automatically, and sets or removes the protection according to the label configuration or custom permissions. + +### [Set-ScannerDatabase](Set-ScannerDatabase.md) +Sets the service account and database for the Information Protection scanner. + +### [Set-ScannerConfiguration](Set-ScannerConfiguration.md) +Sets optional configuration for the Information Protection scanner. + +### [Set-ScannerContentScan](Set-ScannerContentScan.md) +Defines settings for an Information Protection content scan job. + +### [Set-ScannerRepository](Set-ScannerRepository.md) +Updates an existing repository in an Information Protection scanner content scan job. + +### [Start-Scan](Start-Scan.md) +Instructs the Information Protection scanner to start a one time scan cycle. + +### [Start-ScannerDiagnostics](Start-ScannerDiagnostics.md) +Starts a series of health checks for a locally installed Information Protection scanner service. + +### [Stop-Scan](Stop-Scan.md) +Instructs the Information Protection scanner to immediately stop the currently running scan cycle. + +### [Uninstall-Scanner](Uninstall-Scanner.md) +Uninstalls the Windows Server service for the Information Protection scanner. + +### [Update-ScannerDatabase](Update-ScannerDatabase.md) +Updates the database schema for the Information Protection scanner. diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-FileLabel.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-FileLabel.md new file mode 100644 index 0000000000..16fdadfba0 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-FileLabel.md @@ -0,0 +1,212 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2259828 +schema: 1.0.0 +--- + +# Remove-FileLabel + +## SYNOPSIS +Removes the sensitivity label for a file or removes the protection according to the label configuration or custom permissions. + +## SYNTAX + +### RemoveLabel +``` +Remove-FileLabel [-Path] [-JustificationMessage ] [-RemoveLabel] [-PreserveFileDetails] + [] +``` + +### RemoveLabelProtection +``` +Remove-FileLabel [-Path] [-JustificationMessage ] [-RemoveLabel] [-RemoveProtection] + [-PreserveFileDetails] [] +``` + +### RemoveProtection +``` +Remove-FileLabel [-Path] [-JustificationMessage ] [-RemoveProtection] [-PreserveFileDetails] + [] +``` + +## DESCRIPTION +For the Microsoft Purview Information Protection client, the **Remove-FileLabel** cmdlet removes a sensitivity label for one or more files. + +## EXAMPLES + +### Example 1: Remove a label from a file + +``` +PS C:\> Remove-FileLabel C:\Projects\Analysis.docx -RemoveLabel -JustificationMessage 'The previous label no longer applies' + +FileName Status Comment +-------- ------ ------------ +C:\Projects\Analysis.docx Success +``` + +This command removes the existing label from the file named **C:\Projects\Analysis.docx**, and specifies a mandatory justification message. + +This justification method is required because the relevant sensitivity label policy setting is enabled to require justification for removing a label. + +> [!NOTE] +> If the label you're removing was protecting your file using a template, this command removes both the label and the protection. +> +> If the label you're removing was protecting your file using custom permissions, this command removes only the label. +> + +### Example 8: Remove protection from a file + +``` +PS C:\> Remove-FileLabel C:\Projects\Analysis.docx -RemoveProtection + +FileName Status Comment +-------- ------ ------------ +C:\Projects\Analysis.docx Success +``` + +This command removes protection from a single file named **Analysis.docx**. + +### Example 9: Remove protection and a label from a file + +``` +PS C:\> Set-AIPFileLabel C:\Projects\Analysis.docx -RemoveProtection -RemoveLabel -JustificationMessage 'The previous label no longer applies' + +FileName Status Comment +-------- ------ ------------ +C:\Projects\Analysis.docx Success +``` + +This command removes the label and custom protection from a single file named **Analysis.docx**. Because the policy is configured to require justification to remove a label, the justification reason is also supplied so that the command can complete without prompting the user for the reason. + + + +## PARAMETERS + +### -JustificationMessage +The justification reason for removing a label or removing protection if the sensitivity labeling policy requires users to supply this information. If removing a label triggers the justification and this reason is not supplied, the label is not removed. In this case, the status returned is "Skipped" with the comment "Justification required". + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a local path, network path, or SharePoint Server URL to the files for which you want to remove the label and protection information. + +Wildcards are not supported and WebDav locations are not supported. + +For SharePoint paths, the following are supported: + +- SharePoint Server 2022 +- SharePoint Server 2019 +- SharePoint Server 2016 +- SharePoint Server 2013 + +For example: + +- C:\Folder\ +- C:\Folder\Filename +- \\\Server\Folder +- http://sharepoint.contoso.com/Shared%20Documents/Folder + +Paths can include spaces when you enclose the path value with quotes. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: FullName, FileName + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PreserveFileDetails +Specify this parameter to leave the modified date (Windows and SharePoint) and modified by (SharePoint) values unchanged for documents that you label: + +- For local or network files, the **Date modified** value remains unchanged. + +- For SharePoint files, the **Modified date** and **Modified by** values remain unchanged. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveLabel +Removes any label that has been applied to a file. + +```yaml +Type: SwitchParameter +Parameter Sets: RemoveLabel, RemoveLabelProtection +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RemoveProtection + +Removes protection from a file. If the file is labeled, the label is not removed. + +You must have sufficient usage rights or be a super user for your organization to remove protection from files. For more information, see [Configuring super users for Azure Rights Management and discovery services or data recovery](/azure/information-protection/configure-super-users). + +Use the **Remove-FileLabel** PowerShell cmdlet to enable removal of protection from container files (**zip**, **.rar**, **.7z**, and **.pst**). + +> [!NOTE] +> - This remove protection capability is disabled by default and must first be enabled using the [Set-LabelPolicy](/azure/information-protection/rms-client/clientv2-admin-guide-customizations#enable-removal-of-protection-from-compressed-files) cmdlet. +> +> - For .pst files, 5 GB is the maximum file size supported with this cmdlet. +> + +```yaml +Type: SwitchParameter +Parameter Sets: RemoveLabelProtection, RemoveProtection +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### System.String[] + +## OUTPUTS + +### Microsoft.InformationProtection.Powershell.AIP.Results.SetAIPFileResult + +## NOTES + +## RELATED LINKS + +[Get-FileStatus](Get-FileStatus.md) + +[New-AIPCustomPermissions](NewCustomPermissions.md) + +[Set-FileLabel](Set-FileLabel.md) + +[Set-Authentication](Set-Authentication.md) diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md new file mode 100644 index 0000000000..fe475de6a4 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md @@ -0,0 +1,92 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258762 +schema: 1.0.0 +--- + +# Remove-ScannerContentScan + +## SYNOPSIS +Delete a content scan job. + +## SYNTAX + +``` +Remove-ScannerContentScan [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Deletes an entire Microsoft Purview Information Protection scanner content scan job. + +> [!CAUTION] +> Deleting the content scan job means that the configured repositories may not be scanned again, unless they are configured for a different content scan job. +> + +For more information about content scan jobs, see the [Microsoft Purview Information Protection scanner documentation](/information-protection/deploy-aip-scanner-configure-install#create-a-content-scan-job). + + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-ScannerContentScan +``` + +This command remove the content scan job. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Add-ScannerRepository](Add-ScannerRepository.md) + +- [Get-ScannerContentScan](Get-ScannerContentScan.md) + +- [Get-ScannerRepository](Get-ScannerRepository.md) + +- [Remove-ScannerRepository](Remove-ScannerRepository.md) + +- [Set-ScannerContentScan](Set-ScannerContentScan.md) + +- [Set-ScannerRepository](Set-ScannerRepository.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md new file mode 100644 index 0000000000..e3aecabc3a --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md @@ -0,0 +1,126 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258956 +schema: 1.0.0 +--- + +# Remove-ScannerRepository + +## SYNOPSIS +Removes a repository from an Microsoft Purview Information Protection scanner content scan job. + +## SYNTAX + +``` +Remove-ScannerRepository + [-Repositories] + [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Deletes any repositories described by the **Repositories** parameter, or returned by a piped [Get-ScannerRepository](Get-ScannerRepository.md) cmdlet. + +For more information about content scan jobs, see the [Microsoft Purview Information Protection on-premises scanner documentation](/information-protection/deploy-aip-scanner-configure-install#create-a-content-scan-job). + +## EXAMPLES + +### Example 1 Remove all repositories configured for your content scan job +```powershell +PS C:\WINDOWS\system32> Get-ScannerRepository | Remove-ScannerRepository +``` + +This example shows a fully piped cmdlet, where the repositories are first returned, and then deleted. + +### Example 2 Remove a specific repository from your content scan job +```powershell +PS C:\WINDOWS\system32> Get-ScannerRepository -Path 'c:\repoToScan1' | Remove-ScannerRepository +``` + +This example shows a fully piped cmdlet, where the repository is first returned, and then deleted. + +### Example 3 Remove any repositories that match a specific wildcard pattern from your content scan job +```powershell +PS C:\WINDOWS\system32> Get-ScannerRepository -Path 'c:\repo*' | Remove-ScannerRepository +``` + +This example shows a fully piped cmdlet, where the repositories are first returned, and then deleted. + +### Example 4 Remove a specific repository from your content scan job without piping +```powershell +PS C:\WINDOWS\system32> $repos = Get-ScannerRepository -Path 'c:\repoToScan1' +PS C:\WINDOWS\system32> Remove-ScannerRepository $repos +``` + +This example shows a fully piped cmdlet, where the repositories are first returned, and then deleted. + +## PARAMETERS + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Repositories +Describes the repositories you want to delete. + +```yaml +Type: System.Collections.Generic.List`1[Microsoft.InformationProtection.Powershell.AIP.Commandlets.Scanner.MoonCake.RepositoryInfo] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### System.Collections.Generic.List`1[[Microsoft.InformationProtection.Powershell.AIP.Commandlets.Scanner.MoonCake.RepositoryInfo, AIP, Version=2.9.0.0, Culture=neutral, PublicKeyToken=null]] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Add-ScannerRepository](Add-ScannerRepository.md) + +- [Get-ScannerContentScan](Get-ScannerContentScan.md) + +- [Get-ScannerRepository](Get-cannerRepository.md) + +- [Remove-ScannerContentScan](Remove-ScannerContentScan.md) + +- [Set-ScannerContentScan](Set-ScannerContentScan.md) + +- [Set-ScannerRepository](Set-ScannerRepository.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-Authentication.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-Authentication.md new file mode 100644 index 0000000000..04ca2af1fb --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-Authentication.md @@ -0,0 +1,181 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258854 +schema: 1.0.0 +--- + +# Set-Authentication + +## SYNOPSIS +Sets the authentication credentials for the Microsoft Purview Information Protection client. + +## SYNTAX +``` +Set-Authentication [-AppId ] [-AppSecret ] [-TenantId ] [-DelegatedUser ] [-OnBehalfOf ] [] +``` + +## DESCRIPTION +The **Set-Authentication** cmdlet sets credentials by using an access token so that you can sign in as a different user and also use the labeling cmdlets non-interactively. + +For example: + +- You want to use the Microsoft Purview Information Protection scanner to continually discover and automatically label and protect files in multiple data stores. +- You want to run a scheduled PowerShell script that automatically labels and protects files on a file server by using the [Set-FileLabel](Set-FileLabel.md) cmdlet. +- You have a data loss prevention (DLP) solution that that you want to augment by automatically labeling and protecting files that this solution identifies. + +**Running with or without parameters** + +If you run this cmdlet without parameters, the account acquires an Azure AD access token that is valid for 90 days or until your password expires. + +To control when the access token expires, run this cmdlet with parameters. This lets you configure the access token for 1 year, 2 years, or to never expire. This configuration requires you to have one or more applications registered in Azure Active Directory. + +The Microsoft Purview Information Protection client supports the *OnBehalfOf* parameter, which accepts a stored variable that contains your specified Windows user name and password. + +Use the *DelegatedUser* parameter to specify a user account in Azure Active Directory that is assigned one or more label policies from your labeling management center. + +## EXAMPLES + +### Example 1: Set the authentication credentials without using applications that are registered in Azure Active Directory +``` +PS C:\> Set-Authentication +Acquired access token +``` + +This command prompts you for your Azure AD credentials that are used to acquire an access token that is valid for 90 days or until your password expires. + +### Example 2: Set the authentication credentials by using an application that is registered in Azure Active Directory + +``` +PS C:\>$pscreds = Get-Credential CONTOSO\scanner +PS C:\> Set-Authentication -AppId "77c3c1c3-abf9-404e-8b2b-4652836c8c66" -AppSecret "OAkk+rnuYc/u+]ah2kNxVbtrDGbS47L4" -DelegatedUser scanner@contoso.com -TenantId "9c11c87a-ac8b-46a3-8d5c-f4d0b72ee29a" -OnBehalfOf $pscreds +Acquired application access token on behalf of CONTOSO\scanner. +``` + +Run the commands in this PowerShell session with the **Run as Administrator** option, which is required for the *OnBehalfOf* parameter. + +The first command creates a **PSCredential** object and stores the specified Windows user name and password in the **$pscreds** variable. When you run this command, you are prompted for the password for the user name that you specified. + +The second command acquires an access token that is combined with the application so that the token becomes valid for 1 year, 2 years, or never expires, according to your configuration of the registered app in Azure AD. The user name of scanner@contoso.com sets the user context to download labels and label policies from the Microsoft Purview compliance portal. + + +## PARAMETERS + + + +### -DelegatedUser + +Specifies the user account credentials to use when downloading label policies with sensitivity labels from your labeling management center. + +- The credentials used must be an Azure Active Directory account that can be used to get the policy and online configuration. + + - It can be the same account that is used for the **ServiceUserCredentials** if this account is synched to Azure Active Directory, or a different account. + + - If this account needs to reprotect files, remove protection from files, or inspect protected files, make it a [super user](/azure/information-protection/configure-super-users) for Microsoft Purview Information Protection. + +- Set the value of this parameter using the UPN. For example: `scannerservice@contoso.com` + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -OnBehalfOf + +Specifies the variable that includes the credentials object used by the Microsoft Purview Information Protection client. + +This parameter is used when login rights cannot be granted to scheduled PowerShell commands. + +- Use the same credentials for this parameter as used to run the scanner, defined by the **ServiceUserCredentials** parameter. + +- To use this parameter, you must run your PowerShell session with the **Run as Administrator** option. + +Use the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet to create the variable that stores the credentials. For more information, type `Get-Help Get-Cmdlet`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### -AppId + +Specifies the "Application (client) ID" for app registered in Azure AD. + +```yaml +Type: Guid +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AppSecret + +Specifies the client secret value generated at the time your app was registered in Azure AD. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantId + +Specifies the tenant GUID that contains your registered app in Azure AD. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Clear-Authentication](Clear-Authentication.md) + +[Get-FileStatus](Get-FileStatus.md) + +[Set-FileLabel](Set-FileLabel.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-FileLabel.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-FileLabel.md new file mode 100644 index 0000000000..e17d4274fe --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-FileLabel.md @@ -0,0 +1,543 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2259827 +schema: 1.0.0 +--- + +# Set-AIPFileLabel + +## SYNOPSIS +Sets the sensitivity label and protection for a file through manual labeling or autolabeling according to the label configuration or custom permissions. + +## SYNTAX + +### SetLabel +``` +Set-FileLabel [-Path] -LabelId [-JustificationMessage ] [-Owner ] + [-PreserveFileDetails] [] +``` + +### SetLabelCustom +``` +Set-FileLabel [-Path] -LabelId [-JustificationMessage ] + -CustomPermissions [-Owner ] [-PreserveFileDetails] [] +``` + +### Custom +``` +Set-FileLabel [-Path] -CustomPermissions [-Owner ] + [-PreserveFileDetails] [] +``` + +### SetAutoLabel +``` +Set-FileLabel [-Path] [-JustificationMessage ] [-Owner ] [-Force] + [-PreserveFileDetails] [-AutoLabel] [] +``` + +### WhatIf +``` +Set-FileLabel [-Path] [-PreserveFileDetails] [-WhatIf] [-DiscoveryInfoTypes ] + [] +``` + +## DESCRIPTION +For the Microsoft Purview Information Protection client, the **Set-FileLabel** cmdlet sets a sensitivity label for one or more files. This action can automatically apply protection when labels are configured to apply encryption. + +Additionally, you can use this cmdlet to apply custom permissions when they are created as an ad-hoc protection policy object with the [New-AIPCustomPermissions](New-AIPCustomPermissions.md) cmdlet. + +When the command runs successfully, any existing label or protection can be replaced. + +You can run this cmdlet non-interactively. For more information, see the [Unified labeling client admin guide](/information-protection/rms-client/clientv2-admin-guide-powershell#how-to-label-files-non-interactively-for-azure-information-protection). + +> [!NOTE] +> When running the **Set-FileLabel** cmdlet in a loop, add these two lines after the cmdlet: +> **[GC]::Collect()** +**[GC]::WaitForPendingFinalizers()** +> + +## EXAMPLES + +### Example 1: Apply the "General" label to all files that do not currently have a label +``` +PS C:\> Get-FileStatus -Path \\Finance\Projects\ | where {$_.IsLabeled -eq $False} | Set-FileLabel -LabelId d9f23ae3-4321-4321-4321-f515f824c57b +FileName Status Comment +-------- ------ ------------ +\\Finance\Projects\Image.jpg Success +\\Finance\Projects\Pricelist.pdf Success +\\Finance\Projects\Announcement.docx Success +\\Finance\Projects\Analysis.xlsx Success +``` + +This command first identifies all files that are not labeled by using the **Get-FileStatus** cmdlet. Then, these files are labeled by specifying the "General" label by its ID. + +### Example 2: Apply the "General" label to .docx files that are not labeled +``` +PS C:\> Get-ChildItem C:\Projects\*.docx -File -Recurse | Get-FileStatus | where {$_.IsLabeled -eq $False} | Set-FileLabel -LabelId d9f23ae3-1234-1234-1234-f515f824c57b +FileName Status Comment +-------- ------ ------------ +C:\Projects\Analysis.docx Success +C:\Projects\Projects.docx Success +``` + +This command first identifies all **.docx** files in the **C:\Projects** folder (and its subfolders) by using [Get-Child-Item](/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7), then finds from these files the ones that are not labeled by using the **Get-FileStatus** cmdlet. The resulting files are then labeled by specifying the "General" label by its ID. + +> [!NOTE] +> This command makes use of the **Path** alias of FullName, so that [Get-Child-Item](/powershell/module/microsoft.powershell.management/get-childitem) can be used with **Get-FileStatus**. +> + +### Example 3: Apply the "General" label to all files in a folder and any of its subfolders +``` +PS C:\> Set-FileLabel -Path C:\Projects\ -LabelId d9f23ae3-1324-1234-1234-f515f824c57b +FileName Status Comment +-------- ------ ------------ +C:\Projects\Project1.docx Success +C:\Projects\Datasheet.pdf Success +C:\Projects\Image.jpg Success +C:\Projects\Analysis.xlsx Skipped No label to apply +C:\Projects\Dashboard.xlsx Success +``` + +This command sets a label named "General" on all files in the **Projects** folder and any of its subfolders. + +If the General label is configured to apply encryption, the files that were successfully labeled with this command will also be encrypted. In this case, the Rights Management owner (who has the Rights Management Full Control permission) of these files is the user who ran the PowerShell command. + +In this example, one file was not labeled (skipped) because it required justification. This might be the intended outcome to ensure that a file with a higher classification label or protection isn't accidentally overwritten with a lower classification label or has protection removed. + +To enable this safeguard, the Office 365 classification label policy must be configured to require justification for removing a label or lowering the classification. When you then run this command without the **JustificationMessage** parameter and the label triggers justification, the file is skipped with the comment "No label to apply". + +### Example 4: Apply the "General" label to a single file, which requires justification +``` +PS C:\> Set-FileLabel -Path \\Finance\Projects\Analysis.xlsx -LabelId d9f23ae3-1324-1234-1234-f515f824c57b -JustificationMessage 'The previous label no longer applies' +FileName Status Comment +-------- ------ ------------ +\\finance\projects\analysis.xlsx Success +``` + +This command sets the "General" label for a file that is already labeled with a higher sensitivity label. The sensitivity label policy is configured to require justification for removing a label or lowering the classification. Because the command includes a justification message, the new label is successfully applied. + + +### Example 5: Protect a file with custom permissions + +``` +PS C:\> $permissions = New-CustomPermissions -Users user1@contoso.com, user2@vanarsdel.com -Permissions Reviewer -ExpirationDate (Get-Date -Month 1 -Day 1 -Year 2020) +PS C:\> Set-FileLabel C:\Projects\Analysis.docx -CustomPermissions $permissions + +FileName Status Comment +-------- ------ ------------ +C:\Projects\Analysis.docx Success +``` + +The first command creates an ad-hoc protection policy object that grants users from different organizations usage rights from the Reviewer permissions, and also applies an expiration date. + +The second command protects a single file named **Analysis.docx** by using the custom permissions in the stored ad-hoc protection policy object. + +### Example 6: Apply a label and custom permissions to file + +``` +PS C:\> $permissions = New-CustomPermissions -Users a@a.com, b@b.com -Permissions Reviewer +PS C:\> Set-FileLabel C:\Projects\Analysis.docx -LabelId d9f23ae3-1324-1234-1234-f515f824c57b -CustomPermissions $permissions + +FileName Status Comment +-------- ------ ------------ +C:\Projects\Analysis.docx Success +``` + +The first command creates an ad-hoc protection policy object that grants users from different organizations usage rights from the Reviewer permissions, and also applies an expiration date. + +The second command applies a label to a single file named **Analysis.docx** and also protects the file by using the custom permissions in the stored ad-hoc protection policy object. If the label is configured for protection settings, they are replaced by the custom permissions. + +### Example 7: Scan all files in a folder and any of its subfolders, and apply labels according to the configured conditions for automatic labeling +``` +PS C:\> Set-FileLabel -AutoLabel -Path C:\Projects\ -PreserveFileDetails + + +FileName : C:\Projects\Project1.docx +Status : Success +Comment : +MainLabelName : Confidential +MainLabelId : 074e257c-1234-1234-1234-34a182080e71 +SubLabelName : Finance group +SubLabelId : d9f23ae3-1234-1234-1234-f515f824c57b + +FileName : C:\Projects\Datasheet.pdf +Status : Skipped +Comment : No label to apply +MainLabelName : +MainLabelId : +SubLabelName : +SubLabelId : + +FileName : C:\Projects\Analysis.xlsx +Status : Skipped +Comment : No label to apply +MainLabelName : +MainLabelId : +SubLabelName : +SubLabelId : + +FileName : C:\Projects\Pricelist.xlsx +Status : Skipped +Comment : No label to apply +MainLabelName : +MainLabelId : +SubLabelName : +SubLabelId : + +FileName : C:\Projects\Dashboard.xlsx +Status : Success +Comment : +MainLabelName : Public +MainLabelId : f018e9e7-0cfc-4c69-b27a-ac3cb7df43cc +SubLabelName : +SubLabelId : +``` + +This command scans all files in the Projects folder and any of its subfolders, and sets labels according to the configured conditions in the auto labeling policy. In this example, there are five files and two files are automatically labeled. The **Datasheet.pdf** file is not labeled because its contents does not match the configured conditions for automatic labeling **Analysis.xlsx** was already manually labeled, and **Pricelist.xlsx** has a higher label. Because the command is run without the *-Force* parameter, the existing labels for **Analysis.xlsx** and **Pricelist.xlsx** are not overwritten. + +If the applied labels are also configured to apply Rights Management protection, the files that are successfully labeled with this command are also protected. In this case, the Rights Management owner (who has the Rights Management Full Control permission) of these files is the user who ran the PowerShell command. + +Because the PreserveFileDetails parameter is specified, the Date Modified of the labeled files remains unchanged. + + + +### Example 8: Scan all files in a folder and any of its subfolders, and apply labels according to the configured conditions for automatic labeling, overriding any existing labels + +``` +PS C:\> Set-FileLabel -Autolabel -Path C:\Projects\ -Force -PreserveFileDetails + + +FileName : C:\Projects\Project1.docx +Status : Success +Comment : +MainLabelName : Confidential +MainLabelId : 074e257c-1234-1234-1234-34a182080e71 +SubLabelName : Finance group +SubLabelId : d9f23ae3-1234-1234-1234-f515f824c57b + +FileName : C:\Projects\Datasheet.pdf +Status : Skipped +Comment : No label to apply +MainLabelName : +MainLabelId : +SubLabelName : +SubLabelId : + +FileName : C:\Projects\Analysis.xlsx +Status : Success +Comment : +MainLabelName : Public +MainLabelId : f018e9e7-0cfc-4c69-b27a-ac3cb7df43cc +SubLabelName : +SubLabelId : + +FileName : C:\Projects\Pricelist.xlsx +Status : Success +Comment : +MainLabelName : Public +MainLabelId : f018e9e7-0cfc-4c69-b27a-ac3cb7df43cc +SubLabelName : +SubLabelId : + +FileName : C:\Projects\Dashboard.xlsx +Status : Success +Comment : +MainLabelName : Public +MainLabelId : f018e9e7-0cfc-4c69-b27a-ac3cb7df43cc +SubLabelName : +SubLabelId : +``` + +This command is similar to the previous example in that it also scans all files in the Projects folder and any of its subfolders, and sets labels according to the configured conditions for auto labeling. However, this time, because the command includes the *-Force* parameter, it also replaces the existing label for **Dashboard.xlsx**, and **Pricelist.xlsx**. + +The contents of **Datasheet.pdf** did not match any configured conditions and this file remains without a label. + +### Example 9: Scan a file in WhatIf mode for all known sensitive information types + +``` +PS C:\> Set-FileLabel -AutoLabel -Path C:\Projects\Project1.docx -WhatIf -DiscoveryInfoTypes All + + +MainLabelName : General +MainLabelId : 89a453df-5df4-4976-8191-jdn2fsf9560a +SubLabelName : +SubLabelId : +WhatIf : True +MatchedInformationTypes : {Credit Card Number, U.S. Social Security Number (SSN), International Classification of + Diseases (ICD-10-CM), International Classification of Diseases (ICD-9-CM)} +LastModifiedBy : +LastModifiedTime : 8/19/2014 5:11:26 AM +FileName : C:\Projects\Project1.docx +Status : Success +Comment : +``` + +This command discovers all known information types in Project1.docx file without applying protection or a label. + +### Example 10: Scan a file in WhatIf mode for specific sensitive information types + +``` +PS C:\> Set-FileLabel -AutoLabel -Path C:\Projects\Project1.docx -WhatIf -DiscoveryInfoTypes "50842eb7-edc8-4019-85dd-5a5c1f2bb085","a44669fe-0d48-453d-a9b1-2cc83f2cba77" + +MainLabelName : General +MainLabelId : 89a453df-5df4-4976-8191-jdn2fsf9560a +SubLabelName : +SubLabelId : +WhatIf : True +MatchedInformationTypes : {Credit Card Number, U.S. Social Security Number (SSN)} +LastModifiedBy : +LastModifiedTime : 8/19/2014 5:11:26 AM +FileName : Project1.docx +Status : Success +Comment : + +``` + +This command discovers the specific information types of "Credit Card Number", and "Social Security Number (SSN)" in **Project1.docx** file without applying protection or a label. + + +### Example 11: Scan a file in WhatIf mode for specific sensitive information types and display the values found + +``` +PS C:\> $x=Set-FileLabel -AutoLabel -Path "C:\Projects\Project1.docx" -WhatIf -DiscoveryInfoTypes "50842eb7-edc8-4019-85dd-5a5c1f2bb085","a44669fe-0d48-453d-a9b1-2cc83f2cba77" +PS C:\> $x.MatchedInformationTypes + +RulePackageSetId : 00000000-0000-0000-0000-000000000000 +RulePackageId : 00000000-0000-0000-0000-000000000000 +RuleId : 50842eb7-edc8-4019-85dd-5a5c1f2bb085 +Name : Credit Card Number +Count : 1 +UniqueCount : 1 +Confidence : 85 +SensitiveContents : {Offset: 2089, Length: 19} + +RulePackageSetId : 00000000-0000-0000-0000-000000000000 +RulePackageId : 00000000-0000-0000-0000-000000000000 +RuleId : a44669fe-0d48-453d-a9b1-2cc83f2cba77 +Name : U.S. Social Security Number (SSN) +Count : 1 +UniqueCount : 1 +Confidence : 85 +SensitiveContents : {Offset: 7063, Length: 11} + + +PS C:\> $x.MatchedInformationTypes[0].SensitiveContents | fl + +Offset : 2089 +Length : 19 +Value : 4539-9572-7949-2212 +Context : OLOGICAL SCIENCES Credit Card # + Expiration Date: 4539-9572-7949-2212 + 8/2009 Department: BIOLOGICAL SCIENCES Anticipa +``` + +Similar to the previous example, the first command discovers the specific information types of "Credit Card Number", and "Social Security Number (SSN)" in **Project1.docx** file without applying protection or a label. However, in this example, the results are stored in a variable for further processing. + +The second command is then used to display the contents of the matched information types, which includes the SensitiveContents parameter. + +The final command displays and formats for easier reading the data that's identified by the first sensitive information type, which in this example, is the credit card details. + + +## PARAMETERS + +### -AutoLabel +When -AutoLabel is used, cmdlet runs in auto-labeling mode. When -AutoLabel cmdlet is not used, runs in manual labeling mode. + +```yaml +Type: SwitchParameter +Parameter Sets: SetAutoLabel +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -CustomPermissions +Specifies the variable name that stores an ad-hoc protection policy, which was created by using the [New-CustomPermissions](New-CustomPermissions.md) cmdlet. The ad-hoc protection policy is used to protect the file or files with custom permissions. + +```yaml +Type: AIPCustomPermissions +Parameter Sets: SetLabelCustom, Custom +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DiscoveryInfoTypes +Specify the sensitive information types to be discovered when you use the *WhatIf* parameter. + +If you want to search for specific sensitive information types, specify the **Entity id** number for that information type, which you can find listed in [Sensitive information types in Exchange Server](/Exchange/policy-and-compliance/data-loss-prevention/sensitive-information-types?view=exchserver-2019). + +For example, "50842eb7-edc8-4019-85dd-5a5c1f2bb085" is the number to specify for the Credit Card Number sensitive information type. + +```yaml +Type: String[] +Parameter Sets: WhatIf +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Replaces an existing label when the configured conditions apply. + +```yaml +Type: SwitchParameter +Parameter Sets: SetAutoLabel +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JustificationMessage +The justification reason for lowering the classification label, removing a label, or removing protection, if the sensitivity policy requires users to supply this information. If setting a label triggers the justification and this reason is not supplied, the label is not applied. In this case, the status returned is "Skipped" with the comment "Justification required". + +```yaml +Type: String +Parameter Sets: SetLabel, SetLabelCustom, SetAutoLabel +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LabelId +Specifies the identity (ID) of the label to apply. When a label has sublabels, always specify the ID of just a sublabel and not the parent label. + +To find the label ID: + +The label ID value is not displayed in the Microsoft Purview compliance portal. However, you can use the following Office 365 Security & Compliance Center PowerShell command to find this value: `Get-Label | Format-Table -Property DisplayName, Name, Guid` + +For files that have labels applied, you can also run the [Get-FileStatus](Get-FileStatus.md) cmdlet to identify the label ID (MainLabelId or SubLabelId). + +```yaml +Type: Guid +Parameter Sets: SetLabel, SetLabelCustom +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Owner +Specifies owner for applying label or protection to the file. + +```yaml +Type: String +Parameter Sets: SetLabel, SetLabelCustom, Custom, SetAutoLabel +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Specifies a local path, network path, or SharePoint Server URL to the files for which you want to get the label and protection information. + +Wildcards are not supported and WebDav locations are not supported. + +For SharePoint paths, the following are supported: + +- SharePoint Server 2022 +- SharePoint Server 2019 +- SharePoint Server 2016 +- SharePoint Server 2013 + +For example: + +- C:\Folder\ +- C:\Folder\Filename +- \\\Server\Folder +- http://sharepoint.contoso.com/Shared%20Documents/Folder + +Paths can include spaces when you enclose the path value with quotes. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: FullName, FileName + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -PreserveFileDetails +Specify this parameter to leave the modified date (Windows and SharePoint) and modified by (SharePoint) values unchanged for documents that you label: + +- For local or network files, the **Date modified** value remains unchanged. + +- For SharePoint files, the **Modified date** and **Modified by** values remain unchanged. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: WhatIf +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### System.String[] + +## OUTPUTS + +### Microsoft.InformationProtection.Powershell.AIP.Results.SetAIPFileResult + +## NOTES + +## RELATED LINKS + +[Get-FileStatus](Get-FileStatus.md) + +[New-CustomPermissions](New-CustomPermissions.md) + +[Set-Authentication](Set-Authentication.md) diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md new file mode 100644 index 0000000000..625db1787f --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md @@ -0,0 +1,109 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258957 +schema: 1.0.0 +--- + +# Set-ScannerConfiguration + +## SYNOPSIS +Sets optional configuration for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Set-ScannerConfiguration [-ReportLevel ] [-OnlineConfiguration ] [] +``` + +## DESCRIPTION +The **Set-ScannerConfiguration** cmdlet sets local configuration settings for the Microsoft Purview Information Protection scanner. + +You configure most of the scanner configuration settings in the Microsoft Purview compliance portal, but must use this cmdlet if you need to import configuration settings from a file because the scanner cannot support online configuration, or if you need to change the report level for the locally created reports. + +Any changes will be used the next time the scanner runs. If you need the changes to take effect immediately, restart the Microsoft Purview Information Protection scanner on the Windows server computer. + + +## EXAMPLES + +### Example 1: Set the Microsoft Purview Information Protection scanner to use online configuration + +``` +PS C:\> Set-ScannerConfiguration -OnlineConfiguration On + +Configuration was set successfully. +``` + +This command sets the scanner to get its configuration directly from the Microsoft Purview Information Protection service. + + +## PARAMETERS + +### -ReportLevel +Define the level of logging for the scanner reports. By default, only files that are successfully labeled by the scanner or contain sensitive information types are included in the log file. + +Log files are stored in the **%localappdata%\Microsoft\MSIP\Scanner\Reports** folder. A summary report **(.txt)** includes the time taken to scan, the number of scanned files, and statistics of how many files were classified and protected. Detailed reports **(.csv)** has details for each file. The folder stores up to 60 reports for each scanning cycle and all but the latest report is compressed to help minimize the required disk space. + +|Log level |Description | +|---------|---------| +|**Debug** | Logs every file that was discovered and the resulting action. This level of logging is useful for troubleshooting but slows down the Microsoft Purview Information Protection scanner. This category includes files that don't meet any of the conditions and files that are skipped because of an unsupported file type.

For example, trying to label a file for classification-only when the file type doesn't support this action, and trying to label files that are automatically excluded. | +|**Info** (Default) | Logs only the files that:
- Were successfully labeled by the scanner
- Would have been labeled by the scanner, if the scanner was not in discovery mode
- Contain sensitive information types | +|**Error** | Logs only the files that the scanner attempted to label or identify but could not. For example, a file was in use, or the scanner service did not have write access to the file. | +|**Off** | Disables reporting, which results in the best performance for the scanner. | + +The local Windows **Applications and Services** event log, **Information Protection Scanner** contains additional logging information. The events include the start and end times for each scanning cycle, when a scanned file has a label applied, and when protection is applied or removed. For more information, see [Event log IDs and descriptions for the scanner](/information-protection/deploy-aip-scanner#event-log-ids-and-descriptions-for-the-scanner). + + +```yaml +Type: ReportLevel +Parameter Sets: (All) +Aliases: +Accepted values: Off, Debug, Info, Error + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OnlineConfiguration +Specifies whether the scanner gets its configuration settings directly from the Microsoft Purview Information Protection service (the default), or uses an offline configuration file. + +- **On:** The default setting. The scanner gets its configuration settings directly from the Microsoft Purview Information Protection service. + +- **Off:** The scanner is prevented from getting its configuration settings directly from the Microsoft Purview Information Protection service. Instead, the scanner is configured by settings that you import from a file. + +If the scanner cannot support online configuration, you must still configure the scanner in the Azure portal. Then, export the scanner configuration from the portal to a .json file and import this file by using the [Import-ScannerConfiguration](./Import-ScannerConfiguration.md) cmdlet. + +```yaml +Type: OnlineConfiguration +Parameter Sets: (All) +Aliases: +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Start-Scan](Start-Scan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md new file mode 100644 index 0000000000..9b5ba05c75 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md @@ -0,0 +1,415 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258958 +schema: 1.0.0 +--- + +# Set-ScannerContentScan + +## SYNOPSIS +Defines settings for an Microsoft Purview Information Protection scanner content scan job. + +## SYNTAX + +``` +Set-ScannerContentScan [-Schedule ] [-DiscoverInformationTypes ] + [-RecommendedAsAutomatic ] [-EnableDlp ] [-Enforce ] + [-LabelFilesByContent ] [-RelabelFiles ] [-AllowLabelDowngrade ] + [-EnforceDefaultLabel ] [-DefaultLabelType ] [-DefaultLabelId ] + [-DefaultOwner ] [-RepositoryOwner ] [-PreserveFileDetails ] + [-IncludeFileTypes ] [-ExcludeFileTypes ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Defines the configuration for your content scan job, which scans the content in the defined repositories, according to the settings defined. +For more information about content scan jobs, see the [Microsoft Purview Information Protection on-premises scanner documentation](/information-protection/deploy-aip-scanner-configure-install#create-a-content-scan-job). + +## EXAMPLES + +### Example 1 Define default content scan job settings + +```powershell +PS C:\WINDOWS\system32> Set-ScannerContentScan -Enforce Off +``` + +This example defines the content scan job with default settings, and sets the **Policy enforcement** option to **Off**. + +### Example 2 Define a basic content scan job that runs continuously + +```powershell +PS C:\WINDOWS\system32> Set-ScannerContentScan -Enforce Off -RelabelFiles On -EnforceDefaultLabel On -Schedule Always +``` + +This example defines the content scan job with without enforcing a policy, allowing files to be re-labeled, using a default label, and is scheduled to run always. + +### Example 3 Define a content scan job that allows for specific re-labeling actions only + +```powershell +PS C:\WINDOWS\system32> Set-ScannerContentScan -RelabelFiles On -AllowLabelDowngrade On -EnforceDefaultLabel On +``` + +This example defines a content scan job that allows for content to be re-labeled only to downgrade a label or use a default label. + +### Example 4 Define a content scan job that excludes .msg and .tmp files + +```powershell +PS C:\WINDOWS\system32> Set-ScannerContentScan -IncludeFileTypes '' -ExcludeFileTypes '.msg,.tmp' +``` + +This example defines a content scan job that includes all file types except for .msg and .tmp files. + + +### Example 5 Define a content scan job with DLP enabled, and a specific repository owner + +```powershell +PS C:\WINDOWS\system32> Set-ScannerContentScan -EnableDLP On -RepositoryOwner 'domain\user' +``` + +This example defines the content scan job to use the Microsoft Purview data loss prevention (DLP) sensitivity information types when scanning your content, and also defines a specific owner for the content scan job's repositories. + +### Example 6 Define a content scan job with a default label to use when automatically labeling content + +```powershell +PS C:\WINDOWS\system32> Set-ScannerContentScan -DefaultLabelType Custom -DefaultLabelId 'ff1f1c9d-2f92-4a18-3d84-4608b742424' +``` + +This example defines the content scan job with a specific label used as the default label, specified by the label ID. + +## PARAMETERS + +### -AllowLabelDowngrade +Determines whether the content scan job allows for labeling downgrade actions. + +Relevant only when the **RelabelFiles** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultLabelId +Defines the ID of the default label used when automatically labeling content with a default label. + +Mandatory if the **DefaultLabelType** parameter is set to **custom**. + +```yaml +Type: Guid +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultLabelType +Determines the type of default label used when automatically labeling content with a default label. + +When used, define the label ID you want to use as the default ID using the **DefaultLabelId** parameter. + +```yaml +Type: DefaultLabelType +Parameter Sets: (All) +Aliases: +Accepted values: None, PolicyDefault, Custom + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultOwner +Defines the default owner value used for the files scanned, using the account email address. By default, this is the scanner account. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DiscoverInformationTypes +Determines the types of information types discovered during the content scan job. + +```yaml +Type: DiscoverInformationTypes +Parameter Sets: (All) +Aliases: +Accepted values: PolicyOnly, All + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableDlp +Determines whether the content scan job uses the data loss prevention (DLP) sensitivity information types when scanning your content. + +> [!TIP] +> If you configure this parameter, you may also want to configure a specific repository owner using the **RepositoryOwner** parameter. +> + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enforce +Determines whether the content scan job enforces content scanning and labeling according to your policy. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnforceDefaultLabel +Determines whether using a default label is always used when relabeling content. + +Relevant only when the **RelabelFiles** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExcludeFileTypes +Determines any file types that are ignored during your content scan job. Define multiple file types using a comma-separated list. + +If you define this parameter, define the **IncludeFileTypes** parameter as null. For example, **Example 4** above. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on** in the [Add-ScannerRepository](Add-ScannerRepository.md) or [Set-ScannerRepository](Set-ScannerRepository.md) cmdlets. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeFileTypes +Explicitly determines the file types that are scanned by your content scan job. Define multiple file types using a comma-separated list. + +If you define this parameter, define the **ExcludeFileTypes** parameter as null. For example, **Example 4** above. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on** in the [Add-ScannerRepository](Add-ScannerRepository.md) or [Set-ScannerRepository](Set-ScannerRepository.md) cmdlets. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LabelFilesByContent +Determines whether the **Label files based on content** content scan job option is enabled or disabled. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreserveFileDetails +Determines whether the file details, including the date modified, last modified, and modified by settings are preserved while scanning and auto-labeling. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RecommendedAsAutomatic +Determines whether recommended labels are used to automatically label your content. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelabelFiles +Determines whether the content scan job is allowed to relabel files. + +> [!TIP] +> When using this parameter, use the following additional parameters as needed: +> - **EnforceDefaultLabel** +> - **AllowLabelDowngrade** +> + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RepositoryOwner + +Specifies the SAMAccountname (**domain\user**), UPN (**user@domain**), or SID of a group that owns the repository. + +The owners are granted full control permissions on the file if the permissions on the file are changed by a matched DLP rule. + +Relevant only when the **EnableDlp** parameter is set to **on**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Schedule +Determines whether the content scan job runs according to a specific schedule, or continuously. + +```yaml +Type: Schedule +Parameter Sets: (All) +Aliases: +Accepted values: Manual, Always + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Add-ScannerRepository](Add-ScannerRepository.md) + +- [Get-ScannerContentScan](Get-ScannerContentScan.md) + +- [Get-ScannerRepository](Get-ScannerRepository.md) + +- [Remove-ScannerContentScan](Remove-ScannerContentScan.md) + +- [Remove-ScannerRepository](Remove-ScannerRepository.md) + +- [Set-ScannerRepository](Set-ScannerRepository.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md new file mode 100644 index 0000000000..4326aa4431 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md @@ -0,0 +1,219 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258763 +schema: 1.0.0 +--- + +# Set-ScannerDatabase + +## SYNOPSIS +Sets the service account and database for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Set-ScannerDatabase [[-SqlServerInstance] ] [-ServiceUserCredentials] + [-StandardDomainsUserAccount ] [-ShareAdminUserAccount ] [-Cluster | -Profile ] [-Force] + [] +``` + +## DESCRIPTION +The **Set-ScannerDatabase** cmdlet updates the service account and SQL Server database instance for the Microsoft Purview Information Protection scanner. + +Use this command when you want to change the account or database details that was previously specified, for example, when you installed the scanner by running the [Install-Scanner](./Install-Scanner.md) cmdlet. + +The new configuration takes effects when the Microsoft Purview Information Protection scanner is next started. This cmdlet does not automatically restart this service. + + +## EXAMPLES + +### Example 1: Change the database and cluster for the Microsoft Purview Information Protection scanner +``` +PS C:\> Set-ScannerDatabase -SqlServerInstance SERVER1\AIPScannerUL -Cluster EU + +Microsoft Purview Information Protection Scanner service configuration change completed successfully. +``` + +This command configures the Microsoft Purview Information Protection scanner to use the SQL Server database instance named **AIPScannerUL** on the server named **SERVER1**, using the scanner configuration database named **AIPScannerUL_EU**. + +## PARAMETERS + +### -Cluster + +Specifies the configured name of the scanner's database, used to identify the scanner you want to set details for. + +Use the following syntax: **AIPScannerUL_**. + +Using either this parameter or the **Profile** parameter is mandatory. We recommend using this parameter instead of the **Profile** parameter. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: Profile + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Profile +Specifies the configured name of the scanner's database, used to identify the scanner you want to set details for. + +Using either this parameter or the **Cluster** parameter is mandatory. We recommend using the **Cluster** parameter instead of the this parameter. + +The database name for the scanner is **AIPScannerUL_\**. + + +### -ServiceUserCredentials +Specifies the account credentials used to run the Microsoft Purview Information Protection service. + +- The credentials used must be an Active Directory account. + +- Set the value of this parameter using the following syntax: `Domain\Username`. + + For example: `contoso\scanneraccount` + +- If you do not specify this parameter, you are prompted for the username and password. + +For more information, see [Prerequisites for the Microsoft Purview Information Protection scanner](/information-protection/deploy-aip-scanner#prerequisites-for-the-azure-information-protection-scanner). + +> [!TIP] +> Use a **PSCredential** object by using the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. In this case, you are prompted for the password only. +> +> For more information, type `Get-Help Get-Cmdlet`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ShareAdminUserAccount +Specifies the credentials for a strong account in an on-premises network, used to get a full list of file share and NTFS permissions. + +- The credentials used must be an Active Directory account with Administrator/FC rights on your network shares. This will usually be a Server Admin or Domain Admin. + +- Set the value of this parameter using the following syntax: `Domain\Username` + + For example: `contoso\admin` + +- If you do not specify this parameter, you are prompted for both the username and password. + +> [!TIP] +> Use a **PSCredential** object by using the [**Get-Credential**](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. In this case, you are prompted for the password only. +> +>For more information, type `Get-Help Get-Cmdlet`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SqlServerInstance +Specifies the new SQL Server instance on which to create a database for the Microsoft Purview Information Protection scanner. + +For information about the SQL Server requirements, see [Prerequisites for the Microsoft Purview Information Protection scanner](/azure/information-protection/deploy-aip-scanner#prerequisites-for-the-azure-information-protection-scanner). + +For the default instance, specify the server name. For example: **SQLSERVER1**. + +For a named instance, specify the server name and instance name. For example: **SQLSERVER1\AIPSCANNER**. + +For SQL Server Express, specify the server name and SQLEXPRESS. For example: **SQLSERVER1\SQLEXPRESS**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -StandardDomainsUserAccount +Specifies the credentials for a weak account in an on-premises network, used to check access for weak users on the network and expose discovered network shares. + +- The credentials used must be an Active Directory account, and a user of the **Domain Users** group only. + +- Set the value of this parameter using the following syntax: `Domain\Username` + + For example: `contoso\stduser` + +- If you do not specify this parameter, you are prompted for both the username and password. + +> [!TIP] +> Use a **PSCredential** object by using the [**Get-Credential**](/powershell/module/microsoft.powershell.security/get-credential) cmdlet. In this case, you are prompted for the password only. +> +>For more information, type `Get-Help Get-Cmdlet`. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-AIPScannerConfiguration](./Get-AIPScannerConfiguration.md) + +[Get-AIPScannerStatus](./Get-AIPScannerStatus.md) + +[Install-AIPScanner](./Install-AIPScanner.md) + +[Set-ScannerDatabaseConfiguration](./Set-ScannerDatabaseConfiguration.md) + +[Start-AIPScan](./Start-AIPScan.md) + +[Uninstall-AIPScanner](./Uninstall-AIPScanner.md) + +[Update-AIPScanner](./Update-AIPScanner.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md new file mode 100644 index 0000000000..37b96fa5d0 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md @@ -0,0 +1,395 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258764 +schema: 1.0.0 +--- + +# Set-ScannerRepository + +## SYNOPSIS + +Updates an existing repository in an Microsoft Purview Information Protection scanner content scan job. + +## SYNTAX + +``` +Set-ScannerRepository -Path [-OverrideContentScanJob ] [-EnableDlp ] + [-Enforce ] [-LabelFilesByContent ] [-RelabelFiles ] + [-AllowLabelDowngrade ] [-EnforceDefaultLabel ] [-DefaultLabelType ] + [-DefaultLabelId ] [-DefaultOwner ] [-RepositoryOwner ] + [-PreserveFileDetails ] [-IncludeFileTypes ] [-ExcludeFileTypes ] [-WhatIf] + [-Confirm] [] +``` + +## DESCRIPTION +Updates the details for an existing repository defined in your content scan job. + +For more information about content scan jobs, see the [Microsoft Purview Information Protection scanner documentation](/information-protection/deploy-aip-scanner-configure-install#create-a-content-scan-job). + +## EXAMPLES + +### Example 1 Update the repository details using the configured content scan job settings +```powershell +PS C:\WINDOWS\system32> Set-ScannerRepository -OverrideContentScanJob Off -Path 'c:\repoToScan' +``` + +This example sets the **repoToScan** repository settings in your content scan job to use content scan job's current settings. + +### Example 2 Update the repository details, overriding the content scan job's current settings + +```powershell +PS C:\WINDOWS\system32> Set-ScannerRepository -Path 'c:\repoToScan' -OverrideContentScanJob On -Enforce On -DefaultOwner 'ms@gmail.com' +``` + +This example sets the **repoToScan** repository settings to override the currently configured content scan job settings. + +### Example 3 Update the repository details, excluding .msg and .tmp files + +```powershell +PS C:\WINDOWS\system32> Set-ScannerRepository -OverrideContentScanJob On -Path 'c:\repoToScan' -IncludeFileTypes '' -ExcludeFileTypes '.msg,.tmp' +``` + +This example defines a content scan job that includes all file types except for .msg and .tmp files. + +## PARAMETERS + +### -AllowLabelDowngrade +Determines whether the content scan job allows for labeling downgrade actions. + +Relevant only when the following parameters are set to **on:** + +- **OverrideContentScanJob** +- **RelabelFiles** + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultLabelId +Defines the ID of the default label used when automatically labeling content with a default label. + +- Mandatory if the **DefaultLabelType** parameter is set to **custom**. + +- Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: Guid +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultLabelType +Determines the type of default label used when automatically labeling content with a default label. + +When used, define the label ID you want to use as the default ID using the **DefaultLabelId** parameter. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: DefaultLabelType +Parameter Sets: (All) +Aliases: +Accepted values: None, PolicyDefault, Custom + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultOwner +Defines the default owner value used for the files scanned, using the account email address. By default, this is the scanner account. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnableDlp +Determines whether the content scan job uses the Microsoft Purview data loss prevention (DLP) sensitivity information types when scanning your content. + +> [!TIP] +> If you configure this parameter, you may also want to configure a specific repository owner using the **RepositoryOwner** parameter. +> + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Enforce +Determines whether the content scan job enforces content scanning and labeling according to your policy. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -EnforceDefaultLabel +Determines whether using a default label is always used when relabeling content. + +Relevant only when the following parameters are set to **on:** + +- **RelabelFiles** +- **OverrideContentScanJob** + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ExcludeFileTypes +Determines any file types that are ignored during your content scan job. Define multiple file types using a comma-separated list. + +If you define this parameter, define the **IncludeFileTypes** parameter as null. For sample code, see **Example 3** above. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncludeFileTypes +Explicitly determines the file types that are scanned by your content scan job. Define multiple file types using a comma-separated list. + +If you define this parameter, define the **ExcludeFileTypes** parameter as null. For sample code, see **Example 3** above. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -LabelFilesByContent +Determines whether the **Label files based on content** content scan job option is enabled or disabled. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -OverrideContentScanJob +Determines whether the settings for this repository override the settings defined for the content scan job. + +If set to **On**, define any settings you want to override using additional parameters. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Path +Defines the path to the repository you want to update settings for in your content scan job. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -PreserveFileDetails +Determines whether the file details, including the date modified, last modified, and modified by settings are preserved while scanning and auto-labeling. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelabelFiles +Determines whether the content scan job is allowed to relabel files. + +Relevant only when the **OverrideContentScanJob** parameter is set to **on**. + +```yaml +Type: OnOffEnum +Parameter Sets: (All) +Aliases: +Accepted values: On, Off + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RepositoryOwner +Defines the owner of the repositories configured for the content scan job. + +Specifies the SAMAccountname (**domain\user**), UPN (**user@domain**), or SID of a group that owns the repository. + +The owners are granted full control permissions on the file if the permissions on the file are changed by a matched DLP rule. + +Relevant only when the following parameters are set to **on:** + +- **OverrideContentScanJob** +- **EnableDlp** + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS + +- [Add-ScannerRepository](Add-ScannerRepository.md) + +- [Get-ScannerContentScan](Get-ScannerContentScan.md) + +- [Get-ScannerRepository](Get-ScannerRepository.md) + +- [Remove-ScannerContentScan](Remove-ScannerContentScan.md) + +- [Remove-ScannerRepository](Remove-ScannerRepository.md) + +- [Set-ScannerContentScan](Set-ScannerContentScan.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Start-Scan.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Start-Scan.md new file mode 100644 index 0000000000..69c2a0d618 --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Start-Scan.md @@ -0,0 +1,102 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258855 +schema: 1.0.0 +--- + +# Start-Scan + +## SYNOPSIS + +Instructs the Microsoft Purview Information Protection scanner to start a one-time scan cycle. + +## SYNTAX + +``` +Start-Scan [-Reset] [-Force] [] +``` + +## DESCRIPTION +The **Start-Scan** cmdlet instructs the Microsoft Purview Information Protection scanner to immediately start a one-time scan cycle. The scanner service must be started already and the scanner schedule must be configured for a manual schedule. + +To configure the schedule, use the [Microsoft Purview compliance portal to configure the scanner](/azure/information-protection/deploy-aip-scanner). + +By default, all files are scanned the first time the scanner runs and then, unless the Microsoft Purview Information Protection policy is changed, only new or changed files are scanned. However, you can change this behavior when you use the *-Reset* parameter with this cmdlet, which forces the scanner to scan all files. + +> [!NOTE] +> If the scanner schedule is set to **Always**, this cmdlet is ignored. +> +## EXAMPLES + +### Example 1: Initiate immediate one-time scan for new and changed files +```powershell +PS C:\> Start-Scan +``` + +Because this is not the first time that the scanner has run and the Microsoft Purview Information Protection policy has not changed since the last scanning cycle, the scanner initiates an incremental scan for all new or changed files since the last scanning cycle. + +### Example 2: Initiate immediate one time scan for all files +```powershell +PS C:\> Start-Scan -Reset +``` + +The scanner initiates a full scan of all the files, even if they have been scanned before and the Microsoft Purview Information Protection policy has not changed. + +## PARAMETERS + +### -Force +Forces the command to run without asking for user confirmation. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` +### -Reset +Resets the scanner cache so that the scanner initiates a full scan of all the files, even if they have been scanned before and the Microsoft Purview Information Protection policy has not changed. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +### None + + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md new file mode 100644 index 0000000000..b856498ebd --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md @@ -0,0 +1,144 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258765 +schema: 1.0.0 +--- + +# Start-ScannerDiagnostics + +## SYNOPSIS + +Starts a series of health checks for a locally installed Microsoft Purview Information Protection scanner service. + +## SYNTAX + +``` +Get0ScannerDiagnostics [-OnBehalfOf ] [-ResetConfig] [-VerboseErrorCount ] [] +``` + +## DESCRIPTION +The **View-ScannerReports** cmdlet triggers a series of diagnostic checks to verify that the scanner deployment is healthy. + +Diagnostic checks include whether: + +- The database is up-to-date and accessible +- URLs are accessible +- An authentication token is found and the policy can be acquired +- The profile is set +- Offline/online configuration exists and can be acquired +- Rules are valid + +## EXAMPLES + +### Example 1: Starts the diagnostic tool for a locally installed scanner +```powershell +PS C:\> $scanner_account_creds= Get-Credential +PS C:\> View-ScannerReports -onbehalf $scanner_account_creds +``` + +This example prompts you to enter credentials for a specific account, and then provide the credentials of the service account used to run the scanner. + +### Example 2: Starts the diagnostic tool with a large number of errors printed from the scanner log +```powershell +PS C:\> $scanner_account_creds= Get-Credential +PS C:\> View-ScannerReports -onbehalf $scanner_account_creds -Verbose -VerboseErrorCount 30 +``` + +This example prompts you to enter credentials for a specific account, and then provide the credentials of the service account used to run the scanner. The last 30 errors are printed from the scanner log. +## PARAMETERS + +### -OnBehalfOf +Defines the scanner where you want to run the diagnostics, when you are running the command under a user that is not the scanner user. + +The **OnBehalfOf** value defines the variable that holds a credentials object. The diagnostics checks are run on the scanner for the account defined by that credentials object. + +Use the [Get-Credential](/powershell/module/microsoft.powershell.security/get-credential) cmdlet to get the variable that stores your credentials. + +> [!NOTE] +> If you are running the command under the scanner user, this parameter is not required. +> + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResetConfig +Resets the policy cache. When used, the policy is refreshed even if the last refresh occurred less than four hours ago. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -VerboseErrorCount +Relevant only when the **Verbose** parameter is used in the command. + +Defines the number of errors you want to see printed from the scanner log, if you want to print a number of errors other than the default of 10. + + +```yaml +Type: Integer +Parameter Sets: (All) +Aliases: +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. + +> [!NOTE] +> For this cmdlet, the **Verbose** parameter prints the last 10 errors from the scanner log. To change the number of errors printed, use the **VerboseErrorCount** parameter +> + +For more information, see [about_CommonParameters](/powershell/module/microsoft.powershell.core/about/about_commonparameters). + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES +- This cmdlet requires you to define a specific scanner account in the **-OnBehalfOf** parameter. The OnBehalfOf parameter requires you to run your PowerShell session as an Administrator. + +- Diagnostic checks do check for scanner deployment prerequisites. This cmdlet is supported only after you have the scanner deployed and your [profile configured](/azure/information-protection/deploy-aip-scanner#install-the-scanner). + + For more information, see [Deploying the Microsoft Purview Information Protection scanner](/azure/information-protection/deploy-aip-scanner). + +## RELATED LINKS +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-Scan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) + +[Update-ScannerDatabase](Update-ScannerDatabase.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Stop-Scan.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Stop-Scan.md new file mode 100644 index 0000000000..a18d529d2f --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Stop-Scan.md @@ -0,0 +1,48 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258959 +schema: 1.0.0 +--- + +# Stop-Scan + +## SYNOPSIS + +Instructs the Microsoft Purview Information Protection scanner to stop the currently running scan cycle. + +## SYNTAX +``` +Stop-Scan +``` + +## DESCRIPTION +The **Stop-Scan** cmdlet stops an active scan for the current profile. + +Stopping an active scan does not pause the scan cycle. Instead, it completely stops and cancels the scan, and shifts all scanners to idle mode until a new scan is requested. + +When the new scan starts, it does not continue from the previous scan state, although the new scan does skip all files already scanned. + +> [!NOTE] +> It may take up to five minutes until all scanners receive the stop command. + +> [!TIP] +> If you want to pause a scan and have it start again from the same point, stop the Microsoft Purview Information Protection Scanner service on the scanner machine instead. +> +## EXAMPLES + +### Example 1: Stop the currently running scan cycle +```powershell +PS C:\> Stop-Scan +``` + +## INPUTS + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS +[Start-Scan](Start-Scan.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md new file mode 100644 index 0000000000..d118b7fead --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md @@ -0,0 +1,68 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258856 +schema: 1.0.0 +--- + +# Uninstall-Scanner + +## SYNOPSIS +Uninstalls the Windows Server service for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Uninstall-Scanner [] +``` + +## DESCRIPTION +The **Uninstall-Scanner** cmdlet uninstalls the Microsoft Purview Information Protection scanner Windows Server service. + +To run this command, you must have local Administrator rights for the Windows Server computer and you must restart the computer after running the command to complete the removal process. + +This command does *not* remove the following: + +- **Scanner reports**, located in **%localappdata%\Microsoft\MSIP\Scanner\Reports**. + +- **The SQL Server database** that was created by running the [Install-AIPScanner](nstall-AIPScanner.md) cmdlet when the Microsoft Purview Information Protection scanner was installed. If this database is no longer required, you must manually remove it. + + The database name for the scanner is **AIPScannerUL_\**. + + +## EXAMPLES + +### Example 1: Uninstall the Microsoft Purview Information Protection Scanner service +``` +PS C:\> Uninstall-Scanner +``` + +This command removes the service for the Microsoft Purview Information Protection scanner. + +## PARAMETERS + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-Scan.md) + +[Update-ScannerDatabase](Update-ScannerDatabse.md) \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md b/informationprotection/informationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md new file mode 100644 index 0000000000..c25156441f --- /dev/null +++ b/informationprotection/informationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md @@ -0,0 +1,125 @@ +--- +external help file: AIP.dll-Help.xml +Module Name: PurviewInformationProtection +online version: https://go.microsoft.com/fwlink/?linkid=2258857 +schema: 1.0.0 +--- + +# Update-ScannerDatabase + +## SYNOPSIS +Updates the database schema for the Microsoft Purview Information Protection scanner. + +## SYNTAX + +``` +Update-ScannerDatabase [-Cluster | -Profile ] [-Force] [] +``` + +## DESCRIPTION +The **Update-ScannerDatabase** cmdlet updates the database schema for the Microsoft Purview Information Protection scanner and if required, the scanner service account is also granted delete permissions for the scanner database. + +Run this cmdlet after upgrading your Microsoft Purview Information Protection client. + +For more information, see [Installing the Microsoft Purview Information Protection scanner](/azure/information-protection/rms-client/clientv2-admin-guide#installing-the-azure-information-protection-scanner.md) from the admin guide for the unified labeling client. + +Run this cmdlet with an account that has the database-level role of **db_owner** for the configuration database that the scanner is using, named **AIPScannerUL_\**. + + +## EXAMPLES + +### Example 1: Update the scanner after the Microsoft Purview Information Protection client has been upgraded, and set a scanner cluster name +``` +PS C:\> Update-ScannerDatabase –cluster USWEST +``` + +This command updates the database schema for the Microsoft Purview Information Protection scanner, and sets the cluster name to **USWEST** rather than use the default name of the computer. + +You are prompted to continue and if you confirm, the scanner then gets is configuration from the **USWEST** scanner cluster that you configure by using the Microsoft Purview compliance portal. + +The Microsoft Purview Information Protection scanner is updated successfully, the scanner database is renamed to **AIPScannerUL_USWEST**, and the scanner now gets its configuration from the Microsoft Purview Information Protection service. + +For reference purposes, a backup of your old configuration is stored in **%localappdata%\Microsoft\MSIP\ScannerConfiguration.bak**. + + +## PARAMETERS + + +### -Cluster +Specifies the configured name of the scanner's database, used to identify the scanner you want to update. + +Use the following syntax: **AIPScannerUL_**. + +Using either this parameter or the **Profile** parameter is mandatory. We recommend using this parameter instead of the **Profile** parameter. + + +```yaml +Type: String +Parameter Sets: (All) +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Force +Forces the command to run without asking for user confirmation. + +When used, the command first verifies that all nodes under the same cluster are offline. If any nodes are found to be online, a warning is displayed with the node details. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Profile +Specifies the configured name of the scanner's database, used to identify the scanner you want to update. + +Using either this parameter or the **Cluster** parameter is mandatory. We recommend using the **Cluster** parameter instead of the this parameter. + +The database name for the scanner is **AIPScannerUL_\**. + + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +### None + +## OUTPUTS + +### System.Object + +## NOTES + +## RELATED LINKS + +[Get-ScannerConfiguration](Get-ScannerConfiguration.md) + +[Get-ScanStatus](Get-ScanStatus.md) + +[Install-Scanner](Install-Scanner.md) + +[Set-ScannerDatabase](Set-ScannerDatabase.md) + +[Set-ScannerConfiguration](Set-ScannerConfiguration.md) + +[Start-Scan](Start-PScan.md) + +[Uninstall-Scanner](Uninstall-Scanner.md) \ No newline at end of file diff --git a/informationprotection/mapping/monikerMapping.json b/informationprotection/mapping/monikerMapping.json new file mode 100644 index 0000000000..32d4b3af9f --- /dev/null +++ b/informationprotection/mapping/monikerMapping.json @@ -0,0 +1,11 @@ +{ + "officewebapps-ps": { + "conceptualToc": "docs-conceptual/toc.yml", + "conceptualTocUrl": "/powershell/informationprotection/informationprotection-ps/toc.json", + "referenceTocUrl": "/powershell/module/officewebapps-ps/toc.json", + "packageRoot": "officewebapps-ps", + "modules": { + "officewebapps": {} + } + } +} \ No newline at end of file From e60d95e8a719c2784512eb08d0aa38c75aa2c97e Mon Sep 17 00:00:00 2001 From: KC Cross Date: Wed, 10 Apr 2024 13:49:43 -0700 Subject: [PATCH 2/2] getting changes unstashed --- informationprotection/docfx.json | 32 +++++++++---------- .../mapping/monikerMapping.json | 10 +++--- .../Add-ScannerRepository.md | 0 .../Clear-Authentication.md | 0 .../Export-DebugLogs.md | 0 .../Get-FileStatus.md | 0 .../Get-ScanStatus.md | 0 .../Get-ScannerConfiguration.md | 0 .../Get-ScannerContentScan.md | 0 .../Get-ScannerRepository.md | 0 .../Import-ScannerConfiguration.md | 0 .../Install-Scanner.md | 0 .../New-CustomPermissions.md | 0 .../PurviewInformationProtection.md | 0 .../Remove-FileLabel.md | 0 .../Remove-ScannerContentScan.md | 0 .../Remove-ScannerRepository.md | 0 .../Set-Authentication.md | 0 .../Set-FileLabel.md | 0 .../Set-ScannerConfiguration.md | 0 .../Set-ScannerContentScan.md | 0 .../Set-ScannerDatabase.md | 0 .../Set-ScannerRepository.md | 0 .../Start-Scan.md | 0 .../Start-ScannerDiagnostics.md | 0 .../purviewinformationprotection/Stop-Scan.md | 0 .../Uninstall-Scanner.md | 0 .../Update-ScannerDatabase.md | 0 28 files changed, 21 insertions(+), 21 deletions(-) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Add-ScannerRepository.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Clear-Authentication.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Export-DebugLogs.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Get-FileStatus.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Get-ScanStatus.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Get-ScannerConfiguration.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Get-ScannerContentScan.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Get-ScannerRepository.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Import-ScannerConfiguration.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Install-Scanner.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/New-CustomPermissions.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/PurviewInformationProtection.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Remove-FileLabel.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Remove-ScannerContentScan.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Remove-ScannerRepository.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Set-Authentication.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Set-FileLabel.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Set-ScannerConfiguration.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Set-ScannerContentScan.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Set-ScannerDatabase.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Set-ScannerRepository.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Start-Scan.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Start-ScannerDiagnostics.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Stop-Scan.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Uninstall-Scanner.md (100%) rename informationprotection/{informationprotection-ps => purviewinformationprotection-ps}/purviewinformationprotection/Update-ScannerDatabase.md (100%) diff --git a/informationprotection/docfx.json b/informationprotection/docfx.json index 025b927d0f..ea2c8465b4 100644 --- a/informationprotection/docfx.json +++ b/informationprotection/docfx.json @@ -6,8 +6,8 @@ "**/*.md" ], "src": "docs-conceptual", - "version": "officewebapps-ps", - "dest": "officewebapps", + "version": "purviewinformationprotection-ps", + "dest": "purviewinformationprotection", "exclude": [ "**/obj/**", "**/includes/**", @@ -22,8 +22,8 @@ "toc.yml" ], "src": "docs-conceptual", - "version": "officewebapps-ps", - "dest": "officewebapps/officewebapps-ps" + "version": "purviewinformationprotection-ps", + "dest": "purviewinformationprotection/purviewinformationprotection-ps" }, { "files": [ @@ -32,17 +32,17 @@ "exclude": [ "toc.yml" ], - "src": "officewebapps-ps", - "version": "officewebapps-ps", + "src": "purviewinformationprotection-ps", + "version": "purviewinformationprotection-ps", "dest": "module" }, { "files": [ "toc.yml" ], - "src": "officewebapps-ps", - "version": "officewebapps-ps", - "dest": "module/officewebapps-ps" + "src": "purviewinformationprotection-ps", + "version": "purviewinformationprotection-ps", + "dest": "module/purviewinformationprotection-ps" } ], "resource": [ @@ -58,19 +58,19 @@ } ], "versions": { - "officewebapps-ps": { - "dest": "officewebapps-ps" + "purviewinformationprotection-ps": { + "dest": "purviewinformationprotection-ps" } }, "overwrite": [], "externalReference": [], "globalMetadata": { - "ms.service": "office-online-server-powershell", + "ms.service": "purview", "uhfHeaderId": "MSDocsHeader-Dev_Office", - "author": "serdarsoysal", - "ms.author": "mikeplum", + "author": "kccross", + "ms.author": "krowley", "manager": "laurawi", - "ms.date": "11/28/2017", + "ms.date": "04/10/2024", "ms.topic": "reference", "products": [ "https://authoring-docs-microsoft.poolparty.biz/devrel/e87e9701-158d-46fb-8165-fb54b7c45d88", @@ -82,6 +82,6 @@ }, "fileMetadata": {}, "template": [], - "dest": "officewebapps-ps" + "dest": "purviewinformationprotection-ps" } } \ No newline at end of file diff --git a/informationprotection/mapping/monikerMapping.json b/informationprotection/mapping/monikerMapping.json index 32d4b3af9f..39468d1567 100644 --- a/informationprotection/mapping/monikerMapping.json +++ b/informationprotection/mapping/monikerMapping.json @@ -1,11 +1,11 @@ { - "officewebapps-ps": { + "purviewinformationprotection-ps": { "conceptualToc": "docs-conceptual/toc.yml", - "conceptualTocUrl": "/powershell/informationprotection/informationprotection-ps/toc.json", - "referenceTocUrl": "/powershell/module/officewebapps-ps/toc.json", - "packageRoot": "officewebapps-ps", + "conceptualTocUrl": "/powershell/informationprotection/purviewinformationprotection-ps/toc.json", + "referenceTocUrl": "/powershell/module/purviewinformationprotection-ps/toc.json", + "packageRoot": "purviewinformationprotection-ps", "modules": { - "officewebapps": {} + "purviewinformationprotection": {} } } } \ No newline at end of file diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Add-ScannerRepository.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Clear-Authentication.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Clear-Authentication.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Clear-Authentication.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Clear-Authentication.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Export-DebugLogs.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Export-DebugLogs.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Export-DebugLogs.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Export-DebugLogs.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-FileStatus.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-FileStatus.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Get-FileStatus.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-FileStatus.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScanStatus.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScanStatus.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScanStatus.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScanStatus.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScannerConfiguration.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScannerContentScan.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Get-ScannerRepository.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Import-ScannerConfiguration.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Install-Scanner.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Install-Scanner.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Install-Scanner.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Install-Scanner.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/New-CustomPermissions.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/New-CustomPermissions.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/New-CustomPermissions.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/New-CustomPermissions.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/PurviewInformationProtection.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-FileLabel.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Remove-FileLabel.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Remove-FileLabel.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Remove-FileLabel.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Remove-ScannerContentScan.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Remove-ScannerRepository.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-Authentication.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-Authentication.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Set-Authentication.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-Authentication.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-FileLabel.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-FileLabel.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Set-FileLabel.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-FileLabel.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerConfiguration.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerContentScan.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerDatabase.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Set-ScannerRepository.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Start-Scan.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Start-Scan.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Start-Scan.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Start-Scan.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Start-ScannerDiagnostics.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Stop-Scan.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Stop-Scan.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Stop-Scan.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Stop-Scan.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Uninstall-Scanner.md diff --git a/informationprotection/informationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md b/informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md similarity index 100% rename from informationprotection/informationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md rename to informationprotection/purviewinformationprotection-ps/purviewinformationprotection/Update-ScannerDatabase.md