I'm currently trying to implement a AIP on-premises scanner for a local folder.
Here are the documentation/tutorial I followed:
I've fulfilled all the requirements for the scanner but my problem comes when I try to install the scanner.
$pscreds = Get-Credential xxxxx.onmicrosoft.com\hlaliberte -Message ScannerAccount
Install-AIPScanner -SqlServerInstance aipscanner\sqlexpress -Profile TESTCLUSTER -ServiceUserCredentials $pscreds
But I always get this error: Install-AIPScanner : Some or all identity references could not be translated.
I also tried getting the Azure AD token for the scanner using :
Set-AIPAuthentication -AppId "myAppId" -AppSecret "mySecret" -DelegatedUser "[email protected]" -TenantId "myTenantId" -OnBehalfOf $pscreds
But it failed with the error: Set-AIPAuthentication : Unable to authenticate and setup Microsoft Azure Information Protection
I think I don't provide the right credentials to the Get-Credential command. When I read the Documentation it says to register the user like so: "<Domain>\<user name>".Is the primary domain the domain itself? so it would look something like this: "xxxxx.onmicrosoft.com\hlaliberte" with my azure AD password of that account. Or is it something else?
You don't need to include credentials on the Install-AIPScanner step if you're signed in with a local admin. The credentials that you do provide must be domain or local machine creds that have rights to install the scanner on that machine.
The account you set in the Set-AIPAuthentication cmdlet should also be a domain or local account that will be used to run the scanner.
Is this machine AAD joined only?