How we can monitor label failures in Microsoft Azure information protection using Microsoft Purview tool

Kandasamy, Thangamani 0 Reputation points
2024-02-29T16:11:48.88+00:00

We are monitoring label level changes for our customer and we wanted to know is it possible to monitor label failures as well.

Apologies for not providing much details. Please help us to find out a way to monitor label level failures if its possible.

I referred below public document and it says to enable registry keys at the endpoint to enable the event logs for labels. But it doesn't work since we are using a deprecated version 2.11.58

https://video2.skills-academy.com/en-us/azure/information-protection/rms-client/clientv2-admin-guide-files-and-logging#scanner-side-usage-logging

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
528 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,641 Reputation points Microsoft Employee
    2024-03-01T08:06:26.1366667+00:00

    @Kandasamy, Thangamani

    From above description I could understand that you are looking to monitor label failures on your clients.

    Please do correct me if this is not the ask by responding in the comments.

    You may try following: Logging and analyzing the protection usage from Azure Information Protection,

    To download your usage logs by using PowerShell:

    Start Windows PowerShell with the Run as administrator option and use the Connect-AipService cmdlet to connect to Azure Information Protection:

    PowerShell

    1. Connect-AipService

    Run the following command to download the logs for a specific date:

    PowerShell

    1. Get-AipServiceUserLog -Path`` <location>`` -fordate`` <date>

    For example, after creating a folder called Logs on your E: drive:

    To download logs for a specific date (such as 2/1/2016), run the following command: Get-AipServiceUserLog -Path E:\Logs -fordate 2/1/2016

      To download logs for a date range (such as from 2/1/2016 through 2/14/2016), run the following command: `Get-AipServiceUserLog -Path E:\Logs -fromdate 2/1/2016 –todate 2/14/2016`

    When you specify the day only, as in our examples, the time is assumed to be 00:00:00 in your local time, and then converted to UTC. When you specify a time with your -fromdate or -todate parameters (for example, -fordate "2/1/2016 15:00:00"), that date and time is converted to UTC. The Get-AipServiceUserLog command then gets the logs for that UTC time period.

    You cannot specify less than a whole day to download.

    By default, this cmdlet uses three threads to download the logs. If you have sufficient network bandwidth and want to decrease the time required to download the logs, use the -NumberOfThreads parameter, which supports a value from 1 through 32. For example, if you run the following command, the cmdlet spawns 10 threads to download the logs: Get-AipServiceUserLog -Path E:\Logs -fromdate 2/1/2016 –todate 2/14/2016 -numberofthreads 10

    Follow How to interpret your usage logs to read the logs and get inputs you are looking for. However the ultimate suggestion would be to use latest version of AIP and AIP client.

    Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik