MPIP Scanner / Content Scan Job - Error:Policy is missing

Question

I am trying to implement an on-prem file scanner using AIP or MPIP scanner. I have the service installed on our scanner server in the C directory and it's reporting in the console. I've created a content scan job with no enforcement basically just to scan a item discovery cycle with only 1 or 2 files in the repository as a test.

When I run the scan job, it never starts and my scanner node comes back with the message "Error: Policy is missing".

Any ideas on why this error is displaying?

Do I need to set my MPIP Scanner service account as a Domain Admin permissions?

Answer 1

@Chris Briand Thank you for reaching out to us, As I understand you are getting message stating "error: policy is missing" in the portal after you ran the scan job.

There's no a single reason or cause for this error, indeed, the reasons this issue may happen for many reasons such as:

• Missing the correct licensing.
• Missing AIP Service Principal API permissions.
• Network/SSL errors.
• Policies are not defined in SCC.
• Policy missing the AIP Scanner Service Principal as a member.
• AIP Scanner Service is disabled or not started.
• The scanner is unable to find your Microsoft Information Protection (MIP) policy file that should be under: %localappdata%\Microsoft\MSIP\mip\MSIP.Scanner.exe\mip\mip.policies.sqlite3

If all pre-reqs are in place, I would recommend to check with network part, make sure all required urls are allowed on the firewall - https://learn.microsoft.com/en-us/purview/deploy-scanner-prereqs?view=o365-worldwide#windows-server-requirements:~:text=%2D%20Network%20connectivity

Reference: https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/information-protection-scanner/resolve-deployment-issues?view=o365-worldwide#policy-missing

Let me know if the above information helps to isolate this issue or not, feel free to post back.