Welcome to the Dungeon (aka Your On-Premises Data)
Hey folks, Pure Awesomeness here (aka Chief Data Whisperer) – and yep, it’s been a whole five minutes since I dropped my last spicy blog on DSPM for Skynet… I mean, AI (definitely friendly, probably not self-aware… yet).
But let’s shift gears and talk about something that really sends a cold shiver down my spine…and no, not clowns or pineapple on pizza (if you have pineapple on your pizza, that’s a whole different conversation we need to have). I’m talking on-premises data.
Yes, that dark corner of your infrastructure you pretend doesn’t exist until an auditor shows up with a flashlight and a frown. And what magical tool are we summoning to tame the chaos? The tool that works harder than your VPN on a Monday morning: the Microsoft Purview On-Premises Scanner.
Let’s face it…your on-premises data is like that weird corner of the garage you haven’t cleaned in five years. It’s dark, dusty, and full of things you’re not entirely sure you should be legally storing.
Enter the Microsoft Purview On-Premises Scanner. It’s like sending in a data-sniffing sniffer dog, only this one doesn’t bark, doesn’t shed, and doesn’t pee on your firewalls.
What it does do is help you figure out what the heck is actually sitting in those old file shares and SharePoint 2013 servers (yes, we see you… still clinging to life like a Nokia 3310).
So… What Is This Magical Beast?
The Microsoft Purview On-Premises Scanner is the ultimate combo; stealthy (is this even a word?) like 007 and a neat freak like Marie Kondo on a caffeine high:
- It discovers all those forgotten files lying around in your dusty file servers
- It classifies them like a librarian on a double-shot espresso
- It labels and protects the stuff that actually matters (and not those “final_FINAL2_V3_use_this_one_really.docx” files).
This scanner doesn’t judge your messy storage habits but it will make them known to your compliance officer. So maybe start caring.
Benefits (Aka Why You’ll Look Like a Hero)
Here’s what happens when you unleash this bad boy:
- Single pane of glass: See what’s happening on-premises. It’s like night vision goggles for your data estate
- Compliance on autopilot: Get policies and labels out there faster than your coworker can say, “We’ll fix it in production”
- Data discovery without the meltdowns: Find those “accidentally public” spreadsheets with credit card numbers before the auditors do
- Proactive DLP: Say goodbye to “Oops, I emailed the entire HR folder to my personal Gmail” scenarios. (You know who you are)
Purview Scanner Prereqs (a.k.a. the “Don’t Even Think About Scanning Until This Stuff’s Sorted” List)
Before you start downloading things like a kid on Christmas morning, check off these must-haves:
Windows Server Requirements
- Needs to be Windows Server 2012 R2 or newer. If your server still runs on steam and prayers, it’s time to let it go
- Must be domain-joined. Scanners don’t do “lone wolf” mode
- Don’t even think about installing this on that old lab VM you named “DO_NOT_USE_TEST_FINAL_FINAL(1)”
Service Account Requirements
- Domain account only. Local accounts are the IT equivalent of flip-flops at a black-tie dinner
- Needs read access to your data. Without it, it just sits there looking cute and doing absolutely nothing
- No MFA. The scanner doesn’t have thumbs to approve your push notifications
- Use gMSA or give it a non-expiring password, because expired passwords mid-scan are the adult version of “the dog ate my homework”
SQL Server Requirements
- SQL Server version must be 2012 or later. If your SQL databases were born before Gangnam Style, it’s officially a relic
- Scanner needs to connect over the network, not tucked away behind 27 firewalls and a VPN that only connects on the second Tuesday of the month
- SYSADMIN rights…yes, full-blown, no-restrictions, top-shelf access. Because the scanner isn’t here to ask politely. It’s here to get stuff done
- Look, sysadmin is a non-negotiable must. But if you’re feeling rebellious and really can’t grant it, there’s a workaround… though it’s uglier than a Monday morning without coffee. More on that hot mess here Honestly, just grant sysadmin. Your future self will thank you
- Don’t install the scanner on the SQL server itself unless you enjoy living dangerously (or love performance bottlenecks for fun)
Information Protection Client Requirements
- You need the AIP unified labeling client installed on the scanner machine
- Not the legacy one. Not the beta. The real deal
- No client = no label scanning = lots of logs that say “¯\_(ツ)_/¯”
Entra Token
Yes, the scanner needs an Entra token to do its thing – no token, no scan, no bueno. Think of it like the VIP wristband at a festival: without it, you’re stuck outside listening to the bass from the carpark.
Set it up properly, make sure the right permissions are in place, and you’ll be scanning like a boss. Skip this bit, and you’ll be troubleshooting at 11pm wondering why life is hard.
Get the token sorted. Easy win.
Bottom Line
Get all this sorted and your scanner will hum like a Tesla on a full charge.
Skip a step, and you’ll be in log file limbo, wondering why your scans return a whole lot of nothing.
Setup: Like IKEA, But With Less Swearing (Hopefully)
Here’s the build-your-own-furniture guide to getting it running:
- Create a Scanner Cluster – Not a real cluster bomb. Just a cool name for grouping your scanner configs in Purview
- Configure Content Scan Jobs – Tell it where to look and what to sniff. (Like saying, “Go find all the spicy Excel files in \HR-Server\Secrets”)
- Install the Scanner – Slap it on your Windows Server, connect it to SQL, and give it a good pep talk
- Run the Scan – Start in ‘discovery’ mode (the peek-without-touching mode), then switch to ‘enforcement’ when you’re ready to slap some labels and show those files who’s boss…or just move the data to M365. If you’re going to do this, speak to me first
Final Thoughts: Why You Shouldn’t Ghost Your On-Premises data
Look, cloud is cool. We get it. But just because you’re vibing with SharePoint Online doesn’t mean you should ghost your on-premises data like a bad Tinder date. Those servers still have feelings and more importantly, sensitive information.
The Microsoft Purview On-Premises Scanner lets you embrace your hybrid chaos and actually do something about it. You’ll impress your CISO, win the respect of your compliance team, and maybe, just maybe, finally retire that Windows Server 2008 file server that’s been humming in the corner like a haunted fridge.
If you can scan it, you can label it. And if you can label it, you can sleep at night…Maybe.
Ready to wrestle your on-prem data into submission? Whether you need help setting up Microsoft Purview On-Premises Scanner or just want to make sure you’re not one audit away from chaos, we’ve got you covered.
Contact us today and let’s turn that “WTF is that file?” moment into “Wow, we’ve got this.”
Until next time…Pure Awesomeness signing off!
“You are never too old to set another goal or to dream a new dream.” – C.S. Lewis
