...
Log into your Microsoft Azure account using an administrator account.
Select Click Azure Active Directory.
Select Click Add and select App registration.
Enter a name for the app in the Name field.
Under Supported account types, select click Accounts in this organizational directory only ([company name] only- Single tenant).
Select click Register.
Under Manage, select click API Permissions.
Select Click Add a permission.
In the Request API Permissions panel, select click Azure Rights Management Services.
Select Click the Application permissions option.
Select the Content.DelegatedReader box.
Select the Content.DelegatedWriter box.
Select the Content.SuperUser box.
Select the Content.Writer box.
Select Click Add permissions.
You will be back on the API Permissions Page. Select Click Add a permission again.
Select Click APIs my organization uses.
In the search box, type “Microsoft Information Protection Sync Service” and select this option in the results list.
Select Click Application permissions.
Select the UnifiedPolicy.Tenant.Read box.
Select Click Add permissions.
SelectClick Grant admin consent for [company name]."
Select Click Yes when prompted to confirm you want to grant admin consent.
Select Click Certificates & secrets.
Select Click New client secret.
Enter a description in the Description field.
Select Click Add.
Copy the new Client Secret Value. It is needed for the extension configuration.
Select Click Overview.
Copy the Application (client) ID and the Directory (tenant) ID. Both are needed for the extension configuration.
...