Versions Compared

Version Old Version 4 New Version Current
Changes made by

Andrea Harvey

Andrea Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The MIP Classifier extensions extension allows you to extract your Microsoft Information Protection (MIP) security sensitivity labels and use the MIP entity type to create tracking group assignment rules for your policies. This requires you to register an application in your Microsoft Azure account to obtain the Application (Client) ID and Directory (Tenant) ID required to allow DryvIQ to access the security labels through the Microsoft Information Protection Sync Service.

Note

The Microsoft tenant user applied to the extension configuration must have sufficient rights to be able to read the labels.

Registering the App

  1. Log into your Microsoft Azure account using an administrator account.

  2. Click Azure Active Directory.

    Image RemovedImage Added

  3. Click Add and select App registration.

    Image RemovedImage Added

  4. Enter a name for the app in the Name field.

  5. Under Supported account types, click Accounts in this organizational directory only ([company name] only- Single tenant).

  6. click Register.

    Image RemovedImage Added

  7. Under Manage, click API Permissions.

  8. Click Add a permission.

    Image RemovedImage Added

  9. In the Request API Permissions panel, click Azure Rights Management Services.

    Image RemovedImage Added

  10. Click the Application permissions option.

  11. Select the Content.DelegatedReader box.

  12. Select the Content.DelegatedWriter box.

  13. Select the Content.SuperUser box.

  14. Select the Content.Writer box.

  15. Click Add permissions.

    Image RemovedImage Added

  16. You will be back on the API Permissions Page. Click Add a permission again.

  17. Click APIs my organization uses.

  18. In the search box, type “Microsoft Information Protection Sync Service” and select this option in the results list.

    Image RemovedImage Added

  19. Click Application permissions.

  20. Select the UnifiedPolicy.Tenant.Read box.

  21. Click Add permissions.

    Image RemovedImage Added

  22. Click Grant admin consent for [company name]​."

    Image RemovedImage Added

  23. Click Yes when prompted to confirm you want to grant admin consent.

    Image RemovedImage Added

  24. Click Certificates & secrets.

  25. Click New client secret.

  26. Enter a description in the Description field.

  27. Click Add.

    Image RemovedImage Added

  28. Copy the new Client Secret Value. It is needed for the extension configuration.

    Image RemovedImage Added

  29. Click Overview.

  30. Copy the Application (client) ID and the Directory (tenant) ID. Both are needed for the extension configuration.

    Image RemovedImage Added

Adding the Classifier Settings

  1. In DryvIQ, Click the Settings icon.

  2. Click Configure on the mip-classifier tile.

    Image RemovedImage Added

  3. Enter the Tenant ID, Client ID, and Client Secret for the registered app you created in the “Registering the App” section.
    If the information you enter is invalid, you will receive an error message indicating which information can’t be authorized and needs to be fixed.

    Image RemovedImage Added

  4. Click Done.

Info

If the MIP Classifier extension is not installed, you will need to must install it using the standard extension installation steps.

...