Versions Compared

Version Old Version 14 New Version Current
Changes made by

Andrea Harvey

Andrea Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The MIP Classifier extensions allows you to extract your Microsoft Information Protection (MIP) security labels and use them to create an entity type in SkySyncthe MIP entity type to create tracking group assignment rules for your policies. This requires you to register an application in your Microsoft Azure account to obtain the Application (Client) ID and Directory (Tenant) ID required to allow SkySync DryvIQ to access the security labels through the Microsoft Information Protection Sync Service.

...

  1. Log into your Microsoft Azure account using an administrator account.

  2. Select Azure Active Directory.

    Image RemovedImage Added

  3. Select Add and select App registration.

    Image RemovedImage Added

  4. Enter a name for the app in the Name field.

  5. Under Supported account types, select Accounts in this organizational directory only ([company name] only- Single tenant).

  6. Select Register.

    Image Removed

  7. Under Mange , select Authentication.

  8. Set the Enable the following mobile and desktop flows option at the bottom of the page to Yes.

  9. Select Save at the top of the page.

    Image RemovedImage Added

  10. Under Manage, select API Permissions.

  11. Select Add a permission.

    Image RemovedImage Added

  12. In the Request API Permissions panel, select Azure Rights Management Services.

    Image RemovedImage Added

  13. Select the Delegated Application permissions option.

  14. Select the user_impersonation Content.DelegatedReader box.

  15. Select the Content.DelegatedWriter box.

  16. Select the Content.SuperUser box.

  17. Select the Content.Writer box.

  18. Select Add permissions.

    Image RemovedImage Added

  19. You will be back on the API Permissions Page. Select Add a permission again.

  20. Select APIs my organization uses.

  21. In the search box, type “Microsoft Information Protection Sync Service” and select this option in the results list.

    Image RemovedImage Added

  22. Select Delegated Application permissions.

  23. Select the UnifiedPolicy.UserTenant.Read box.

  24. Select Add permissions.

    Image RemovedImage Added

  25. Select Grant admin consent for [company name]​."

    Image RemovedImage Added

  26. Select Yes when prompted to confirm you want to grant admin consent.

    Image Removed

    .

    Image Added

  27. Select Certificates & secrets.

  28. Select New client secret.

  29. Enter a description in the Description field.

  30. Select Add.

    Image Added

  31. Copy the new Client Secret Value. It is needed for the extension configuration.

    Image Added

  32. Select Overview.

  33. Copy the Application (client) ID and the Directory (tenant) ID. Both are needed for the extension configuration.

    Image RemovedImage Added

Adding the Classifier Settings

  1. In SkySyncDryvIQ, select the Setting icon (gear) in the top-right side of the menu bar.

    Image RemovedImage Added

  2. Select the ellipses (…) on the mip-classifier tile and select Configure.

    Image RemovedImage Added

  3. Enter the Tenant ID, Client ID, and Tenant ID Client Secret for the registered app you created in the “Registering the App” section.

    Image Removed

    Enter the Username and Password for the account that needs to be used to access the Microsoft security labels. This Microsoft tenant user must have sufficient rights to be able to read the labels.If the information you enter invalid, you will receive an error message indicating which information can’t be authorized and needs to be fixed.

    Image Added

  4. Select Done.

Info

If the MIP Classifier extension is not installed, you will need to install it using the standard extension installation steps.