The MIP Classifier extensions allows you to extract your Microsoft Information Protection (MIP) security labels and use the MIP entity type to create tracking group assignment rules for your policies. This requires you to register an application in your Microsoft Azure account to obtain the Application (Client) ID and Directory (Tenant) ID required to allow DryvIQ to access the security labels through the Microsoft Information Protection Sync Service.
The Microsoft tenant user applied to the extension configuration must have sufficient rights to be able to read the labels.
Registering the App
Log into your Microsoft Azure account using an administrator account.
Select Azure Active Directory.
Select Add and select App registration.
Enter a name for the app in the Name field.
Under Supported account types, select Accounts in this organizational directory only ([company name] only- Single tenant).
Select Register.
Under Manage, select API Permissions.
Select Add a permission.
In the Request API Permissions panel, select Azure Rights Management Services.
Select the Application permissions option.
Select the Content.DelegatedReader box.
Select the Content.DelegatedWriter box.
Select the Content.SuperUser box.
Select the Content.Writer box.
Select Add permissions.
You will be back on the API Permissions Page. Select Add a permission again.
Select APIs my organization uses.
In the search box, type “Microsoft Information Protection Sync Service” and select this option in the results list.
Select Application permissions.
Select the UnifiedPolicy.Tenant.Read box.
Select Add permissions.
Select Grant admin consent for [company name]."
Select Yes when prompted to confirm you want to grant admin consent.
Select Certificates & secrets.
Select New client secret.
Enter a description in the Description field.
Select Add.
Copy the new Client Secret Value. It is needed for the extension configuration.
Select Overview.
Copy the Application (client) ID and the Directory (tenant) ID. Both are needed for the extension configuration.
Adding the Classifier Settings
In DryvIQ, Click the Settings icon.
Click Configure on the mip-classifier tile.
Enter the Tenant ID, Client ID, and Client Secret for the registered app you created in the “Registering the App” section.
If the information you enter invalid, you will receive an error message indicating which information can’t be authorized and needs to be fixed.Click Done.
If the MIP Classifier extension is not installed, you will need to install it using the standard extension installation steps.