Configuring an Azure App Registration – Implementing Microsoft Purview data loss prevention (DLP)

The AIP scanner application requires an Azure app registration in order to obtain a token from Azure for interacting with the Azure Information Protection service endpoint. To configure this registration, you’ll need to follow these steps:

  1. Navigate to the Azure portal (https://portal.azure.com). Select Azure Active Directory (or Microsoft Entra ID) and then click App registrations.
  2. Select New registration.
  3. Enter a name, such as AIPScanner.
  4. Under Redirect URI, select the platform as Web and enter http://localhost in the text box. See Figure 11.15:

Figure 11.15 – Configuring an app registration

  1. On the app’s Overview page, copy the Application (client) ID and Directory (tenant) ID values to a temporary storage location.
  2. Select Clients & secrets.
  3. Click New client secret.
  4. On the Add a client secret flyout, add a description and set an Expires date value of at least a year. Click Add.
  5. After the secret has been created, copy the Secret ID value to the temporary storage location containing the App ID and Directory ID values. These values will be used in the next section.
  6. On the API permissions page, select Add a permission.
  7. On the Request API permissions flyout, select the Microsoft APIstab. Select Azure Rights Management Services. See Figure 11.16:

Figure 11.16 – Adding permissions on the Request API permissions flyout

  1. Select Application permissions.
  2. Expand the dropdown for Content. Select the Content.DelegatedReader and Content. DelegatedWriter checkboxes. Click Add permissions.
  3. Under Manage, select API permissions and then select Add a permission.
  4. On the Request API permissions flyout, select the APIs my organization uses tab.
  5. Locate the Microsoft Information Protection Sync Serviceentry and select it. See Figure 11.17:

Figure 11.17 – Choosing the Microsoft Information Protection Sync Service API

  1. Select Application permissions.
  2. Select the checkbox for the UnifiedPolicy.Tenant.Read permission. Select Add permissions.
  3. On the API permissions page, click Grant admin consent for . See Figure 11.18:

Figure 11.18 – Granting admin consent

  1. Click Yes to confirm.

With your app registration and client secret details in hand, it’s time to install and configure the actual AIP scanner.

Leave a Reply

Your email address will not be published. Required fields are marked *