MIP Step 1: Profile 1 ( Authorizing Symantec Data Loss Prevention on the Microsoft Azure portal )
book
Article ID: 275821
calendar_today
Updated On:
Products
Data Loss PreventionData Loss Prevention API Detection for Developer Apps Virtual ApplianceData Loss Prevention API Detection Virtual ApplianceData Loss Prevention Cloud Detection ServiceData Loss Prevention Cloud Detection Service for ICAPData Loss Prevention Cloud Detection Service for RESTData Loss Prevention Cloud PackageData Loss Prevention Cloud Prevent for Microsoft Office 365Data Loss Prevention Cloud Service for Discovery/ConnectorData Loss Prevention Cloud Service for EmailData Loss Prevention Cloud StorageData Loss Prevention Core PackageData Loss Prevention Data Access GovernanceData Loss Prevention Discover SuiteData Loss Prevention Endpoint DiscoverData Loss Prevention Endpoint PreventData Loss Prevention Endpoint SuiteData Loss Prevention EnforceData Loss Prevention Enterprise SuiteData Loss Prevention for MobileData Loss Prevention for Office 365 Email and Gmail with Email SafeguardData Loss Prevention Form RecognitionData Loss Prevention Network DiscoverData Loss Prevention Network EmailData Loss Prevention Network MonitorData Loss Prevention Network Monitor and Prevent for EmailData Loss Prevention Network Monitor and Prevent for Email and WebData Loss Prevention Network Monitor and Prevent for WebData Loss Prevention Network Prevent for EmailData Loss Prevention Network Prevent for Email Virtual ApplianceData Loss Prevention Network Prevent for Web Virtual ApplianceData Loss Prevention Network ProtectData Loss Prevention Network WebData Loss Prevention Oracle Standard Edition 2Data Loss Prevention Plus SuiteData Loss Prevention Sensitive Image Recognition
Issue/Introduction
This section reviews the process of creating your profile to allow the DLP Enforce Console to download the MIP labels from Microsoft:
In the navigation pane, select API permissions and click Add a permission
Select Azure Rights Management Services from the Microsoft APIs tab.
Choose the Delegated Permissions scope
Select the user_impersonation permission and click Add a permission.
On the API permissions page, click Add a permission
Select Microsoft Information Protection Sync Service from the APIs my organization uses tab.
Choose the Application Permissions scope.
Select the UnifiedPolicy.Tenant.Read permission and click the Add permissions button.
Click Grant Admin Consent and then click Yes.
In the navigation pane, select Certificates & secrets.
Under Client secrets, click New client secret.
Add a description
Choose a validity period and click Add.
Save a copy of the client secret immediately as it is not visible later. You use this client secret later to configure MIP credential profiles that Symantec Data Loss Prevention uses to authenticate with the MIP service.
In the navigation pane, select Overview, and copy the Application (client) ID and Directory (tenant) ID values. You use these details later to configure MIP credential profiles that Symantec Data Loss Prevention uses to authenticate with the MIP service.