MIP Step 1: Profile 1 ( Authorizing Symantec Data Loss Prevention on the Microsoft Azure portal )

Products

Data Loss Prevention Data Loss Prevention API Detection for Developer Apps Virtual Appliance Data Loss Prevention API Detection Virtual Appliance Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Discovery/Connector Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Storage Data Loss Prevention Core Package Data Loss Prevention Data Access Governance Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention for Mobile Data Loss Prevention for Office 365 Email and Gmail with Email Safeguard Data Loss Prevention Form Recognition Data Loss Prevention Network Discover Data Loss Prevention Network Email Data Loss Prevention Network Monitor Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Email Virtual Appliance Data Loss Prevention Network Prevent for Web Virtual Appliance Data Loss Prevention Network Protect Data Loss Prevention Network Web Data Loss Prevention Oracle Standard Edition 2 Data Loss Prevention Plus Suite Data Loss Prevention Sensitive Image Recognition

Issue/Introduction

This section reviews the process of creating your profile to allow the DLP Enforce Console to download the MIP labels from Microsoft:

DLP 16.0 MIP Implementation: https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/16-0/Manage-the-Enforce-Server/adding-a-new-product-module/Working-with-Microsoft-Information-Protection/Overview-of-configuring-MIP-Insight-for-Symantec-Data-Loss-Prevention.html

Resolution

You must register an application on the Microsoft Azure portal before you can connect Symantec Data Loss Prevention to the MIP service.

1. Log on to http://portal.azure.com/ with administrator privileges.
2. Navigate to - Azure Active Directory > App Registrations > New Registration
3. Provide a display name for the new application.
4. Under Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant)
5. Leave the Redirect URI field empty
6. Click Register
7. After the application is registered, go to the applications page and select Authentication in the navigation pane.
8. Click Add a platform, and select add Windows and macOS as supported platforms
9. In the Bundle ID field for iOS/macOS:
10. Enter com.microsoft.DLPMacApp. The Azure portal then uses this information to generate a Redirect URI.
11. In the Redirect URI field for Mobile and desktop applications (for Windows), enter https://login.microsoftonline.com/common/oauth2/nativeclie
12. You can simply check the box next to: https://login.microsoftonline.com/common/oauth2/nativeclient
13. In the navigation pane, select API permissions and click Add a permission
14. Select Azure Rights Management Services from the Microsoft APIs tab.
15. Choose the Delegated Permissions scope
16. Select the user_impersonation permission and click Add a permission.
17. On the API permissions page, click Add a permission
18. Select Microsoft Information Protection Sync Service from the APIs my organization uses tab.
19. Choose the Application Permissions scope.
20. Select the UnifiedPolicy.Tenant.Read permission and click the Add permissions button.
21. Click Grant Admin Consent and then click Yes.
22. In the navigation pane, select Certificates & secrets.
23. Under Client secrets, click New client secret.
24. Add a description
25. Choose a validity period and click Add.
26. Save a copy of the client secret immediately as it is not visible later. You use this client secret later to configure MIP credential profiles that Symantec Data Loss Prevention uses to authenticate with the MIP service.
27. In the navigation pane, select Overview, and copy the Application (client) ID and Directory (tenant) ID values. You use these details later to configure MIP credential profiles that Symantec Data Loss Prevention uses to authenticate with the MIP service.