MPIP Step 1: Profile 1 ( Authorizing Symantec Data Loss Prevention on the Microsoft Azure portal )
search cancel

MPIP Step 1: Profile 1 ( Authorizing Symantec Data Loss Prevention on the Microsoft Azure portal )

book

Article ID: 275821

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention API Detection for Developer Apps Virtual Appliance Data Loss Prevention API Detection Virtual Appliance Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Discovery/Connector Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Storage Data Loss Prevention Core Package Data Loss Prevention Data Access Governance Data Loss Prevention Discover Suite Data Loss Prevention Endpoint Discover Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention for Mobile Data Loss Prevention for Office 365 Email and Gmail with Email Safeguard Data Loss Prevention Form Recognition Data Loss Prevention Network Discover Data Loss Prevention Network Email Data Loss Prevention Network Monitor Data Loss Prevention Network Monitor and Prevent for Email Data Loss Prevention Network Monitor and Prevent for Email and Web Data Loss Prevention Network Monitor and Prevent for Web Data Loss Prevention Network Prevent for Email Data Loss Prevention Network Prevent for Email Virtual Appliance Data Loss Prevention Network Prevent for Web Virtual Appliance Data Loss Prevention Network Protect Data Loss Prevention Network Web Data Loss Prevention Oracle Standard Edition 2 Data Loss Prevention Plus Suite Data Loss Prevention Sensitive Image Recognition

Issue/Introduction

This section reviews the process of creating your profile to allow the DLP Enforce Console to download the MPIP labels from Microsoft: 

DLP 16.0 MIP Implementation: Authorizing Symantec Data Loss Prevention on the Microsoft Azure portal

DLP 25.1 MPIP Implementation: Authorize Symantec Data Loss Prevention on the Microsoft Azure Portal

Resolution

You must register an application on the Microsoft Azure portal before you can connect Symantec Data Loss Prevention to the MPIP service.

    1. Log on to http://portal.azure.com/ with administrator privileges - Open the Menu and select "Entra"                                                                                                                                   
    2. Navigate to Microsoft Entra > Add App Registration                                                                               
    3. Select "New Registration" and provide a display name for the new application.                                                                                                                                                                    
    4. Under Supported account types, select one of the following options ( In this example we will be choosing Multitenant ):
      • Accounts in this organizational directory only (DirectoryName only - Single tenant), where DirectoryName indicates the name of your Microsoft Entra directory.
      • Accounts in any organizational directory (Any Microsoft Entra directory - Multitenant)
    5. Leave the Redirect URI field empty
    6. Click Register                                                                                                                                      
    7. After the application is registered, go to the applications page and select Authentication in the navigation pane.
    8.  Click Add a platform, and select add Windows and macOS as supported platforms                                            
    9. In the Bundle ID field for iOS/macOS:                                                                                                                                                                    
    10. Enter com.microsoft.DLPMacApp. The Azure portal then uses this information to generate a Redirect URI.                                                      
    11. In the Redirect URI field for Mobile and desktop applications (for Windows), enter https://login.microsoftonline.com/common/oauth2/nativeclie
    12. You can simply check the box next to: https://login.microsoftonline.com/common/oauth2/nativeclient
    13.  In the navigation pane, select API permissions and click Add a permission                                                                                    
    14. Select Azure Rights Management Services from the Microsoft APIs tab.
    15. Choose the Delegated Permissions scope                                                                                                                              
    16. Select the user_impersonation permission and click Add a permission.
    17. On the API permissions page, click Add a permission                                                                         
    18.  Select Microsoft Information Protection Sync Service from the APIs my organization uses tab.                                      
    19. Choose the Application Permissions scope.                                                                                                
    20.  Select the UnifiedPolicy.Tenant.Read permission and click the Add permissions button.
    21.   Click Grant Admin Consent and then click Yes.                                                                              
    22.   In the navigation pane, select Certificates & secrets.                                                                      
    23. Under Client secrets, click New client secret.
    24. Add a description                                                                                                                                                                                                                      
    25. Choose a validity period and click Add.
    26. Save a copy of the client secret immediately as it is not visible later. You use this client secret later to configure MPIP credential profiles that Symantec Data Loss Prevention uses to authenticate with the MPIP service.
    27. In the navigation pane, select Overview, and copy the Application (client) ID and Directory (tenant) ID values. You use these details later to configure MPIP credential profiles that Symantec Data Loss Prevention uses to authenticate with the MPIP service.                                                                                                                                                                                                                                          

Additional Information

Return to Getting started with a DLP / MPIP Integration

For additional guides please see the "Getting Started with Data Loss Prevention"

To provide feedback please click on the "Feedback" link or send an email to "[email protected]"

Powered by Wolken Software