MPIP Classifier

Learn how to configure the MPIP extension for use in your DryvIQ Platform.

On This Page

Overview Registering the App Adding the Classifier Settings

Overview

The MPIP Classifier extension allows DryvIQ to extract your Microsoft Purview Information Protection (MPIP) sensitivity labels. This requires you to register an application in your Microsoft Azure account to obtain the Application (Client) ID and Directory (Tenant) ID required to allow DryvIQ to access the security labels through the Microsoft Information Protection Sync Service.

Access Level Requirements

The Microsoft tenant user applied to the extension configuration must have sufficient rights to read the labels.

 

Signed Files

Microsoft does not support adding labels to signed files. 

 

Registering the App

  1. Log in to your Microsoft Azure account using an administrator account.
  2. Click Microsoft Entra ID.


     
  3. Click Add and select App registration.


     
  4. Enter a name for the app in the Name field.
  5. Under Supported account types, select Accounts in this organizational directory only ([company name] only- Single tenant).
  6. Click Register.


     
  7. Under Manage, click API Permissions.
  8. Click Add a permission.


     
  9. In the Request API Permissions panel, click Azure Rights Management Services.


     
  10. Click the Application permissions option.
  11. Under Content, select the following permissions:
    1. Content.DelegatedReader
    2. Content.DelegatedWriter
    3. Content.SuperUser
    4. Content.Writer.
  12. Click Add permissions.


     
  13. You will be back on the API Permissions Page. Click Add a permission again.
  14. Click APIs my organization uses.
  15. In the search box, type “Microsoft Information Protection Sync Service” and select this option in the results list.


     
  16. Click Application permissions.
  17. Select the UnifiedPolicy.Tenant.Read box.
  18. Click Add permissions.


     
  19. Click Grant admin consent for [company name]​.


     
  20. Click Yes when prompted to confirm you want to grant admin consent.


     
  21. Click Certificates & secrets.
  22. Click New client secret.
  23. Enter a description in the Description field.
  24. Click Add.


     
  25. Copy the new Client Secret Value and save it somewhere readily accessible. You will need it to configure the extension.


     
  26. Click Overview.
  27. Copy the Application (client) ID and the Directory (tenant) ID. Both are needed for the extension configuration.

Adding the Classifier Settings

The Microsoft MPIP configuration must be included in the Hub YAML file during the installation process. This allows DryvIQ to pull the labels. Contact your Consulting Services representative or DryvIQ Support for assistance. 

 

 

 

 

Related Articles

Understanding DryvIQ Actions
Creating an Action Set
Deploying Extensions to the DryvIQ Platform
Adding a Content Scan