Registering an Azure App

Before you can configure the connector for Azure AD to set up data scan, you must set up the application with appropriate permissions.

1. Log in to Azure Portal.
2. On the Home page select App registrations.
   
3. On the App Registration page enter the below information and click the Register button.
   • Name: (Enter a meaningful application name that will be displayed to users of the app.)
   • Supported account types: Select the option Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
   • Redirect URI (Optional): This field need not be filled.
   
4. Note the Application (client) ID, Directory (tenant) ID values. Next, click Add a certificate or secret next to the field Client credentials.
   
5. This opens the Certificates & secrets page under section Manage > Certficates & secrets. On this page, click New client secret.
   
6. Provide a meaningful description and expiry to the secret and click on Add.
   
7. Once a client secret is created, note its Value and store it somewhere safe. This value cannot be viewed once this page is closed.
   
8. Navigate to Manage > API permissions on the left menu, and Add a permission. You must add all the permissions as listed below.
   
   For Scanning:

   • Microsoft Graph > Application permissions > Sites > Sites.Read.All

   For reading Sensitivity labels

   • Microsoft Graph > Application permissions > InformationProtectionPolicy > InformationProtectionPolicy.Read.All
   • APIs my organization uses > Microsoft Information Protection Sync Service > Application permissions > UnifiedPolicy.Tenant.Read.
   For revoke permissions

   • Microsoft Graph > Application permissions > Files > Files.ReadWrite.All

   For tagging

   • Microsoft Graph > Application permissions > Sites > Sites.Manage.All

   For MIP tagging

   • Azure Rights Management Services > Application permissions > Content.Writer
   • Microsoft Graph > Application permissions > Directory > Directory.Read.All
   • Microsoft Graph > Application permissions > Sites > Sites.Manage.All
   • Microsoft Graph > Application permissions > InformationProtectionPolicy > InformationProtectionPolicy.Read.All
   • APIs my organization uses > Microsoft Information Protection API > Application permissions > InformationProtectionPolicy.Read.All
9. Select Microsoft APIs > Microsoft Graph.
   
10. Next select Application permissions.
    
11. Search and add the following permissions under
    
12. 
    
    
13. 
    
    
14. 
    
    
15. Finally, all of the following permissions should be added and granted the