Registering an Azure App

Steps

  1. Log in to Azure Portal.
  2. If there are multiple tenants to choose from, use the Settings icon in the top menu to switch to the tenant which needs to be registered to the application from the Directories + subscriptions menu.
  3. Browse to App Registration and select New registration.

  4. On the App Registration page enter the below information and click the Register button.
    • Name: (Enter a meaningful application name that will be displayed to users of the app.)
    • Supported account types:
      • Select which accounts that the application will support. The options should be similar to the below screenshot.
      • Accounts in this organizational directory only can be selected.

      • Leave the Redirect URI as empty and click Register.

  5. Note the Application (client) ID, Directory (tenant) ID values.
  6. Navigate to Manage > Certificates & secrets on the left menu, to create a new client secret.
  7. Provide a meaningful description and expiry to the secret and click on Add.
  8. Once a client secret is created, note its Value and store it somewhere safe.

    Note: This value cannot be viewed once this page is closed.
  9. Navigate to Manage > API permissions on the left menu and Add a permission.
  10. Select Microsoft APIs > Microsoft Graph.
  11. Select Application permissions.
  12. For UnifiedPolicy.Tenant.Read, navigate to Manage > API permissions on the left menu and Add a permission.
  13. Select APIs my organization uses tab.
  14. Search for Microsoft Information Protection Sync Service.
  15. Select Application permissions > UnifiedPolicy.Tenant.Read.
  16. For InformationProtectionPolicy.Read.All, navigate to Manage > API permissions on the left menu, and Add a permission.
  17. Select APIs my organization uses tab
  18. Search for Microsoft Information Protection API
  19. Select Application permissions > InformationProtectionPolicy.Read.All
  20. For Azure Rights Management Services > Content.Writer: Navigate to Manage > API permissions on the left menu, and Add a permission.
  21. Select Azure Rights Management Services tab:
  22. Select Application permissions:
  23. Select Content > Content.Writer.
  24. Permissions required
    For Scanning:
    • Microsoft Graph > Application permissions > Sites > Sites.Read.All
    For reading Sensitivity labels
    • Microsoft Graph > Application permissions > InformationProtectionPolicy > InformationProtectionPolicy.Read.All
    • APIs my organization uses > Microsoft Information Protection Sync Service > Application permissions > UnifiedPolicy.Tenant.Read.
    For revoke permissions
    • Microsoft Graph > Application permissions > Files > Files.ReadWrite.All
    For tagging
    • Microsoft Graph > Application permissions > Sites > Sites.Manage.All
    For MIP tagging
    • Azure Rights Management Services > Application permissions > Content.Writer
    • Microsoft Graph > Application permissions > Directory > Directory.Read.All
    • Microsoft Graph > Application permissions > Sites > Sites.Manage.All
    • Microsoft Graph > Application permissions > InformationProtectionPolicy > InformationProtectionPolicy.Read.All
    • APIs my organization uses > Microsoft Information Protection API > Application permissions > InformationProtectionPolicy.Read.All
  25. Once all the required permissions are added, click Grant admin consent.