Microsoft Purview Information Protection connection

NOTE: In this release of OpenText Core Data Discovery & Risk Insights, Microsoft Purview Information Protection is the supported file protection system from Microsoft. This file protection system type is referred to as "Microsoft data protection" in OpenText Core Data Discovery & Risk Insights.

OpenText Core Data Discovery & Risk Insights supports sensitivity labels whose scope defines their use on "items".

You can use your existing Microsoft Purview Information Protection sensitivity labels to apply file protection to supported documents managed by Data Discovery & Risk Insights file system datasets.

If you will be creating one or more Microsoft data protection file protection systems, you must complete additional tasks to enable this processing.

Microsoft data protection requirements

Connecting to Microsoft Purview Information Protection for file protection requires the following be in place prior to using file protection in OpenText Core Data Discovery & Risk Insights.

  • Appropriate Microsoft O365 licensing.

  • Sensitivity labels are created in Microsoft Purview Information Protection. In OpenText Core Data Discovery & Risk Insights, these labels are called "file protection rules".

    IMPORTANT: OpenText Core Data Discovery & Risk Insights supports sensitivity labels whose scope defines their use on "items".

  • An app registration in Azure Active Directory admin center for OpenText Core Data Discovery & Risk Insights. For more information, see Create an app registration for OpenText Core Data Discovery & Risk Insights.

  • At least one agent cluster configured in Connect for each Microsoft data protection system you will create. Multiple agent clusters can be assigned to a single system, but any given cluster may not be assigned to more than one system.

Create an app registration for OpenText Core Data Discovery & Risk Insights

To protect files with Microsoft Purview Information Protection, you must create an app registration for OpenText Core Data Discovery & Risk Insights in Azure Active Directory admin center.

  1. In Azure Active Directory admin center, use the following guidelines to create an app registration for OpenText Core Data Discovery & Risk Insights.

    • Define an application Name that is easily identifiable. For example, OpenText Core Data Discovery & Risk Insights data protection.

    • For Supported account type, select Accounts in any organizational directory only .

    • Do NOT define a Redirect URI.

    • Make note of the following details for your new app. You will need to enter this information when you create the protection system in OpenText Core Data Discovery & Risk Insights.

      • Display Name

      • Application (client) ID

      • Directory (tenant) ID

  2. In Azure Active Directory admin center, add API permissions for the newly created app.

    1. Add the following APIs and permissions.

      API Permission type Permission
      Azure Rights Management Services Delegated user_impersonation
        Application Content.DelegatedReader
        Application Content.DelegatedWriter
        Application Content.SuperUser
        Application Content.Writer
      Microsoft Information Protection Sync Service Delegated UnifiedPolicy.User.Read
        Application UnifiedPolicy.Tenant.Read

    2. For each of the added permissions, grant admin consent for the new app.

    3. For the Microsoft Graph (1) User.Read permission (added automatically with the app registration), grant admin consent for the new app.

  3. In Azure Active Directory admin center, add a client secret for the newly created app.

    Make note of the Secret ID and the secret value. The secret value is only presented immediately following creation; you will need to enter this value when you create the protection system in OpenText Core Data Discovery & Risk Insights.