The following guide describes the necessary steps to create an application in your Azure Active Directory and use it to access Microsoft Information Protection service by SDK.
Authentication against the Azure AD tenant requires creating a native application registration. The client ID created in this step is used in a later step to generate an OAuth2 token.
- Go to https://portal.azure.com and log in as a global admin.
Your tenant may permit standard users to register applications. If you aren't a global admin, you can attempt these steps, but may need to work with a tenant administrator to have an application registered or be granted access to register applications.
- Click Azure Active Directory, then App Registrations in the menu blade.
- Click View all applications
- Click New Applications Registration
- For name, enter MipSdk-Sample-Apps
- Set Application Type to Native
- For Redirect URI, enter mipsdk-auth-sample://authorize
Note: This can be anything you'd like, but should be unique in the tenant.
- Click Create
The Registered app blade should now be displayed.
Extract the Application ID
from the apps overview page. You will need it later.
Now add MIP permissions to you application:
- Click Settings
- Click Required Permissions
- Click Add
- Click Select an API
- Select Microsoft Rights Management Services and click Select
- Under Select Permissions select Create and access protected content for users
- Click Select then Done
- Click Add
- Click Select an API
- In the search box, type Microsoft Information Protection Sync Service then select the service and click Select
- Under Select Permissions select Read all unified policies a user has access to.
- Click Select then Done
- In the Required Permissions blade, click Grant Permissions and confirm.
Now generate a client secret for you app:
- Click Settings
- Click Keys
- Fill a Password
- Click Save
- Copy the Value after save. You will need it later.
- Go to https://aka.ms/MIPSDKBinaries and download the SDK for your respecive platform
- Inside the download ZIP unpack the file_sdk zip.
- Go to file folder for you HW platform, e.g.
mip_sdk_file_macos_1.0.49/bins/release/x86_64
.
- First you have to get a token from AAD. Here you will need your AAD tenant/directory, e.g.
company.onmicrosoft.com
and application ID and client secret as noted above.
- The response Json document contains the OAuth2
access_token
. - Run now
file_sample
, e.g../file_sample --username [email protected] --rights READ,VIEW --protect [email protected] --file UnProtected.docx --clientid YOUR_AAD_APPLICATION_ID --protectiontoken YOUR_ACCESS_TOKEN
.
In this case the response should contain something like:
New file created: UnProtected_modified.docx
Now open the file either with office or in case of PDF or image file with AIP viewer as user [email protected]
.