Versions Compared

Old Version 7

changes.mady.by.user Daniel Boteanu

Saved on

compared with

New Version 8

changes.mady.by.user Daniel Boteanu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1

Browse to the Microsoft Azure portal at https://portal.azure.com/ and login with an Azure AD administrative user account.

2

Select the Microsoft Entra ID service, or browse to https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview

3

Select the App registrations tab.

4

Click New registration.

5

Provide the name Rampiva Automate.

6

Select the supported account types Accounts in this organization directory only.

7

Configure the Redirect URI to the type Web, with the value http://localhost/api/v1/users/oidcResponse

Note

This Redirect URI configuration will logging in with Microsoft accounts when browsing to Rampiva Automate from the local server.

If Rampiva Automate is configured to be accessible using a public domain name (for example https://rampiva-automate-globexinc.azurewebsites.net), update the Redirect URI configuration to reflect this, for example: https://rampiva-automate-globexinc.azurewebsites.net/api/v1/users/oidcResponse

8

Click Register.

9

After the application is created, take note of the Application (client) ID, and the Directory (tenant) ID.

Info

These values are required when configuring the Microsoft service in Rampiva Automate.

10

Select the Certificates & secrets tab.

11

Click New client secret.

12

Name the secret Rampiva Automate.

13

Click Add.

14

Copy the secret value and take note of it.

Info

This value is required when configuring the Microsoft service in Rampiva Automate.

15

Select the API permissions tab.

16

Select Add a permissionMicrosoft APIsMicrosoft Graph:

  • Delegated permissions

    • eDiscovery.ReadWrite.All

    • Directory.Read.All

    • Sites.Read.All

  • Application permissions

    • Directory.Read.All

    • Sites.Read.All

Info

The Application Sites.Read.All permission is optional. If this permission is not granted, then Rampiva will attempt to list the SharePoint sites in the organizations with the Delegated permission of a user logged in to the Purview Third-Party Service.

17

Grant admin consent for the permissions.

18

Confirm that admin consent was granted.

...

1

The Purview Download Permissions are required to download data exported to Microsoft Purview.

Info

If you do not intend to use download data from Microsoft Purview from a Rampiva Job, or if you intend to use the deprecated Microsoft getDownloadUrl method (see https://learn.microsoft.com/en-us/graph/api/security-ediscoveryexportoperation-getdownloadurl?view=graph-rest-beta&tabs=http), then this section can be skipped.

2

Connect to Azure AD from PowerShell, with permissions to read/write application settings.

Code Block
languagepowershell
Connect-Graph -Scopes "Application.ReadWrite.All"
3

Log in to Azure AD.

4

Create a new service principal for the Microsoft Purview eDiscovery app.

Note

The exact app id b26e684c-5068-4120-a679-64a5d2c909d9 must be used. This corresponds to the MicrosoftPurviewEDiscovery app, and is referenced at https://learn.microsoft.com/en-us/purview/ediscovery-premium-get-started#step-4-verify-that-required-ediscovery-apps-are-enabled.

Code Block
languagepowershell
New-MgServicePrincipal -AppId b26e684c-5068-4120-a679-64a5d2c909d9
5

Confirm that the service principal was created successfully.

6

In the Microsoft Azure portal, open the Microsoft Entra ID service, or browse to https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview

7

Open the previously configured App registration.

8

Select the API permissions tab.

9

Select Add a permissionAPIs my organization uses MicrosoftPurviewEDiscovery:

  • Delegated permissions

    • eDiscovery.Download.Read

10

Grant admin consent for the permissions.

11

Confirm that admin consent was granted.

...

1

Browse to Rampiva Automate.

2

Select the Settings tab.

3

Select the Authentication Services tab.

4

Click Add+ Microsoft Authentication Service.

5

Name the service Microsoft 365 - example.com, where example.com is the name of your domain.

6

Select the environment Microsoft Commercial.

7

Fill out the Tenant, Client ID and Client Secret with the values recorded from the previous section.

8

Leave the Enable Authentication option enabled.

Note

Leaving the option on will allow any Microsoft 365 user to log in to Rampiva Automate. Disable this option if that is not the intent of this service.

9

Check Synchronize Users option.

10

Click Add Service.

11

Select the Third-Party Services tab.

12

Click Add+ Microsoft Purview Service.

13

Name the service Microsoft 365 - example.com, where example.com is the name of your domain.

14

Set the authentication Scope to either:

  • Service, to allow all Rampiva users to share the Purview Service credentials, or

  • User, to require each Rampiva user to log in to Microsoft Purview with their own Microsoft account.

15

Select the authentication Service Microsoft 365 - example.com create previously.

Note

This download method requires the configuration steps described in section B in this article.

16

Enable the option Use Purview Download.

17

Click Add Service.

18

When prompted to sign-in with the Purview eDiscovery Manager account, sign in with a user account that has eDiscovery Manager permissions.

Info

Depending on your single-sign on settings, you might be prompted to sign in twice, once to obtain the access token for the Purview management commands, and a second time to obtain the access token for the Purview download operation.

19

Expand the Log section to confirm that the authentication was successful and that no warning messages are shown.

...