The material in this document is for informational purposes only. This guide assumes that the most recent version of Rampiva Automate is in use unless otherwise noted in the prerequisites. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.
Introduction
This article describes the steps required to configure Rampiva Automate for running a Purview collection and downloading the data locally.
Prerequisites
Rampiva Automate v8.1 or later (see Automate - Install on a Single Local Server)
Microsoft 365 subscription with access to Purview eDiscovery
Microsoft 365 account with eDiscovery Manager permissions
Microsoft 365 account with permissions to register an application in Azure AD
Instructions
A. Configure eDiscovery Permissions in Microsoft 365
| 1 | Browse to the Microsoft Azure portal at https://portal.azure.com/ and login with an Azure AD administrative user account. |  |
| 2 | Select the Microsoft Entra ID service, or browse to https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview | |
| 3 | Select the App registrations tab. | |
| 4 | Click New registration. |  |
| 5 | Provide the name Rampiva Automate. | |
| 6 | Select the supported account types Accounts in this organization directory only. | |
| 7 | Configure the Redirect URI to the type Web, with the value http://localhost/api/v1/users/oidcResponse This Redirect URI configuration will logging in with Microsoft accounts when browsing to Rampiva Automate from the local server. If Rampiva Automate is configured to be accessible using a public domain name (for example https://rampiva-automate-globexinc.azurewebsites.net), update the Redirect URI configuration to reflect this, for example: https://rampiva-automate-globexinc.azurewebsites.net/api/v1/users/oidcResponse | |
| 8 | Click Register. | |
| 9 | After the application is created, take note of the Application (client) ID, and the Directory (tenant) ID. These values are required when configuring the Microsoft service in Rampiva Automate. |  |
| 10 | Select the Certificates & secrets tab. |  |
| 11 | Click New client secret. | |
| 12 | Name the secret Rampiva Automate. | |
| 13 | Click Add. | |
| 14 | Copy the secret value and take note of it. This value is required when configuring the Microsoft service in Rampiva Automate. |  |
| 15 | Select the API permissions tab. |  |
| 16 | Select Add a permission → Microsoft APIs → Microsoft Graph:
The Application Sites.Read.All permission is optional. If this permission is not granted, then Rampiva will attempt to list the SharePoint sites in the organizations with the Delegated permission of a user logged in to the Purview Third-Party Service. | |
| 17 | Grant admin consent for the permissions. |  |
| 18 | Confirm that admin consent was granted. |  |
B. Configure Purview Download Permissions in Microsoft 365
| 1 | The Purview Download Permissions are required to download data exported to Microsoft Purview. If you do not intend to use download data from Microsoft Purview from a Rampiva Job, or if you intend to use the deprecated Microsoft getDownloadUrl method (see https://learn.microsoft.com/en-us/graph/api/security-ediscoveryexportoperation-getdownloadurl?view=graph-rest-beta&tabs=http), then this section can be skipped. | |
| 2 | Connect to Azure AD from PowerShell, with permissions to read/write application settings. | Connect-Graph -Scopes "Application.ReadWrite.All" |
| 3 | Log in to Azure AD. |  |
| 4 | Create a new service principal for the Microsoft Purview eDiscovery app. The exact app id | New-MgServicePrincipal -AppId b26e684c-5068-4120-a679-64a5d2c909d9 |
| 5 | Confirm that the service principal was created successfully. |  |
| 6 | In the Microsoft Azure portal, open the Microsoft Entra ID service, or browse to https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview | |
| 7 | Open the previously configured App registration. |  |
| 8 | Select the API permissions tab. | |
| 9 | Select Add a permission → APIs my organization uses → MicrosoftPurviewEDiscovery:
| |
| 10 | Grant admin consent for the permissions. |  |
| 11 | Confirm that admin consent was granted. |
C. Configure the Microsoft Authentication Service in Rampiva Automate
| 1 | Browse to Rampiva Automate. |  |
| 2 | Select the Settings tab. | |
| 3 | Select the Authentication Services tab. | |
| 4 | Click Add+ Microsoft Authentication Service. | |
| 5 | Name the service Microsoft 365 - example.com, where example.com is the name of your domain. |  |
| 6 | Select the environment Microsoft Commercial. | |
| 7 | Fill out the Tenant, Client ID and Client Secret with the values recorded from the previous section. | |
| 8 | Leave the Enable Authentication option enabled. Leaving the option on will allow any Microsoft 365 user to log in to Rampiva Automate. Disable this option if that is not the intent of this service. | |
| 9 | Check Synchronize Users option. | |
| 10 | Click Add Service. | |
| 11 | Select the Third-Party Services tab. |  |
| 12 | Click Add+ Microsoft Purview Service. | |
| 13 | Name the service Microsoft 365 - example.com, where example.com is the name of your domain. | |
| 14 | Set the authentication Scope to either:
| |
| 15 | Select the authentication Service Microsoft 365 - example.com create previously. This download method requires the configuration steps described in section B in this article. | |
| 16 | Enable the option Use Purview Download. | |
| 17 | Click Add Service. | |
| 18 | When prompted to sign-in with the Purview eDiscovery Manager account, sign in with a user account that has eDiscovery Manager permissions. Depending on your single-sign on settings, you might be prompted to sign in twice, once to obtain the access token for the Purview management commands, and a second time to obtain the access token for the Purview download operation. |  |
| 19 | Expand the Log section to confirm that the authentication was successful and that no warning messages are shown. |
C. Run a Test Collection
| 1 | Browse to Rampiva Automate. | |
| 2 | Open the Jobs - Purview tab. |  |
| 3 | Click Add + Purview Job. |  |
| 4 | Select the Internal - Lab client, and the Testing matter and click Next. | |
| 5 | From the Purview library, select the Apply Hold and Collect Locally workflow and click Next. |  |
| 6 | Select an Execution Profile and a Resource Pool. |  |
| 7 | Scroll to the bottom of the page and confirm the Purview Service and Download Location and click Next. The parameter {job_id_short} will get evaluated to the job ID once the job starts. |  |
| 8 | Select the option to Create new Purview case. |  |
| 9 | Name the case Test Rampiva Purview setup and click Next. | |
| 10 | Add a custodian using the + button and click Next. |  |
| 11 | Add a non-custodial data source using the + button and click Next. |  |
| 12 | Leave the default search options and click Next. |  |
| 13 | Leave the default review set options and click Next. |  |
| 14 | Leave the default export review set options and click Next. |  |
| 15 | Leave the default export review set options and click Next. |  |
| 16 | Confirm the Job settings and click Submit. |  |
| 17 | Monitor the progress of the Job in the Workflow section. |  |
| 18 | After the Job completes, the data will be available in the base data folder configured in the execution profile, by default C:\Data\Purview\Export a1a1a1a1. |  |