Automate - Purview Collections QuickStart

 

The material in this document is for informational purposes only. This guide assumes that the most recent version of Rampiva Automate is in use unless otherwise noted in the prerequisites. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.

Introduction

This article describes the steps required to configure Rampiva Automate for running a Purview collection and downloading the data locally.

Prerequisites 


Instructions

A. Configure eDiscovery Permissions in Microsoft 365

1

Browse to the Microsoft Azure portal at https://portal.azure.com/ and login with an Azure AD administrative user account.

2

Select the Microsoft Entra ID service, or browse to https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview

3

Select the App registrations tab.

4

Click New registration.

5

Provide the name Rampiva Automate.

6

Select the supported account types Accounts in this organization directory only.

7

Configure the Redirect URI to the type Web, with the value http://localhost/api/v1/users/oidcResponse

This Redirect URI configuration will logging in with Microsoft accounts when browsing to Rampiva Automate from the local server.

If Rampiva Automate is configured to be accessible using a public domain name (for example https://rampiva-automate-globexinc.azurewebsites.net), update the Redirect URI configuration to reflect this, for example: https://rampiva-automate-globexinc.azurewebsites.net/api/v1/users/oidcResponse

8

Click Register.

 

9

After the application is created, take note of the Application (client) ID, and the Directory (tenant) ID.

These values are required when configuring the Microsoft service in Rampiva Automate.

10

Select the Certificates & secrets tab.

11

Click New client secret.

12

Name the secret Rampiva Automate.

13

Click Add.

14

Copy the secret value and take note of it.

 

15

Select the API permissions tab.

16

Select Add a permissionMicrosoft APIsMicrosoft Graph:

  • Delegated permissions

    • eDiscovery.ReadWrite.All

    • Directory.Read.All

    • Sites.Read.All

  • Application permissions

    • Directory.Read.All

    • Sites.Read.All

17

Grant admin consent for the permissions.

18

Confirm that admin consent was granted.

B. Configure Purview Download Permissions in Microsoft 365

1

The Purview Download Permissions are required to download data exported to Microsoft Purview.

 

2

Connect to Azure AD from PowerShell, with permissions to read/write application settings.

Connect-Graph -Scopes "Application.ReadWrite.All"
3

Log in to Azure AD.

4

Create a new service principal for the Microsoft Purview eDiscovery app.

 

New-MgServicePrincipal -AppId b26e684c-5068-4120-a679-64a5d2c909d9
5

Confirm that the service principal was created successfully.

6

In the Microsoft Azure portal, open the Microsoft Entra ID service, or browse to https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview

 

7

Open the previously configured App registration.

8

Select the API permissions tab.

9

Select Add a permissionAPIs my organization uses MicrosoftPurviewEDiscovery:

  • Delegated permissions

    • eDiscovery.Download.Read

10

Grant admin consent for the permissions.

11

Confirm that admin consent was granted.

C. Configure the Microsoft Authentication Service in Rampiva Automate

1

Browse to Rampiva Automate.

2

Select the Settings tab.

3

Select the Authentication Services tab.

4

Click Add+ Microsoft Authentication Service.

5

Name the service Microsoft 365 - example.com, where example.com is the name of your domain.

6

Select the environment Microsoft Commercial.

7

Fill out the Tenant, Client ID and Client Secret with the values recorded from the previous section.

8

Leave the Enable Authentication option enabled.

9

Check Synchronize Users option.

10

Click Add Service.

11

Select the Third-Party Services tab.

12

Click Add+ Microsoft Purview Service.

13

Name the service Microsoft 365 - example.com, where example.com is the name of your domain.

14

Set the authentication Scope to either:

  • Service, to allow all Rampiva users to share the Purview Service credentials, or

  • User, to require each Rampiva user to log in to Microsoft Purview with their own Microsoft account.

15

Select the authentication Service Microsoft 365 - example.com create previously.

16

Enable the option Use Purview Download.

17

Click Add Service.

18

When prompted to sign-in with the Purview eDiscovery Manager account, sign in with a user account that has eDiscovery Manager permissions.

19

Expand the Log section to confirm that the authentication was successful and that no warning messages are shown.

D. Run a Test Collection

1

Browse to Rampiva Automate.

 

2

Open the Jobs - Purview tab.

3

Click Add + Purview Job.

4

Select the Internal - Lab client, and the Testing matter and click Next.

5

From the Purview library, select the Apply Hold and Collect Locally workflow and click Next.

 

6

Select an Execution Profile and a Resource Pool.

7

Scroll to the bottom of the page and confirm the Purview Service and Download Location and click Next.

8

Select the option to Create new Purview case.

9

Name the case Test Rampiva Purview setup and click Next.

10

Add a custodian using the + button and click Next.

11

Add a non-custodial data source using the + button and click Next.

12

Leave the default search options and click Next.

13

Leave the default review set options and click Next.

14

Leave the default export review set options and click Next.

15

Leave the default export review set options and click Next.

16

Confirm the Job settings and click Submit.

17

Monitor the progress of the Job in the Workflow section.

 

18

After the Job completes, the data will be available in the base data folder configured in the execution profile, by default C:\Data\Purview\Export a1a1a1a1.