Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Azure Information Protection (AIP) Permissions

The following permissions are required to enable API in Skyhigh CASB for AIP and to use Custom OAuth for AIP.

To add the required APIs with the permissions, click API Permissions.


  • Select and add the required APIs with their respective permissions as per the following tables. All permission types should be set to Application Permissions unless otherwise stated.
  • Do not add additional permissions, and do not leave out any permissions. Stick to this list or API enablement will not work.
For AIP set the following permissions

Azure Rights Management Service:

Read protected content on behalf of a user

Create protected content on behalf of a user

Read all protected content for this tenant

Create protected content

Create and access protected content for users (type=delegated)

Microsoft Graph (type=delegated):

Sign in and read user profile (User.Read)


Microsoft Information Protection

Read all unified policies of the tenant

Read all unified policies a user has access to (type=delegated)

  • Was this article helpful?