Azure Information Protection (AIP) Permissions
The following permissions are required to enable API in Skyhigh CASB for AIP and to use Custom OAuth for AIP.
To add the required APIs with the permissions, click API Permissions.
IMPORTANT:
- Select and add the required APIs with their respective permissions as per the following tables. All permission types should be set to Application Permissions unless otherwise stated.
- Do not add additional permissions, and do not leave out any permissions. Stick to this list or API enablement will not work.
For AIP set the following permissions | ||
---|---|---|
Azure Rights Management Service: Read protected content on behalf of a user Create protected content on behalf of a user Read all protected content for this tenant Create protected content Create and access protected content for users (type=delegated) |
Microsoft Graph (type=delegated): Sign in and read user profile (User.Read)
|
Microsoft Information Protection Read all unified policies of the tenant Read all unified policies a user has access to (type=delegated) |