Data
Reader small image

You're reading from  Mastering Identity and Access Management with Microsoft Azure - Second Edition

Product typeBook
Published inFeb 2019
PublisherPackt
ISBN-139781789132304
Edition2nd Edition
Tools
Azure
Concepts
Identity Management
Right arrow
Author (1)
Jochen Nickel
Jochen Nickel
author image
Jochen Nickel

Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a clear focus and in-depth technical knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland leading and executing projects in the field of Identity and Access Management including Data Classification and Information protection. Jochen is focused on Microsoft Technologies, especially in the Enterprise Mobility + Security Suite, Office 365 and Azure. He is an established speaker at many technology conferences like Azure Bootcamps, TrustInTech Meetups or the Experts Live Switzerland and Europe.
Read more about Jochen Nickel

Right arrow

Chapter 16. Azure Information Protection Development

This chapter is a good starting point for anyone who wants to dive deeper into the Azure Information Protection technology to get more information for troubleshooting or supporting a solution. This chapter will also help you write an application to help your customers to fulfill your organization's needs. Using the development resources of Azure Information Protection will give you more in-depth knowledge about this technology.

In this chapter, we'll provide you with an overview of the different development resources to help you start your journey into the different Azure Information Protection development options. We'll offer you the starters to prepare your development environment and give you some examples so you can start analyzing this excellent service. You'll get information about the Microsoft Information Protection SDK, the use of PowerShell, and the other SDKs that are available to help you begin your journey.

This chapter is organized...

Technical requirements

In this chapter, you can use the YD1APP01 server, on which Visual Studio 2017 is already installed in Chapter 7, Deploying Solutions on Azure AD and ADFS. Additionally, you need to install the Information Protection SDK 2.1 from https://bit.ly/298QzMn to run any development. Also, download the examples from https://bit.ly/2CBVvoE, https://bit.ly/2RHCjjO,and https://bit.ly/2HtYKEj to the server in your Visual Studio project directory, such as C:\Users\cloudadmin.INOVITDEMOS\Documents\Visual Studio 2017\Projects>, which you can use to experiment with the framework.

In the next section, we'll dive into the Microsoft Information Protection solutions to get the knowledge about all the related technologies.

Microsoft Information Protection solutions

Azure Information Protection itself is built to classify, label, and protect files in Office 365 and many other applications. The following list shows the different solution components and their relation to Azure Information Protection:

  • Microsoft Cloud App Security: For protecting cloud applications with direct integration of Azure Information Protection.
  • Conditional Access: To control access to sensitive information where no direct integration into Azure Information Protection is required.
  • SharePoint: To deliver RMS-protected libraries and groups to provide access control.
  • Office 365 Message encryption: To send encrypted emails inside or outside your organization with a direct integration into Azure Information Protection.
  • Office 365 Data Loss Prevention: Is built to prevent data loss over Exchange and SharePoint Online, including OneDrive for Business with a direct integration into Azure Information Protection.
  • Office 365 Advanced Data Governance: Provides...

Understanding the Microsoft Information Protection SDK

The Microsoft Information Protection SDK extends labeling and protection functionality so you can provide a consistent experience in cross-platform scenarios, and it provides a comprehensive set of capabilities. With the SDK, you can extend the classification, labeling, and protection to any other app and service. In general, Microsoft Information Protection solutions are compatible with traditional Active Directory RMS infrastructures. You experienced this with the Hold Your Own Key (HYOK) functionality.

The Microsoft Information Protection SDK is available on the following:

  • macOS, Linux, and Windows
  • A preview for Android, IOS, and other platforms

The SDK supports user and service applications, including support for multi-tenancy. User applications include common authoring tools, such as Office and Adobe. Labeling structured data is also supported. Service applications mostly run in the background, such as DLP, cloud access security brokers...

Preparing your Azure AD environment for tests

In this section, we'll adjust our Azure AD environment to run code from the Microsoft Information Protection SDK against our Azure Information Protection infrastructure. As usual, it starts with the creation of an Azure AD app:

  1. Log in with global administrator credentials to the Azure portal at https://portal.azure.com.
  2. Navigate to the Azure AD blade.
  3. Click App registrations to create a new application.
  4. Click New Applications registration.
  1. Use the following settings:

Example app properties

  1. Click the Settings button on the registered application:

App Settings option

  1. Click the Required permissions section for API access.
  1. Click Add:

Required permissions configuration

  1. Click Select an API. If needed, use the search field to find Microsoft Rights Management Services.
  2. Select the Microsoft Rights Management Services API:

Choosing the Microsoft RMS API

  1. Under the Select permissions section, use the Create and access protected content for users permission under the DELEGATED...

Using MIP binaries to explore functionality

With the Microsoft Information protection binary from the SDK, we can explore the new functionalities of Microsoft's unified Information Protection solution. The binaries deliver all the examples needed to start using the different functions like gathering the actual status of a file, classifying and protecting a file, and bulk decrypting files. In the following section, we will focus on the file_example.exe binary which delivers all this basic functionality. This example will give you ideas for developing own applications that use the SDK and the Information protection functions.

We downloaded the MIP binaries to explore features. You can use the following steps to get more insight into features:

  1. Open PowerShell and navigate to the sample files.
  2. Execute the .\file_sample.exe binary to view the functionality you can test:

Application command-line options

With this binary, you can start with the following commands:

  • Get a list of labels:
./file_sample ...

Using PowerShell with Azure Information Protection

PowerShell provides you managing capabilities for Azure Information Protection. In special, to handle custom classification and protection solutions you need to be able to use PowerShell to solve your challenges like, labeling and protecting files on a file share or single computer. With the following cmdlets you have the basic toolset to do the most administrative tasks with PowerShell. We used the cmdlets for example for providing a monitoring solution of a single folder and labeling and encrypting the files in the folder based on keywords. With the following commands, you can start to explore more about Azure Information Protection's capabilities and technology:

  • Import-Module AzureInformationProtection
  • Get-AIPFileStatus: Used to identify all files with a specific label
  • Set-AIPFileClassification: Used to inspect file contents and automatically label unlabeled files
  • Set-AIPFileLabel: Used to apply a specified label
  • Set-AIPAuthentication: Used...

Overview of the RMS 2.1 and 4.2 SDKs

Two active generations of RMS SDKs are available to developers and used for the following developments:

  • Microsoft Rights Management SDK 4.2 for Android, iOS/macOS, Windows devices, and Linux
  • Microsoft Rights Management SDK 2.1 for Windows Desktop Client
  • AD RMS SDK is superseded

The following improvements were included with the 4.2 version:

  • Hybrid support AD RMS and Azure RMS (AD RMS' mobile device extension is needed to make AD RMS available on mobile devices and provides the required authentication methods)
  • Access protected content offline
  • Bring your authentication library
  • Bring your user interface
  • Redesigned API

You can use the following example design to develop your application:

Example of design for an application with the feature specification

 

 

The example above demonstrates how a user can encrypt a document. For this task, he needs to select an Azure RMS template or use an Azure RMS AdHoc-Protection. In order to get the template information from Azure Information...

Summary

In this final chapter, we first introduced you to the several PowerShell scripts and the related code of the SDK to gather more information about the whole Microsoft Information Protection solution framework, or to start developing your extensions or applications. It was never the intention to turn you into a developer in one chapter, but using these resources is a good source of knowledge for troubleshooting or administering such a solution. You should now be able to describe which SDKs are available and what they can be used for. Furthermore, you have enough code samples to start working. We wanted to provide you with a functional and ready work environment to help you get started easily.

Hopefully, the information in this book will help you with your current organization or project. I want to thank you very much sticking around till the end of this book. If you have any questions, don't hesitate to ask me under my blog jochennickel.ch or info@inovit.ch.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 21 of 23
Next Chapter
You have been reading a chapter from
Mastering Identity and Access Management with Microsoft Azure - Second Edition
Published in: Feb 2019Publisher: PacktISBN-13: 9781789132304
© 2019 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at £13.99/month. Cancel anytime

Author (1)

author image
Jochen Nickel

Jochen Nickel is a Cloud, Identity and Access Management Solution Architect with a clear focus and in-depth technical knowledge of Identity and Access Management. He is currently working for inovit GmbH in Switzerland leading and executing projects in the field of Identity and Access Management including Data Classification and Information protection. Jochen is focused on Microsoft Technologies, especially in the Enterprise Mobility + Security Suite, Office 365 and Azure. He is an established speaker at many technology conferences like Azure Bootcamps, TrustInTech Meetups or the Experts Live Switzerland and Europe.
Read more about Jochen Nickel

Other recommended products

Related to this chapter

Active Directory Administration Cookbook

Active Directory Administration Cookbook

Active Directory and Azure Active Directory offer centralized administration possibilities to automate network, security and access management in Microsoft-oriented environments. This book will help you in deploying, administering, and automating Active Directory through a recipe-based approach.

BookMay 2019620 pages
Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide

Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide

This practical guide covers Identity with Windows Server 2016: 70-742 exam objectives required for MCSA: Windows Server 2016 certification.

BookJan 2019232 pages
Microsoft 365 Security Administration: MS-500 Exam Guide

Microsoft 365 Security Administration: MS-500 Exam Guide

MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.

BookJun 2020672 pages
Microsoft 365 Mobility and Security - Exam Guide MS-101

Microsoft 365 Mobility and Security - Exam Guide MS-101

The MS-101 exam is part of the Microsoft 365 Certified: Enterprise Administrator Expert certification path in which users learn to evaluate, plan, migrate, deploy, and manage Microsoft 365 services. This book offers complete, up-to-date coverage of the MS-101 exam so you can take them with confidence, fully equipped to pass the first time.

BookNov 2019312 pages
Mastering Active Directory

Mastering Active Directory

Identity is key for any infrastructure, no matter the size. Active Directory Domain Services provide the ability to manage elements in an infrastructure, such as attributes, resources, and privileges. Using them in an effective manner will help organizations manage their infrastructure in a secure, productive, and efficient way. The vision behind this book is to help professionals gain the knowledge to address modern identity infrastructure challenges in enterprises.

BookAug 2019786 pages
Managing Microsoft Teams: MS-700 Exam Guide

Managing Microsoft Teams: MS-700 Exam Guide

Managing Microsoft Teams: MS-700 Exam Guide offers complete, up-to-date coverage of the exam course content to help you pass with confidence. With this book, you will learn the steps of how to plan for a Microsoft Teams deployment within a business environment and manage Teams administrative functions on a day-to-day basis.

BookFeb 2021452 pages
Implementing Microsoft Azure Infrastructure Solutions: Exam Guide 70-533

Implementing Microsoft Azure Infrastructure Solutions: Exam Guide 70-533

This book focuses on skills and knowledge for provisioning and managing services in Microsoft Azure. This includes implementing infrastructure components such as virtual networks, virtual machines, containers, web and mobile apps, storage, planning and managing Azure AD and configuring Azure AD integration with on-premises Active Directory domains.

BookAug 2018516 pages
Architecting Microsoft Azure Solutions - Exam Guide 70-535

Architecting Microsoft Azure Solutions - Exam Guide 70-535

This study guide includes all the topics that are still relevant from the previous 70-534 exam, updated with the latest features like Artificial Intelligence, IoT, and architecture styles. This guide will help Azure Architects, Developers or anyone interested in designing and implementing effective Cloud architecture strategies.

BookApr 2018418 pages
Mastering Active Directory

Mastering Active Directory

Identity is key for any infrastructure, no matter the size. Active Directory Domain Services enable you to manage infrastructure elements, such as attributes, resources, and privileges, in a secure, productive, and efficient way. This book will help you develop the skills required to address modern identity infrastructure challenges in enterprises.

BookJun 2017742 pages
Microsoft Azure Administrator – Exam Guide AZ-103

Microsoft Azure Administrator – Exam Guide AZ-103

Microsoft Azure Administrator- Exam Guide AZ-103 is a complete guide that will help you master topics related to Azure administrator practices. Using this guide, you will have all the information required to ace the AZ-103 exam and become a Microsoft Azure administrator expert.

BookMay 2019452 pages
Microsoft 365 Certified Fundamentals MS-900 Exam Guide

Microsoft 365 Certified Fundamentals MS-900 Exam Guide

Microsoft? ?365? ?Certified? ?Fundamentals certification demonstrates your knowledge of cloud services in general and the SaaS cloud model. This MS-900 exam guide, filled with practice questions, exam patterns, and mock tests, will help help you pass the exam on the first go and get to grips with adopting core Microsoft 365 services and cloud concepts.

BookFeb 2020342 pages
Mastering Azure Security

Mastering Azure Security

Mastering Azure Security enables you to implement top-level security in your Azure tenant. With a focus on cloud security, this book will look at the architectural approach on how to design your Azure solutions to keep and enforce resources secure.

BookMay 2020262 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages