Connecting to the MPIP Instance

Connecting to the MPIP Instance

If you have Microsoft Purview Information Protection (MPIP) running in your environment, then you can connect to your MPIP instance through your Netskope tenant.

Ensure that the Microsoft account used for the grant process has global admin permissions.
  1. In the Netskope tenant, go to Settings > Manage > IRM Integration.

  2. Click the Connect Instance drop-down and click on Microsoft.

    If you do not see an MPIP profile in the drop-down list, log in to your Microsoft 365 admin center, and go to the Compliance section. Under Information protection, ensure that the MIP label is published to all groups, or a group that contains the global administrator account.
  3. In Connect IRM Instance dialog box,

    • Select the IRM Vendor as MPIP.Enter an instance name for your MPIP instance. For example, DevOps-MPIP. Enter an admin email address. Provide the email address of the admin user granting the MPIP instance.

      Ensure that the admin account has the Azure Information Protection Administrator and Application Administrator role at a minimum.
  4. Click Connect. The MPIP instance will show up under Connected IRM Instances.

For MIP licensing information, see the Microsoft Azure documentation.

If you do not see an MPIP profile in the drop-down list, log in to your Microsoft 365 admin center, go to the compliance section. Under Information protection, ensure that the MPIP label is published to ‘all’ groups or a group that contains the global administrator account.

Re-grant MPIP Instance

Under certain circumstances, you may have to re-grant the MPIP instance. For example, when you set up a classic API Data Protection policy, under Action, the MIP profile drop-down may not display the profiles and the UI may throw an error like We encountered a backend error. Please try again. To resolve this issue, re-grant the MPIP instance. To do so, follow the steps below:

  1. In the Netskope tenant, go to Settings > Manage > Sensitivity Label Integration, then click Legacy IRM Integration.

  2. Edit the existing Microsoft instance.

  3. Keep the values as is and click Connect.

  4. Log in with your Microsoft admin account, accept the permissions.

    You should see a successful message. Click Close.

  5. Click Close.

You have successfully re-granted the MPIP instance.

You can now go back Policies > API Data Protection > SAAS > Classic > New Policy and set up the policy. Under Action, you can now select the action as IRM, IRM vendor as MIP, and the MIP profile.

Share this Doc

Connecting to the MPIP Instance

Or copy link

In this topic ...