Support for Microsoft Information Protection
ReplaceMagci supports changes of encrypted documents via Azure/Microsoft Information Protection (AIP/MIP). Currently, supported document formats are: Excel, Word and PowerPoint.
MIP is supported only when WebLogon is used as authentication method.
Microsoft prerequisites (without all of them MIcrosoft will not allow application to use MIP/AIP):
- Make sure that you enter the correct user name and password. To check that you entered them correctly, sign in to the Office 365 portal.
- You must be a global administrator to connect to Azure Information Protection.
- To use Azure Information Protection, you must have a subscription that includes Azure Information Protection.
- Work with the network administrator to make sure that the network meets the requirements for connecting to Azure Information Protection. The requirements are as follows:
1. Incoming and outgoing connections to *.aadrm.com are enabled.
2. Incoming and outgoing connections to *.cloudapp.net (rmsoprod*-b-rms*.cloudapp.net) are enabled.
3. Port 443 is open.
How to configure for Azure/Microsoft Information Protection - to use it configuration on Azure portal and also ReplaceMagic is required:
Go to: https://portal.azure.com
Click on “App registration” or search for:
Select “New registration”:
Type application name (please use ReplaceMagic) and select account type, for example, “Accounts in this organizational directory only…”:
Click on Register.
Click on Redirect URIs:
Click Add platform:
Select Mobile and Desktop application:
Select first checkbox:
Click on App permissions:
Select following permissions:
If required also “Grant admin consent” for your organization.
Permissions for Microsoft Information Protection Sync Service are, most likely, under -> Add a Permission -> APIs my organization uses:
Go to Expose an API and click on Add a scope there you can just click on “Save and continue”
Fill the form, for example, like:
And click on “Add scope”
On same page click on:
Fill the form. First check checkbox and client ID field copy ClientID from authorized scope or from Overview page of just created application:
Go to Owners and add user who is going to use ReplaceMagic to fix documents protected with MIP:
To setup ReplaceMagic to use MIP on form where you are creating select “Use MIP” and enter data from Azure portal:
If after logging to your SharePoint reading of protected files does not work, please go to c:\users\username\appdata\roaming\replacemagic\logs and check if in some of logs you have error message like:
Message: LoadLibrary failed for: [C:\Program Files (x86)\ReplaceMagic\x64\mip_dotnet.dll]
Source: Microsoft.InformationProtectiona
If yes, then (re-)install Microsoft Visual C++ Redistributable components for x64 platform:
Direct link: https://aka.ms/vs/17/release/vc_redist.x64.exe (computer restart is required).
Remark: ReplaceMagic will need to save encrypted documents locally which will be deleted after encryption/decryption is completed.
IMPORTANT - User validation or problems to process encrypted documents - you can validate your user by using PowerShell (version 5) and running command Connect-AipService. If you see error message:
Connect-AipService : The attempt to connect to the Azure Information Protection service failed. Verify that the
credentials you are using are correct and try again. If you have continued problems, see
http://go.microsoft.com/fwlink/?LinkId=251909.
Most likely your user either does not have:
- Subscription containing Azure Information Protection/Microsoft Information Protection or
- Is not Global admin
More details (see prerequisites above) in: https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/user-prov-sync/fail-connect-azure-information-protection-powershell
Unfortunately, without Microsoft prerequisites ReplaceMagic (or any other tool) will not be able to process encrypted documents.