Loading...
Loading...

HOWTO: Using Azure Information Protection features in SEG

Expand / Collapse


This article applies to:

  • Trustwave SEG 8.2 and above
  • Azure Information Protection Rights Management

Question:

  • What setup is required for Azure Information Protection (AIP) with SEG?
  • How do I get the AIP credentials and settings that I need to enter in SEG?

Procedure:

To set up AIP in SEG, you will need a Microsoft Azure account configured with AIP. This article assumes you have such an account.

Prerequisites

RMS Client

The RMS Client installer is linked from the prerequisites tab of the SEG installation autorun. You must install the RMS Client on all processing nodes.

SEG Product Key

The SEG Product Key must have Azure Information Protection enabled. Trial keys for SEG versions that support AIP include this feature. Customers who want to use this functionality should request a replacement key with the AIP entitlement enabled.

Information Needed

NOTE: To use the PowerShell commands described, you must use a minimum version of PowerShell and you must install certain modules. For details, see the Microsoft document Installing the AADRM PowerShell Module.

You will need to obtain values for the following fields required in SEG configuration:

  • BposTenantId: Azure Tenant Id
  • AppPrincipalId: Azure user to use with SEG with super-user rights
  • Base64Key: Symmetric key for AppPrincipalId
  • LicensingExtranetUrl: URL for retrieving use license, templates, and other items
  • LicensingIntranetUrl: URL for retrieving use license, templates, and other items from Intranet locations.
    • Typically the same as LicensingExtranetUrl

Getting the Tenant ID and Licensing Url

  1. As an administrator, run PowerShell with the appropriate modules installed (see note above)
  2. Import the RMS module: Import-Module AADRM
  3. Connect to the service, using Microsoft credentials that have appropriate permissions: Connect-AadrmService –Verbose
  4. Ensure RMS is enabled: Enable-AADRM
  5. Get your tenant ID by running: Get-AadrmConfiguration

Creating a Service Principal

A service principal is credentials configured globally for access control that allow a service to authenticate with Microsoft Azure AD and to protect information using Microsoft Azure AD Rights Management.

If you do not already have a service principal for SEG, follow the following steps:

  1. As an administrator, run PowerShell with the appropriate modules installed (see note above)
  2. Import the Microsoft Azure AD module using: Import-Module MSOnline
  3. Connect to your online service with the assigned user credentials: Connect-MsolService
  4. Create a new service principal by running: New-MsolServicePrincipal
  5. Provide a name for the Service Principal
  6. Record the results (symmetric key and AppPrincipalID)

Enabling the Super User feature

SEG requires super user feature to be able to decrypt all messages for the domain. To enable this for the created principal, follow the following steps:

  • As an administrator, run PowerShell with the appropriate modules installed (see note above)
  • Import the RMS module: Import-Module AADRM
  • Connect to the service with the assigned user credentials: Connect-AadrmService –Verbose
  • Enable the Aadrm super user feature: Enable-AadrmSuperUserFeature
  • Add the Service Principal as a super user to Rights Management: Add-AadrmSuperUser  -ServicePrincipalId <AppPrincipalId>

Next Steps

To enter the AIP settings and credentials, open the SEG Configurator or MailMarshal (SEG) 10 Management Interface and navigate to Trustwave SEG Properties > Azure Information Protection. For further instructions, see Help for that window.


To contact Trustwave about this article or to request support:


Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.