Add an MIP (Microsoft Information Protection) account in the Admin Portal to enable the scan and retrieval of the MIP labels from Microsoft to the Admin Portal. After the MIP account has been successfully validated, the service can scan and retrieve the MIP labels from Microsoft for the MIP account in the Admin Portal. For the service to scan and retrieve the MIP labels from Microsoft, you need to change the status on the MIP account from Validation Successful to Active using the Edit MIP Account window. To stop the scan and retrieval of these MIP labels from Microsoft, change the status of the MIP account to Tenant Inactive. To learn more, see Retrieving MIP Labels from Microsoft to the MIP Account.

To add an MIP account:

1. Go to Policies > Data Protection > Common Resources > MIP Labels.
2. Click Add MIP Account.

The Add MIP Account window appears.

See image.

3. In the Add MIP Account window, select a SaaS Connector option. A Zscaler-defined connector grants the Zscaler service full administrator privileges to the application; whereas, a custom connector grants only necessary permissions.
   • Zscaler Defined

     1. Click Authorize.

     The Microsoft Portal appears.

     2. Choose an account and log in to the Microsoft Portal.

     A Microsoft window appears listing the permissions requested by the Zscaler service.

     See image.

     

     Close

     3. Review the required permissions for the Zscaler service to access the Microsoft account and click Accept.

     Close
   • Custom

     To create a custom MIP connector, you must first configure permissions in Azure so that you can provide the Client ID, Client Secret, and Tenant ID for the MIP account in the Admin Portal. To learn more, see Authorizing a Custom Zscaler Connector for Microsoft Applications.

     Close

The Add MIP Account window reappears, displaying the next window for account details.

See image.

4. In the Add MIP Account window, under Account Name, enter a name you want to associate with the Microsoft account. It must be unique.
5. Click Save and activate the change.

The MIP account is added to the Admin Portal. The MIP Account displays a status of Validation Successful if the account is authorized. It displays a status of Validation Failed if the account is not authorized. If the status on the MIP account is Validation Failed, you can try the authorization process again by clicking Reauthorize on the Edit MIP Account window.