| Anchor | ||||
|---|---|---|---|---|
|
...
Administrator’s Basic Guide to LINK
2023-01B
...
...
Table of Contents
...
| Anchor | ||||
|---|---|---|---|---|
|
 | Add (e.g., create a new user, application, etc.) |
 | Open item for editing |
 | Delete item |
 | Save item |
 | Go back (without saving) NOTE: do not press the browser back button! |
 | Next page |
 | Previous page |
| Anchor | ||||
|---|---|---|---|---|
|
...
Code-based activation is configured in the LINK Controller on the “Settings” tab. The first step is to change the launch link type to be “Activation Pincode” in the “Controller Settings” pane on the “Settings” tab. To do so, change the link type using the dropdown pictured here:
Activation Pincode
Please make sure that the “Attach a QR code …” and “Attach an hxl file …” are both toggled off.
...
At Files, tap the pencil icon.
...
Files
Change settings as shown below. Tap the Diskette icon to save.
...
Login to your Azure portal at https://portal.azure.com. To create a new App Registration, search for “App Registrations” and click on the service when it appears. Once you have opened the “App Registrations” panel:
...
From the app registration page for your new app, add a new redirect URI by clicking the link next to “Redirect URIs:”. Toggle on the checkbox next to https://login.microsoftonline.com/common/oauth2/nativeclient for the redirect URI.
Click “Save” at the bottom of the screen.
...
Next, add API permissions to your app registration. To do so, click “API Permissions” in the “Manage” section on the left panel of the page.
(See https://github.com/Azure-Samples/MipSdk-Dotnet-File-ServicePrincipalAuth for the original source):
...
Click API permissions.
Click Add a permission.
Select Microsoft APIs.
Select Azure Rights Management Services.
Permission Type | Permissions Required |
Application permissions | Content.DelegatedWriter Content.Writer |
Microsoft Information Protection Sync Service
...
Select Add permissions.
Again, Select Add a permission.
Select APIs my organization uses.
In the search box, type Microsoft Information Protection Sync Service then select the service.
Permission Type | Permissions Required |
Application permissions | UnifiedPolicy.Tenant.Read |
Grant Admin Consent
Select Add permissions.
In the API permissions blade, Select Grant admin consent for and confirm.
...
Browse to the Resources tab in LINK and edit the file resource for which you would like to enable information protection. Scroll down until you find the option that says “Enable Azure MIP protection when editing files”. Click “Change to yet” to enable Azure MIP integration. Doing so will reveal the following configuration parameters:
Parameter | Description of Value |
Azure Tenant ID | Directory (Tenant) ID captured during the app registration |
Email address of a tenant administrator (e.g., admin@mobilehelix.com) | As described. This email is used as the sign-in identity when LINK authenticates with Azure using the client secret |
App ID for the Azure MIP App Registration | App (Client) ID captured during the app registration |
Client secret for MIP service access | Client secret used for authentication with the MIP REST APIs |
Email address of the owner for MIP-encrypted files | To protect files while they are being edited with Office for iOS, LINK applies MIP encryption using the owner email address provided here, and grants Read/Write permission to the signed-in LINK user. This allows the user to manipulate the document in Office for iOS without granting the user the ability to alter the permissions in any way. |
After these parameters are entered, click the “Save” button in the blue bar in the LINK Controller. Tap the refresh button on your device to ensure that these changes are propagated into your active LINK session.
...
Add LINK as an app in Intune and deploy it to your target user group
Login to https://endpoint.microsoft.com, your Intune management console. Under “All Services” or “Favorites”, select “Apps”. Click “All Apps”, “Add” … and select the following:
...