Trustwave Unveils 2025 Cybersecurity Threat Report for Energy and Utilities Sector. Learn More

Request a Demo

Trustwave Unveils 2025 Cybersecurity Threat Report for Energy and Utilities Sector. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
  1. Support
  2. MailMarshal Cloud
  3. Knowledge Base

HOWTO: Using Azure Information Protection features in MailMarshal Cloud

 

This article applies to:

  • Trustwave MailMarshal Cloud
  • Azure Information Protection Rights Management

Question:

  • What setup is required for Azure Information Protection (AIP) with MailMarshal Cloud?
  • How do I get the AIP credentials and settings that I need to enter in MailMarshal Cloud?

Procedure:

To set up AIP in MailMarshal Cloud, you will need a Microsoft Azure account configured with AIP. This article assumes you have such an account.

Prerequisites

MailMarshal Cloud Licensing

This functionality is licensed separately. Your MailMarshal Cloud account must have Azure Information Protection enabled. 

Information Needed

You will need to obtain values for the AIP credentials that you must enter in the MailMarshal Cloud console. To get these values, use PowerShell on a local Windows system.

  • NOTE: To use the PowerShell commands described, you must use a minimum version of PowerShell and you must install certain modules. For details, see the Microsoft document Installing the AADRM PowerShell Module.

You will need to obtain the following information: 

  • BposTenantId: Azure Tenant Id
  • AppPrincipalId: Azure user to use in MailMarshal with super-user rights
  • Base64Key: Symmetric key for AppPrincipalId
  • LicensingExtranetUrl: URL for retrieving use license, templates, and other items
  • LicensingIntranetUrl: URL for retrieving use license, templates, and other items from Intranet locations.
    • Typically the same as LicensingExtranetUrl

Getting the Tenant ID and Licensing Url

  1. As an administrator, run PowerShell with the appropriate modules installed (see note above)
  2. Import the RMS module: Import-Module AADRM
  3. Connect to the service, using Microsoft credentials that have appropriate permissions: Connect-AadrmService –Verbose
  4. Ensure RMS is enabled: Enable-AADRM
  5. Get your tenant ID by running: Get-AadrmConfiguration

Creating a Service Principal

A service principal is credentials configured globally for access control that allow a service to authenticate with Microsoft Azure AD and to protect information using Microsoft Azure AD Rights Management.

If you do not already have a service principal that you can use for MailMarshal Cloud, follow the following steps:

  1. As an administrator, run PowerShell with the appropriate modules installed (see note above)
  2. Import the Microsoft Azure AD module using: Import-Module MSOnline
  3. Connect to your online service with the assigned user credentials: Connect-MsolService
  4. Create a new service principal by running: New-MsolServicePrincipal
  5. Provide a name for the Service Principal
  6. Record the results (symmetric key and AppPrincipalID)

Enabling the Super User feature

MailMarshal Cloud requires the super user feature to be able to decrypt all messages for the domain. To enable this for the created principal, follow the following steps:

  • As an administrator, run PowerShell with the appropriate modules installed (see note above)
  • Import the RMS module: Import-Module AADRM
  • Connect to the service with the assigned user credentials: Connect-AadrmService –Verbose
  • Enable the Aadrm super user feature: Enable-AadrmSuperUserFeature
  • Add the Service Principal as a super user to Rights Management: Add-AadrmSuperUser  -ServicePrincipalId <AppPrincipalId>

Entering the Information in MailMarshal Cloud

To enter the AIP settings and credentials, open the MailMarshal Cloud Console and navigate to System Configuration > Azure Information Protection. For further instructions, see Help for that page.

Trustwave MailMarshal Cloud KB article Q21121

Last Modified: February 9, 2025

 Turn On Turn Off Highlight