Skip to main content
How Can We Help?
Table of Contents
< All Topics
Print

Install eDig365 from the Azure Marketplace

Posted
Updated
ByMarshal Hagen

Overview

eDig365 is a robust reporting solution designed to uncover elusive trends and insights within Microsoft Purview’s eDiscovery environment.

The application is deployed directly into your organization’s Azure Subscription. Neither Five Star Legal nor its affiliated entities have access to the application or its data. Authentication and authorization are handled exclusively through managed identities and app registrations; therefore, no credentials are ever stored by eDig365.

After installing eDig365 via the Azure Marketplace, you will need to configure your installation with the eDig365 Config Tool.

Below are the steps to install eDig365.

Before you begin

  • Obtain a license key from support@edig365.com (used in step 1)
  • Download and unzip installation assets (used in step 3)
  • Obtain or identify a person with these least-privilege permissions:
    • Azure Owner on the target subscription or resource group, to deploy eDig365 from the Microsoft Marketplace. Grant in: Azure portal → Subscription or Resource Group → Access control (IAM).
    • Application Administrator in Microsoft Entra ID, to configure authentication and complete the eDig365 Config Tool steps. Grant in: Microsoft Entra admin center → Roles and administrators → Application Administrator.
    • Organization Management role group member in Microsoft Purview, to complete the Security & Compliance configuration in the eDig365 Config Tool. Grant in: Microsoft Purview portal → Roles & scopes → Role groups → Organization Management.

Some organizations restrict admin consent to Global Administrators via tenant-level consent policies. If the admin consent step fails in the Config tool with an authorization error, a Global Administrator will need to either grant consent directly or adjust the tenant’s consent policy first.

  • Azure Resource Providers: Your Azure subscription must allow the following resource providers, which should be registered before deployment:
    • Microsoft.Solutions
    • Microsoft.App
    • Microsoft.Storage
    • Microsoft.ManagedIdentity
    • Microsoft.Authorization

These are required because the Marketplace offer deploys eDig365 as a managed application and provisions Azure Container Apps, Azure Storage, user-assigned managed identities, and storage role assignments in your subscription. In most subscriptions these providers are already registered, but if deployment validation fails, ask an Azure subscription Owner or Contributor to register them first.

1) Install eDig365

  • eDig365 settings step: Enter a name for the web application. The default name, eDig365 is a great option. Enter the container registry username and key supplied by eDig365 support. Then click Review + create.
  • Click the Review + create button, then the Create button.
  • Wait for the deployment to complete.

2) Configure authentication for the application

After deployment, any user can navigate to the site without authenticating, but the app will not do anything interesting because it doesn’t have any useful permissions. Before adding those permissions (step 4), enable authentication (this step) and authorization (step 3).

  • After the app is finished deploying, click the Go to resource button.
  • This brings you to the eDig365 managed application. Once here, click the Managed resource group link (in this example, mrg-fivestarlegal….).
  • On the left-hand navigation, expand Security, then click on Authentication.
  • Then choose Microsoft in the drop-down menu

Set each setting as below, all should be default. One option you need to choose is Client secret expiration, choose 720 days or another value in accordance with your organizations policies. This secret is required for the Azure container app to provide user authentication with Microsoft Entra.

  • After you’ve configured all of the values, click the Next: Permissions > button.
  • The application only needs the default User.Read permissions. Click the Add button.

3) Configure Authorization

Now that the application requires authentication, our next step is to specify who can use the application.

The following steps will take you to eDig365’s App registration and Enterprise application. Both were created in step 2. Although they look very similar, think of the App registration as a template and the Enterprise application as an instance in your tenant. We will configure authorization in the Enterprise application. Learn about the Difference between App Registration and Enterprise apps.

  • From the Overview section of the eDig365 App registration. Click the link for the Managed application in local directory. This will open the enterprise application in Entra.
  • In the Enterprise Application, click Manage => Properties.
  • Set Assignment required to Yes
  • Upload the eDig365 icon you downloaded and unzipped in the before you start section. Uploading the logo isn’t required but will help authorized users identify the application in Microsoft 365.
  • Click Save.
  • Click Users and groups in the left navigation, then add user/group.
  • Follow the wizard to add authorized users to eDig365.

4) Setup permissions for eDig365 to interact with the Microsoft Graph and Purview

The general process is explained here, however, the topic focus’ on assigning the permissions to an App Registration instead of a managed identity. The eDig365 Config Tool is idempotent, meaning, it can be run multiple times without issue.

Launch the eDig365 Config Tool.

The eDig365 Config tool will take you step by step to verify your permissions and complete the configuration.

5) Test eDig365

  • Click the New Snapshot button and wait for the snapshot to complete.

  • Tell users that the application is ready. You can provide the URL, but the application will show up in their Microsoft 365 Apps and can be pinned to the left nav bar.