English

Home > Appendices > Appendix S – Check and Activate Microsoft Rights Management Service

Appendix S – Check and Activate Microsoft Rights Management Service

When your app profile using the Cloud Governance apps cannot be created or authorized, you can check if it is caused by the lack of Microsoft Rights Management Service subscription:

When the authentication error occurs after you authorize the app, navigate to the Developer Tools interface by pressing F12 on the keyboard.
Check the information under the Console tab.
If you see the access denied error shown in the screenshot below, the error is caused by the lack of Microsoft Rights Management Service subscription.

The access denied error

For this error, we provide you with the following two solutions:

- Purchase and apply any of the licenses that can provide the rights for a user. After applying the license, assign the license to the authentication user. Refer to [Microsoft 365 Guidance](https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection-sensitivity-labeling) for the available licenses.

- Solve it via Graph Explorer.

	1. Log in to [Graph Explorer](https://developer.microsoft.com/en-us/graph/graph-explorer/) using your Global Administrator account with required permissions. Refer to [Create servicePrincipal](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-post-serviceprincipals) to view the required permissions.

	2. Create a new servicePrincipal object using the following request:

POST https://graph.microsoft.com/v1.0/servicePrincipals

	3. Request body:

{

"appId": "00000012-0000-0000-c000-000000000000"

}

		![Create the servicePrincipal object.](/en/cloud-governance-administrator-guide/appendices/images/image1036.png "Create the servicePrincipal object.")

		> [!NOTE]
		> Enter the app ID of Microsoft Rights Management Service (**00000012-0000-0000-c000-000000000000**) in the **appId** field even if this is different from the app ID reported in the error message.

	4. Check if the **AccountEnabled** value is **true** using the following request:

GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000012-0000-0000-c000-000000000000')

		![Check the AccountEnabled value.](/en/cloud-governance-administrator-guide/appendices/images/image1037.png "Check the AccountEnabled value.")

	1. If the **AccountEnabled** value is **false** in the response, enable it using the following request:

PATCH https://graph.microsoft.com/v1.0/servicePrincipals/{id}

		Replace **{id}** with the id value in step **iii**.

		Request body:

{

"accountEnabled":true

}

Settings

Configure Library Templates

Appendix E - Integration with ServiceNow

Appendix G - Supported References in Email Templates

Appendix J - Custom Azure App Permissions for Using AvePoint Cloud Governance

Appendix S – Check and Activate Microsoft Rights Management Service

#Appendix S – Check and Activate Microsoft Rights Management Service

Appendix S – Check and Activate Microsoft Rights Management Service