The user environment-initialization is also called the bootstrapping process. The process starts when the Azure Information Protection client is installed on the client and a user opens an Office application, for example. It runs if a user consumes protected content or protects a newly-created document.

Keep in mind that if the user moves to another machine or another user uses the same machine, the process always runs the first time it's used.

During this process, many things happen in the background, and if the user is provided by Single-Sign-On in a federated environment, they don't recognize the steps overall. After a successful authentication to the RMS service, the three main certificates will be received:

• The Security Processor Certificate (SPC)
• The Client Licensor Certificate (CLC)
• The Rights Account Certificate (RAC), formerly known as Group Identity Certificate (GIC)

These are all valid for 31 days and authenticate the user to the Azure Active Directory.

Also, the Rights Management templates from the organization will be received.

The following diagram shows the main components during this process:

Many other things happen during this process. If you need more details about the bootstrap process, you can find them at https://bit.ly/2FbcxNt and https://bit.ly/2RxtcRR.

Here are some other helpful sources:

• AIP Client Admin Guide: https://bit.ly/2Txpoxr
• The Evolution of AD RMS to Azure Information Protection Part 6 by Matt Felton: https://bit.ly/2AwGR1Q
• Logging and analyzing usage: https://bit.ly/2RdJ3Wf

Next, we'll look into the content-protection flow.