We’re pleased to announce the general availability of the Microsoft Information Protection SDK version 1.1!
The downloads are available via NuGet (Microsoft.InformationProtection.*) or https://aka.ms/mipsdkbins.
New Platforms
In addition to our already-supported platforms, we now additionally support:
- iOS (Policy API only)
- Android (Policy API and Protection API)
Features and Updates
We’ve made several updates in the areas performance and reliability, and added several new features to this 1.1 release. Read on to learn more about what’s new in each of the APIs and across the SDK!
.NET Wrapper
We’ll cover more on the .NET wrapper in a subsequent post. The wrapper is available via NuGet as part of the Microsoft.InformationProtection.File package. The wrapper sits on top of the native C++ libraries. Currently, the .NET wrapper is available only for File API. Head to https://aka.ms/mipsdksamples to view all of our available samples!
Install via NuGet Package Manager, or the console:
Install-Package Microsoft.InformationProtection.File
.NET 4.0 and .NET Standard 2.0 are both supported in this release.
Protection API Updates
- Active Directory Rights Management Services is now supported for protection-only.
- It’s important to note that this isn’t Hold Your Own Key (HYOK) support. Rather, the Protection API can use an AD RMS endpoint for protection operations.
- Mobile Devices Extension for AD RMS is required as the SDK needs an OAuth2 token for authentication.
- The AD RMS endpoint will be discovered via the standard MDE DNS discovery process.
- The Protection API is now truly asynchronous on Windows and Linux. Encryption and decryption operations can be performed simultaneously without blocking.
- Detection of whether protected content has an expiration date has been simplified with
ProtectionDescriptor
via theDoesContentExpire()
function.
Policy API Updates
- (C++) Applications are notified of whether or not an HTTP operation will be required to complete the creation of a
mip::PolicyEngine
viamip::PolicyProfile::Observer::OnAddEngineStarting
. - Custom label properties set by IT administrators can now be read via the
GetCustomSettings
property onLabel
objects. - Added support for fetching classification policies from Security and Compliance Center
File API Updates
- New features from the Protection and Policy API are including in File API as it consumed both.
- Applications are now notified of whether or not an HTTP operation will be required to complete the creation of a
mip::FileEngine
viamip::FileProfile::Observer::OnAddPolicyEngineStarting
. - Serialized publishing license can now be retrieved directly from a file without any HTTP operations via
FileHandler.GetSerializedPublishingLicense()
- Added support for fetching classification policies from Security and Compliance Center
General Changes
- Application callbacks such as
AuthDelegate
orHTTPDelegate
may now be invoked on any background thread.
New Requirements
- Enforced population of ID/name/version fields
ApplicationInfo
when creatingFileProfile
,PolicyProfile
, andProtectionProfile
. It’s recommended to set the Application ID to the same value as the Azure Active Directory client ID (configured in AAD App Registration). - Applications may implement new
FileExecutionState
interface when creatingFileHandlers
. This is required when implementing a classification engine.
Classification
The 1.1 release includes support for retrieving sensitivity types. These types can be retrieved via FileEngine
or PolicyEngine
by setting the loadSensitivityTypes
parameters on the engine settings to true
and then the sensitivity types are returned via the SensitivityTypes
property of the engine.
//The last parameter is loadSensitivityTypes
//cpp
FileEngine::Settings engineSettings(mip::Identity(mUsername), “”, “en-US”, true);
//csharp
var engineSettings = new FileEngineSettings(engineId, “”, “en-US”) { LoadSensitivityTypes = true };var sensitivityTypes = fileEngine.SensitivityTypes;
The SDK doesn’t implement performing classification. Developers must integrate a classification engine through the GetClassificationResults
callback in either FileExecutionState
(File API) or ExecutionState
(Policy API). We’ll cover this in-depth in coming blogs and samples.
Updated Exceptions
NoAuthTokenError
thrown if application’s AuthDelegate returns an empty token (e.g. due to cancellation)
- Applies to creation of:
FileEngine
FileHandler
PolicyEngine
ProtectionHandler
- Applies to creation of:
NoPolicyError
thrown if tenant is not configured for labels
- Applies to creation of:
FileEngine
PolicyEngine
- Applies to creation of:
ServiceDisabledError
thrown if RMS service is disabled for a specific user/device/platform/tenant
- Applies to creation of:
FileHandler
ProtectionHandler
- Applies to creation of:
mip::NoPermissionsError
thrown if a user does not have rights to decrypt a document or the content is expired
- Applies to creation of:
FileHandler
ProtectionHandler
- Applies to creation of:
Mobile Support
While we’ve released support for iOS and Android, we’re still working on sample apps and a few quick start guides. If you’re an experienced mobile developer grab them today and get started. Look for the mobile quick starts to arrive at https://aka.ms/mipsdkdocs in the next couple of weeks!