MIP SDK 1.1: Now GA!

We’re pleased to announce the general availability of the Microsoft Information Protection SDK version 1.1!

The downloads are available via NuGet (Microsoft.InformationProtection.*) or https://aka.ms/mipsdkbins.

New Platforms

In addition to our already-supported platforms, we now additionally support:

• iOS (Policy API only)


• Android (Policy API and Protection API)

Features and Updates

We’ve made several updates in the areas performance and reliability, and added several new features to this 1.1 release. Read on to learn more about what’s new in each of the APIs and across the SDK!

.NET Wrapper

We’ll cover more on the .NET wrapper in a subsequent post. The wrapper is available via NuGet as part of the Microsoft.InformationProtection.File package. The wrapper sits on top of the native C++ libraries. Currently, the .NET wrapper is available only for File API. Head to https://aka.ms/mipsdksamples to view all of our available samples!

Install via NuGet Package Manager, or the console:

Install-Package Microsoft.InformationProtection.File

.NET 4.0 and .NET Standard 2.0 are both supported in this release.

Protection API Updates

• Active Directory Rights Management Services is now supported for protection-only.
  
  
  
  • It’s important to note that this isn’t Hold Your Own Key (HYOK) support. Rather, the Protection API can use an AD RMS endpoint for protection operations.
  
  
  • Mobile Devices Extension for AD RMS is required as the SDK needs an OAuth2 token for authentication.
  
  
  • The AD RMS endpoint will be discovered via the standard MDE DNS discovery process. 
  
  
  
  


• The Protection API is now truly asynchronous on Windows and Linux. Encryption and decryption operations can be performed simultaneously without blocking.


• Detection of whether protected content has an expiration date has been simplified with ProtectionDescriptor via the DoesContentExpire() function.

Policy API Updates

• (C++) Applications are notified of whether or not an HTTP operation will be required to complete the creation of a mip::PolicyEngine via mip::PolicyProfile::Observer::OnAddEngineStarting.


• Custom label properties set by IT administrators can now be read via the GetCustomSettings property on Label objects.


• Added support for fetching classification policies from Security and Compliance Center

File API Updates

• New features from the Protection and Policy API are including in File API as it consumed both.


• Applications are now notified of whether or not an HTTP operation will be required to complete the creation of a mip::FileEngine via mip::FileProfile::Observer::OnAddPolicyEngineStarting.


• Serialized publishing license can now be retrieved directly from a file without any HTTP operations via FileHandler.GetSerializedPublishingLicense()


• Added support for fetching classification policies from Security and Compliance Center

General Changes

• Application callbacks such as AuthDelegate or HTTPDelegate may now be invoked on any background thread.

New Requirements

• Enforced population of ID/name/version fields ApplicationInfo when creating FileProfile, PolicyProfile, and ProtectionProfile. It’s recommended to set the Application ID to the same value as the Azure Active Directory client ID (configured in AAD App Registration).


• Applications may implement new FileExecutionState interface when creating FileHandlers. This is required when implementing a classification engine.

Classification

The 1.1 release includes support for retrieving sensitivity types. These types can be retrieved via FileEngine or PolicyEngine by setting the loadSensitivityTypes parameters on the engine settings to true and then the sensitivity types are returned via the SensitivityTypes property of the engine.

//The last parameter is loadSensitivityTypes
//cpp
FileEngine::Settings engineSettings(mip::Identity(mUsername), “”, “en-US”, true);


//csharp

var engineSettings = new FileEngineSettings(engineId, “”, “en-US”) { LoadSensitivityTypes = true };

var sensitivityTypes = fileEngine.SensitivityTypes;

The SDK doesn’t implement performing classification. Developers must integrate a classification engine through the GetClassificationResults callback in either FileExecutionState (File API) or ExecutionState (Policy API). We’ll cover this in-depth in coming blogs and samples.

Updated Exceptions

• NoAuthTokenError thrown if application’s AuthDelegate returns an empty token (e.g. due to cancellation)
  
  
  
  • Applies to creation of:
    
    
    
    • FileEngine
    
    
    • FileHandler
    
    
    • PolicyEngine
    
    
    • ProtectionHandler
    
    
    
    
  
  
  
  


• NoPolicyError thrown if tenant is not configured for labels
  
  
  
  • Applies to creation of:
    
    
    
    • FileEngine
    
    
    • PolicyEngine
    
    
    
    
  
  
  
  


• ServiceDisabledError thrown if RMS service is disabled for a specific user/device/platform/tenant
  
  
  
  • Applies to creation of:
    
    
    
    • FileHandler
    
    
    • ProtectionHandler
    
    
    
    
  
  
  
  


• mip::NoPermissionsError thrown if a user does not have rights to decrypt a document or the content is expired
  
  
  
  • Applies to creation of:
    
    
    
    • FileHandler
    
    
    • ProtectionHandler
    
    
    
    
  
  
  
  

Mobile Support

While we’ve released support for iOS and Android, we’re still working on sample apps and a few quick start guides. If you’re an experienced mobile developer grab them today and get started. Look for the mobile quick starts to arrive at https://aka.ms/mipsdkdocs in the next couple of weeks!