Can I use Microsoft Information Protection (MIP) SDK C++ to read sensitivity label of a file, without cloud communication?

Question

Can I use Microsoft Information Protection (MIP) SDK C++ to read sensitivity label of a file, without cloud communication?

Kfir Alfandary 0

Hey,I am developing a Desktop application in C++, and I want to use the File SDK to read a file's sensitivity label.

std::string getSensitityLabel(const std::string& filename);

getSensitityLabel should return the label-id of the sensitivity label. e.g f42a3342-8706-4288-bd31-ebb85995028z

I'm following the Quickstart: Set and get a sensitivity label (C++), which requires authenticating to create the MIP engine. However, as a requirement, I can't communicate with the cloud, and therefore can't perform the authentication.

Since the sensitive label is part of the file itself, I find it reasonable to be able to read it using the SDK without cloud communication.

Is there a guide on how to do this?

Thanks!

Chandra Boorla 11,750 Reputation points Microsoft External Staff

2025-04-15T20:43:15.78+00:00

@Kfir Alfandary

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Kfir Alfandary 0 Reputation points

2025-04-16T06:33:35.7133333+00:00

Dear @Chandra Boorla Thanks for the detailed explanation. I’ll need to revisit how the initial authentication requirement impacts my application’s use of the MIP SDK.
Chandra Boorla 11,750 Reputation points Microsoft External Staff

2025-04-16T07:28:27.5433333+00:00

@Kfir Alfandary

Thank you for the follow-up! Revisiting how authentication fits into your application's architecture is definitely a smart move - especially if you're targeting environments with restricted or no internet access.

If the suggestions were helpful and this answered your question. please consider clicking Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Thank you.

1 answer

Your answer

Chandra Boorla 11,750 Reputation points Microsoft External Staff

2025-04-15T20:43:15.78+00:00

@Kfir Alfandary

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Kfir Alfandary 0 Reputation points

2025-04-16T06:33:35.7133333+00:00

Dear @Chandra Boorla Thanks for the detailed explanation. I’ll need to revisit how the initial authentication requirement impacts my application’s use of the MIP SDK.
Chandra Boorla 11,750 Reputation points Microsoft External Staff

2025-04-16T07:28:27.5433333+00:00

@Kfir Alfandary

Thank you for the follow-up! Revisiting how authentication fits into your application's architecture is definitely a smart move - especially if you're targeting environments with restricted or no internet access.

If the suggestions were helpful and this answered your question. please consider clicking Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Thank you.

Answer 1

@Kfir Alfandary

You are absolutely right that sensitivity label metadata is embedded within the file itself, and it makes sense to expect that reading it might be possible without contacting the cloud. However, based on the current capabilities of the Microsoft Information Protection (MIP) SDK, it is unfortunately not possible to use the SDK in C++ to read sensitivity labels from a file without first authenticating to the Microsoft 365 cloud.

Why the SDK Still Needs Cloud Authentication

Even though the label is stored locally in the file, the Microsoft Information Protection (MIP) SDK is architected to always work within the context of a user and a policy, both of which require initial authentication to Azure Active Directory (AAD).

The SDK performs actions like:

Downloading the label policy tied to a user/tenant.
Resolving label names, descriptions, and hierarchy.
Enforcing policy rules based on label settings.

So, without that initial authenticated context, the SDK cannot be initialized - and as a result, even basic operations like reading the label ID aren’t supported.

I hope this information helps. Please do let us know if you have any further queries.

Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.

Thank you.

Chandra Boorla 11,750 Reputation points Microsoft External Staff

2025-04-17T18:43:15.0566667+00:00

@Kfir Alfandary

Following up to see if the above suggestion was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

Can I use Microsoft Information Protection (MIP) SDK C++ to read sensitivity label of a file, without cloud communication?

1 answer

Your answer