Microsoft Information Protection (MIP) Software Development Kit (SDK) version release history and support policy
Article
Servicing
Each general availability (GA) version is supported for one year once the next GA version is released. The documentation may not include information about unsupported versions. Fixes and new functionality are only applied to the latest GA version.
Preview versions shouldn't be deployed in production. Instead, use the latest preview version to test new functionality or fixes that are coming in the next GA version. Only the most current preview version is supported.
Release history
Use the following information to see what’s new or changed for a supported release. The most current release is listed first.
NuGet packages for major releases remain active in NuGet. Only the latest version of each major release is maintained on Microsoft Download Center. Versions before 1.4 are not available.
Added support for labeling MP4s. These files can be labeled without converting to a pfile. Applying a protection label will result in a pfile output.
Added capability to decrypt nested .MSG files with ContainerDecryptionOption::All. After 10 decryptions of the same nested .MSG file, a mip::BadInputError("Max depth reached on nested msg attachments") exception is thrown.
Added support for Arm64 for Windows File SDK.
Fixed an issue where Double Key Encryption info was missing when User-Defined Permissions were modified.
Fixed a bug when remove protection failed for file sizes larger than 500MB.
Fixed a bug where text style in .MSG files were not preserved during decryption.
Fixed an issue where an exception was not thrown when protection is attempted for files that cannot be accessed.
Protection SDK
Fixed an intermittent crash in offline publishing.
Platform and Dependency Updates
Fixed an issue where TLS 1.2 was not accepted despite configuring settings to allow any TLS version.
Breaking Changes
Updated CommitAsync to remove output files instead of an empty file after failure.
Updated LoadUserCert API to LoadUserCertSync. LoadUserCert is deprecated.
Updated Java wrappers sample to use MSAL for authentication.
Version 1.15.107
Release Date: October 14, 2024
File SDK
Fixed an issue where .msg files could not be encrypted if email HTML contained emojis. Enable this feature using FlightingFeature::PriopritizeHtmlInMsgs, which is off by default.
Added support for text encoding standards KOI8-R, KOI8-U, ISO8859 (1, 3, 4, 6, 7, 8, 9, 13 and 15), HZ-GB2312, GB18030 and ISO-2022-JP.
Platform and Dependency Updates
MIP SDK on .NET for all Ubunutu versions is now generally available.
Added support for Ubuntu 24.04.
Ended support for Debian 10 and RHEL 7.
Updated uriparser from 0.9.7 to 0.9.8.
Fixed an issue with End User License caches for file owners.
Improved exceptions on iOS to include more error details.
Improved error messaging for NoPermissionError during file decryption with ExtendedErrorInfo. Disable this feature by turning off FlightingFeature::EnableExtendedErrors.
Version 1.14.150
Release Date: October 14, 2024
Platform and Dependency Updates
Updated uriparser from 0.9.7 to 0.9.8.
Version 1.13.234
Release Date: October 14, 2024
Platform and Dependency Updates
Updated uriparser from 0.9.7 to 0.9.8.
Updated Azure Identity from 1.11.0 to 1.11.4.
Fixed a crash when acquiring license rights data in .NET wrapper.
Version 1.15.94
Release Date: August 12, 2024
File SDK
Fixed an issue where saving PDF files with protection labels failed in Office.
Added exception when labeling .zip.pfile fails for labels without protection.
Fixed an issue where decryption failed for files protected with MIP SDK version 1.11 and below.
Platform and Dependency Updates
Fixed a crash when acquiring license rights data in .NET wrapper.
Updated Azure Identity from 1.11.0 to 1.11.4.
Version 1.14.148
Release Date: August 12, 2024
Platform and Dependency Updates
Fixed a crash when acquiring license rights data in .NET wrapper.
Updated Azure Identity from 1.11.0 to 1.11.4.
Version 1.13.229
Release Date: July 12, 2024
File SDK
Fixed an issue where linearized PDFs were corrupted.
Fixed an issue where decryption failed for labeled files with MIP SDK 1.10/1.11.
Fixed a security issue in the PDF parser.
Version 1.15.86
Release Date: July 5, 2024
File SDK
Fixed an issue where linearized PDFs were corrupted.
Fixed an issue where decryption for labeled files failed with MIP SDK 1.10/1.11.
Fixed a security bug in the PDF parser.
Added support for Central European text encoding to protect RTF email.
Platform and Dependency Updates
Added support for masking additional PII fields, like engineIDs and file paths.
Added support for C API additions that enable better configuration of protection descriptors for UDP and AdHoc protection.
Added support for TLS 1.3.
Version 1.14.146
Release Date: July 5, 2024
File SDK
Fixed an issue where linearized PDFs were corrupted.
Fixed an issue where decryption for labeled files failed with MIP SDK 1.10/1.11.
Fixed a security bug in the PDF parser.
Platform and Dependency Updates
Added PII masking for engineIDs and file paths fields.
Version 1.14.128
Release Date: February 27, 2024
File SDK
Fixed a bug with unicode characters when consuming MSG files.
Fixed an issue where Hangul characters were not displayed properly in MSG files.
Fixed a bug where streams were not aligned correctly when not null terminated.
Protection SDK
Added support for UTF16-encoded JSON prelicenses.
Added check for expired prelicenses with FlightingFeature::PreLicenseValidityCheck with default true.
Updated EUL and prelicenses to expose label name and label description.
Policy SDK
Updated the policy sync URL for China cloud.
Updates for legacy tenants who migrated from AD RMS to RMS
Fixed an issue where LoadUserCert threw an error.
Fixed an issue causing corrupt offline publishing licenses, which could not be consumed to decrypt content.
Fixed a bug where legacy tenant prelicenses were not accepted by the protection SDK.
Platform and Dependency Updates
Updated URI parser to 0.9.7.
Updated SQLite3 to 3.45.1.
Updated Libgsf to 1.14.52.
Breaking Changes
Fixed path for config file from applicationPath/mipmip_config.json to applicationPath/mip/mip_config.json. Applications using a config file to mask PII in log files must update the file location.
Version 1.13.209
Release Date: February 27, 2024
File SDK
Fixed a bug with unicode characters when consuming MSG files.
Fixed an issue where Hangul characters were not displayed properly in MSG files.
Fixed a bug where streams were not aligned correctly when not null terminated.
Policy SDK
Updated the policy sync URL for China cloud.
Protection SDK
Fixed an issue where licenses were cached without owner emails.
Added support for UTF16-encoded JSON prelicenses.
Added check for expired prelicenses with FlightingFeature::PreLicenseValidityCheck with default true.
Updated End-User Licenses (EULs) and prelicenses to expose label name and label description.
Updates for legacy tenants who migrated from Active Directory Rights Management Service (AD RMS) to Rights Management Service (RMS)
Fixed an issue where LoadUserCert threw an error.
Fixed an issue causing corrupt offline publishing licenses, which could not be consumed to decrypt content.
Fixed bug where a legacy tenant prelicenses were not accepted by the protection SDK.
Platform and Dependency Updates
Updated OpenSSL to 1.1.1-w from 1.1.1-r.
Updated URI parser to 0.9.7.
Updated SQLite3 to 3.45.1.
Updated Libgsf to 1.14.52.
Breaking Changes
Fixed path for config file from applicationPath/mipmip_config.json to applicationPath/mip/mip_config.json. Applications using a config file to mask Personal Identifiable Information (PII) in log files must update the file location.
Version 1.14.108
Release Date: October 27, 2023
File SDK
Fixed a bug where .doc files encrypted by SharePoint Online (SPO) had invalid metadata.
Fixed an issue where labeling signed Office and PDF files invalidated the signature and could not be opened with some editors.
Fixed a bug where constructing .msg files failed when using Messaging Application Programming Interface (MAPI) to convert some files to .msg format.
Fixed a bug in MIP file SDK sample where corrupted output files were not deleted in event of failure.
Fixed an issue where decrypting PDF files did not remove all label metadata.
Fixed a bug where encrypting .msg files with an empty body threw an exception.
Fixed a bug where .pdf files that start with comments are protected as .pfiles instead of natively protected .pdf files.
Fixed an issue where an exception was thrown when updating an inactive label with the same label.
Added exceptions when attempting to use policy operations on a protection-only file engine.
Policy SDK
Change policy service URLs to target global endpoints for DoD, GCC-High and China sovereign clouds.
Protection SDK
Fixed a bug where non-RMS protected attachments did not throw an error when decryption or inspection failed for .msg files.
Fixed a bug where EULs valid for less than one day were not cached.
Added support to preserve encrypted application data when using template protection.
Added support for pulling serialized template data (Windows/Linux/macOS).
Error code for signed Office files and signed PDF files changed from Mip::FileIOError to Mip::NotSupportedError.
Audit event properties store the type of PII instead of None by default. Custom audit delegates that expect the PII to be None require updates.
Signed app data returns extra entries for DKE protected docs during publishing.
Office files use CBC encryption by default. To revert this, set FlightingFeature::UseCbcForOfficeFileEncryption to false.
Version 1.13.187
Release Date: August 15, 2023
Bug Fixes
MIP SDK now hides symbols for statically linked OpenSSL on Linux.
Fixed a bug where non-Office compound files were using AES128-ECB if legacy algorithms flag was set. These files should use AES256-CBC and ignore the legacy algorithms flag.
Raised send priority of auditing events to highest level, ensuring audit events are submitted to the audit endpoint more frequently.
Version 1.13.182
Release Date: July 27, 2023
Bug Fixes
Fixed an issue removing protection from MSG files when attachments are protected with non-RMS technology. A warning is thrown instead of an exception.
Version 1.13.176
Release Date: June 10, 2023
Bug Fixes
Fixed an issue where CommitAsync() failed to return in low disk space conditions.
Fixed an issue where creating FileHandler for xlsb files failed when file was downloaded from SharePoint.
Platform and Dependency Updates
Added support for Ubuntu 22.04.
Added support for Debian 11.
Added support for RedHat Enterprise Linux 9.
Removed support for Ubuntu 18.04.
Removed support for Debian 9.
Version 1.13.161
Release Date: March 28, 2023
Bug Fixes
Fixed a signing issue on .NET NuGet package.
Fixed an issue in ProtectionProfile where offline publishing setting was missing.
Version 1.13.158
Release Date: March 17, 2023
File SDK
Added a feature flag that enables MIP SDK to publish Office files and emails in cipher block chaining mode.
Set with flighting feature UseCBCForOfficeFileEncryption via MipConfiguration.FeatureSettingsOverride().
Fixed issues with consuming cipher block chaining (CBC) mode protected Office files and emails. MIP SDK can now consume CBC mode protected content generated by Office.
Protection SDK
Added preview support for offline publishing in the Protection SDK.
Offline protection can be enabled by setting ProtectionProfileSettings.OfflinePublishing to true in both C++ and .NET.
Breaking Changes
PublishingSettings for republishing require either a serialized publishing license or a ProtectionHandler in the constructor instead of being able to set either/both after construction.
Removed SetPublishingLicenseForRepublish and SetProtectionHandlerForRepublish.
ProtectionDescriptorBuilder uses SetLabelInfo instead of SetLabelId
Insert method in mip::StorageDelegate and IStorageDelegate is replaced with InsertOrReplace.
Critical Update
MIP SDK 1.13 introduces support for consuming files and emails protected with AES256-CBC generated by Word, Excel, PowerPoint, Outlook, Exchange Online, SharePoint Online, and MIP SDK-enabled applications that opted in to CBC publishing. If your application uses the File SDK to consume any of these formats, it's important that you update the application to MIP SDK 1.13. In the second half of 2023, Microsoft 365 Apps, Exchange Online, and SharePoint Online begin to protect with AES256-CBC by default. Applications that have not updated will fail to properly decrypt files and emails.
MIP SDK 1.13 continues to publish Office documents and emails using AES128 in electronic codebook (ECB) mode. MIP SDK 1.14 enables AES256-CBC publishing by default. If you'd like to test CBC publishing ahead of time, enable the UseCBCForOfficeFileEncryption feature flag via MipConfiguration.FeatureSettingsOverride().
Applications that fail to update to MIP SDK 1.13 may begin to encounter an exception with the following details: Something bad happened: AESCryptoWriter: Failed to transform final block.
Version 1.12.101
Release Date: November 18, 2022
File SDK
Fixed an issue where including special characters in a label name may cause a message to be unopenable by Microsoft Outlook.
Fixed a bug when protection was removed for inactive labels.
Fixed a bug where changing label permissions with co-auth enabled produced protected documents that could not be opened.
Upgraded libgsf to 1.14.50 and LibXML2 to 2.9.14.
Upgraded Extreme Memory Profiles (XMP) to use version 2.4.7
Policy SDK
Fixed a bug with invalid metadata exception for ComputeActions.
Protection SDK
Added accessors to retrieve the intranet and extranet URLs from TenantInformation.
Exposed a C API for acquiring delegation licenses.
Fixed a bug for inconsistent parent label metadata when child labels are removed.
Fixed an auth cache bug for CreateFromLicenseType.
Fix an issue where the engine being cleaned up during a GetTemplatesAsync() call would cause a crash.
Added GetLicenseRightsData to get user/objectId/puid and rights from publishing license.
Fixed a bug where descriptor tag could not be added to license if there are no descriptors.
Fixed a .NET crash on Linux.
Fixed a desk space issue; an error is now reported when MIP runs out of disk space when protecting content.
Upgraded OpenSSL dependency to 1.1.1-r.1.
Platform and Dependency Updates
Fixed a bug where clouds weren't treated consistently.
Added support for offline publishing preview feature.
Fixed a bug where wrappers were missing telemetry cloud for sovereign cloud scenarios.
Removed PII from audit telemetry of debug builds.
Breaking Changes
If both usersWithDefaultRights and additionalUsersAndRights are empty, CreateFromLicenseType throws a BadInputError.
Added new methods GetLicenseRightsData and GetLicenseRightsDataAsync in class ProtectionEngine.
Version 1.12.61
Release Date: June 9, 2022
File SDK
File SDK now supports data boundary via FileEngineSettings.DataBoundary.
Fixed a bug in GetCodePage in MsgInspector.
Fixed bug where BodyType always returned TXT in MsgInspector.
Fixed a bug in Java wrapper where using UserRoles threw java.util.Collections$UnmodifiableCollection can't be cast to java.util.List exception.
Fixed a bug when decrypting text files >2GB with GetDecryptedTemporaryStreamAsync().
Policy SDK
Policy SDK now supports data boundary via PolicyEngineSettings.DataBoundary.
Fixed a bug where in certain conditions policy changes resulted in a crash.
Fixed an issue where Encrypt Only labels with DKE protection weren't filtered when they should be.
Protection SDK
Preview: Added support for offline protection.
Enable offline protection by setting ProtectionProfile.OfflinePublishing to true when creating a ProtectionProfile.
Caching templates requires setting ProtectionEngineSettings.SetTemplateRefreshArgs(std::chrono::hours) (C++) or ProtectionEngineSettings.TemplateRefreshArgs (.NET) to enable protection template caching.
Protection SDK now supports data boundary via ProtectionEngineSettings.DataBoundary
Breaking Changes
FileHandler.SetLabel() API no longer supports rpmsg files as input.
Passing a plaintext MSG file to the MsgInspector results in a NotSupportedError
MsgInpector no longer attempts to decrypt attachments that are part of the message.rpmsg file.
MsgInpector returns a fully functional MSG file if the message.rpmsg file had MSG attachments. These MSG files can be decrypted with the FileHandler.RemoveProtection API.
TelemetryDelegate and AuditDelegateWriteEvent method now requires a second parameter, EventContext. The EventContext class exposes information on the target cloud and data boundary for the event.
Platform and Dependency Updates
Added support across all three SDKs for setting European Union data boundary.
When DataBoundary is set to EU, all telemetry and audit events flow directly to the EU region.
Setting DataBoundary to any other region results in emitting data to nearest service entry point.
Updated libxml2 to 2.9.13.
Fixed a crash specific to Android.
Fixed an issue where SDK wasn't fully honoring log level
Version 1.11.96
Release Date: July 20, 2022
File SDK
Fixed a bug in MemoryStream for GetDecryptedTemporaryStream large file types
Fixed a bug causing data loss during PDF encryption due to stack overflow crash
With OptimizePdfMemory, if /Info is an ObjStm with an internal indirect object, it returns PDFPARSER_ERROR_FORMAT instead of stack overflow
Fixed a bug where supporting MIP libraries weren't loading in Java
Fixed a bug where MSG files with protected MSG file attachments would experience corruption when rpmsg extension had a trailing null terminator
Fixed a crash in MSG files with link attachments
Fixed a bug where sequence of label application wasn't honored correctly using Azure Information Protection (AIP) Unified Client app for Windows
Fixed a bug where RemoveProtection threw LabelDisabledError exception stating inactive label was specified
Fixed a bug where DeleteLabel threw invalid metadata exception while input file is protected by templateID
Policy SDK
Fixed an issue where policy change would cause a crash due to mismatch between native and managed map during OnPolicyChanged call
Platform and Dependency Changes
Fixed an issue where telemetry and audit data may not be sent when using C# or Java interface
Fixed a bug where clouds with the same base URL weren't treated consistently
Updated version of Adobe XMP to 6.0.0 and pushed security fix for expat vulnerability in 2.1.0 storeAtts() function
Exposed EnableAuditAndTelemetryForSovereignClouds flag for .NET
Fixed a crash caused by control flow integrity performing vtable security checks
Disabled these checks because Android doesn't support cross-library vtable checks
Fixed a bug in Windows crypto delegate for use after free vulnerability. Applies only to applications that set EnableFipsValidatedCryptography on Windows
hashObject vector was being cleaned up before the handle and caused a use after free when the handle was cleaned up in the destructor of BcryptData
Version 1.11.64
Release Date: January 12, 2022
File SDK
Fixed a bug in pfile-wrapped MSG files using the incorrect content format.
Fixed a bug where the Inspector class caused a crash on rpmsg files.
Fixed a bug where SDK wasn't properly compressing files over 4GB, resulting in possible corruption.
Protection SDK
Fixed an issue related to chasing Domain Name System (DNS) records for AD RMS on iOS.
Platform and Dependency Updates
Updated log4j in Java sample apps.
Rename arm64 ABI on Android to arm64-v8a
Version 1.11.53
Release Date: November 17, 2021
File SDK
Fixed bug where IsModified() in mip::FileHandler returns false instead of true for a plaintext .MSG file with protected attachment.
Fixed bug Addressing XML formatting issues in metadata that broke labels with no protection in certain cases.
Policy SDK
Introduced improvements to prevent deadlocking in Policy Sync.
Breaking Changes
Previously, when a label was configured for "Do Not Forward" or "Encrypt Only" and a file protection action, MIP SDK wouldn't display the label in the label list for the file content type.
The SDK is updated to fix this issue. The label will not be filtered in either case when configured to apply to both content types.
This change doesn't impact labels where the protection action was "Encrypt Only" or "Do Not Forward".
Lastly, it doesn’t impact labels intended for files where the action was predefined or user-defined protection.
Updated existing exceptions for better handling of specific scenarios. The following previously surfaced as NetworkError::Category::FailureResponseCode
NetworkError::Category::ServiceUnavailable
New exception category (NetworkError exception).
Returned when the dependent service is unavailable.
Service returns 503
NetworkError::Category::Throttled
Exception: NetworkError
Returned when too many requests are made to the dependent service.
Service returns 429
Platform and Dependency Updates
Updated SDK dependencies to latest versions
All MIP SDK binaries are updated to use version 2.9.12 of libxml2 static library and libgsf dynamic library for Android and Windows.
Proxy support for Linux introduced. Example of how to set proxy below.
export HTTP_PROXY="http://10.10.10.10:8080"
Version 1.10.115
Release Date February 25, 2022
Fixed a bug in pfile-wrapped MSG files using the incorrect content format.
Fixed a bug where the Inspector class caused a crash on rpmsg files.
Fixed a bug where SDK wasn't properly compressing files over 4GB, resulting in possible corruption.
Fixed a bug in detecting that protected MSG files. Files may be protected but SDK treats them as plaintext.
Version 1.10.98
Release Date September 29, 2021
Bug Fixes
Fixed a bug in iOS where bitcode wasn't enabled
Version 1.10.97
Release date: September 17, 2021
Bug Fixes
Fixed a bug where attachments on MSG files were corrupted when applying a protection label to the MSG file.
Version 1.10.93
Release date: August 23, 2021
General Changes
Added MipConfiguration class.
This class controls the configuration settings previously set directly on MipContext.
Delegates, logging location, etc. are set as part of this object.
FileHandler::IsLabeledOrProtected() now supports MSG files.
File SDK now supports decryption of protected attachments on unprotected MSG files.
This change applies only to files and not containers such as MSG or ZIP files.
Added new static method mip::FileHandler::GetFileStatus()
This function returns a new mip::FileStatus object that indicates whether the file is labeled, protected, or contains protected objects.
FileStatus exposes three properties: IsProtected, IsLabeled, and ContainsProtectedObjects.
ContainsProtectedObjects is useful for MSG files with protected attachments.
When calling FileHandler::RemoveProtection() on a plaintext MSG file with protected attachments, protection is removed from the attachments.
Fixed a bug where IProtectionHandler was destroyed when calling IFileHandler.SetProtection() in a loop. IProtectionHandler instance is no longer destroyed after use.
Policy SDK
The content marking variable ${Event.DateTime} now defaults to local time rather than UTC.
This variable can be set back to the previous default by using flighting feature EventDateTimeTokenUseUtc.
Fixed bug where IsActive wasn't returning the same values inside a PolicyHandler as it was when retrieving labels from a PolicyEngine.
Protection SDK
Added new more specific error types that surface in both Protection and File SDK. See Breaking Changes section.
Breaking Changes
Introduced new custom settings to govern the default audit settings.
Added new property in audit Delegate to set audit settings.
LabelGroupData class no longer has IsAuditEnabled() method.
You can use instead GetEnableAuditSetting() to get EnableAudit settings in the policy once policy is loaded. Default audit settings are Undefined as opposed to true in older versions.
Allow passing the document's timezone to ComputeActions to allow actions to be computed as if the document existed in a different timezone from the machine applying the label.
Useful for when labels are applied on behalf of a user through a service, where the server's local time isn't necessarily the same as the user's.
Instead of returning the ${Event.DateTime} in UTC format, we now default to local time without displaying the timezone.
Updated existing exceptions for better handling of specific scenarios.
Changed default audit behavior for tenants where AIP Analytics is enabled. It is now mandatory that in addition to configuring the service-side components of the AIP Analytics feature that you also set the EnableAudit property to true in sensitivity label policies.
Set-LabelPolicy -Identity Global -AdvancedSettings @{EnableAudit="True"}
Review this Docs article for details on setting advanced policy settings.
Added function GetApplicationScenarioId() to FileExecutionState.
Removed ContentFormat enum.
Added specific errors with categories for a set of errors exposed previously under NetworkError via strings/error codes.
NoPermissionsError::Category::UserNotFound
NoPermissionsError::Category::AccessDenied
NoPermissionsError::Category::AccessExpired
NoPermissionsError::Category::UserNotFound
Microsoft.RightsManagement.Exceptions.UnknownTenantException thrown service now surfaces as ServiceDisabledError instead of Network Error
Bug Fixes
Fixed a memory leak when calling mip::FileHandler::IsLabeledOrProtected().
Fixed a bug where failure in FileHandler::InspectAsync() called incorrect observer.
Fixed a bug where SDK attempted to apply co-authoring label format to Office formats that don't support co-authoring (DOC, PPT, XLS).
Fixed a crash in the .NET wrapper related to FileEngine disposal. Native PolicyEngine object remained present for some period and would attempt a policy refresh, resulting in a crash.
Fixed a bug where the SDK would ignore labels applied by older versions of AIP due to missing SiteID property.
Version 1.8.97
Release date: February 24, 2021
Fixed a bug where child labels weren't filtered properly and included all types of labels, even if not requested.
Fixed a bug where labels weren't maintained on RemoveProtection() if label metadata was incomplete.
Version 1.8.94
Release date: February 8, 2021
Fixed bug in NuGet package where debug configuration for C++ projects deployed release binaries. Version 1.8.86 may result in a crash with native C++ apps. Make sure to update to 1.8.94 or later.
Fixed a bug where policy engine was required to remove protection.
If policy engine can't be loaded and label metadata is present, the policy engine is discarded if protection is removed.
Fixed a bug where empty labelInfo.xml was generated if file was changed to another protected label.
Version 1.8.86
Release date: January 13, 2021
General Changes
Added support for Mac on ARM.
Signed all dylib files for Mac.
All clouds are fully supported across all three Software Development Kits (SDKs).
Rename TelemetryConfiguration to DiagnosticConfiguration.
Updated MipContext to accept DiagnosticConfiguration instead of TelemetryConfiguration.
Exposed new AuditDelegate.
Several custom settings had their name changed and are removed in version 1.9. These cutsom settings continue to function in parallel with their updates names in version 1.8.
New Name
Old Name
is_debug_audit
is_debug_telemetry
is_audit_disabled
is_built_in_audit_disabled
File SDK
Added support for user-defined labels with double key encryption.
Added an API, MsgInspector.BodyType to expose body encoding type for MSG files.
Added APIs to support Double Key Encryption with User-Defined Permissions.
Added flag for mip::FileHandler that allows the caller to disable audit discover event send. This fixes a scenario where using the ClassifyAsync() API would result in duplicate discovery events.
Fixed bugs where:
Setting protection on XPS file fails.
A file can't be opened after upload/download from SharePoint Online and removing custom permissions.
RemoveProtection() function would accept a message.rpmsg input. Now accepts only MSG files.
A crash that occurred when attempting to track or revoke unprotected files.
Policy SDK
Removed ActionId from default metadata properties to ensure consistency between Microsoft Office and SharePoint Online labeled documents.
Added support for Azure Purview-specific labels.
Added ability to override both telemetry and audit via delegates for each.
Audit delegate provides the ability to send AIP auditing events to a destination other than AIP Analytics, or in addition to AIP Analytics.
Added flag for mip::PolicyHandler that allows the caller to discover audit discover event send. This fixes a scenario where using the ClassifyAsync() API would result in duplicate discovery events.
Fixed a bug where encrypted policy database couldn't be opened in certain scenarios.
Exposed new AuditDelegate that allows developers to override default MIP SDK audit pipeline and send events to their own infrastructure.
mip::ClassifierUniqueIdsAndContentFormats and GetContentFormat() now return std::string instead of mip::ContentFormat. This change is replicated in .NET and Java wrappers.
ContentFormat.Default is now ContentFormat.File.
Protection SDK
Added a ProtectionEngineSettings.SetAllowCloudServiceOnly property that prohibits any connections to Active Directory Rights Management Services clusters when true. Only cloud environments are used.
Added support for acquiring delegation licenses.
Delegations licenses enable services to fetch a license for content on behalf of a user.
This lets the service view rights data and decrypt on behalf of the user without additional calls to service.
Java Wrapper (Public Preview)
Added support for Track and Revoke to Java Wrapper.
Added stream support to Java Wrapper
C API
Removed MIP_FLIGHTING_FEATURE_KEEP_PDF_LINEARIZATION flag from C API.
Version 1.7.147
File SDK
Minor bug fix for the .PBIX file format.
Version 1.7.145
Release date: November 13, 2020
General Changes
Updated NuGet package to copy dependencies only on update rather than always.
Debug configuration on .NET uses release version of native libraries. We found that customers deploying .NET solutions in debug mode to remote servers were required to install the VC++ Debug runtime, which isn't trivial. If there's a need to debug in to native libraries, please copy the DLLs from the SDK Redistributable into the project folder (https://ala.ms/mipsdkbins)
Fixed a bug that was generating warnings for .NET Core projects.
Version 1.7.133
Release date: September 23, 2020
General SDK Changes
Public Preview available for Java on Windows and Ubuntu 18.04.
.NET Core now supported on Windows.
Public preview support for .NET Core on Ubuntu 18.04.
Improved local logging for Keystore when storage cache type is set to OnDiskEncrypted.
Enabled feature flighting on .NET Wrapper
Reverted SDK telemetry behavior to pre-1.6. A minimum set of usage events are now sent when opted in for minimum telemetry only.
File SDK
Fixed UTF-16/UTF-8 body conversion in MSGInspector.
Set a default max file size limit for files protected by the File SDK to 6GB.
Change made due to decryption of large files requiring at least the file size in available memory.
Can be overridden by custom setting max_file_size_for_protection.
Added support for linearized PDFs.
Fixed a bug where LastModifiedDate wasn't updated on Change event.
Fixed a memory leak in protected PDF creation.
File SDK supports revocation of tracked files.
FileEngine::Settings::SetLabelFilter is deprecated, use ConfigureFunctionality instead.
Policy SDK
Policy SDK now supports Encrypt Only labeling actions.
Fixed a bug where mip::Identity wasn't properly loaded from cached engines.
Fixed a bug where classification GUID comparisons were case-sensitive in classification API.
Enriched audit events by adding new fields.
Protection SDK
Fixed a bug where mip::Identity wasn't properly loaded from cached engines.
Added implicit registration for newly created publishing licenses.
Added support for cryptographic algorithms used to support DKE in Office files.
Made documentId and owner parameters optional.
C APIs
Added missing identity and DKE APIs.
Moved AuthDelegate from profile to engine across all SDKs.
Publish Policy SDK Sample for C
MIP_CC_CreateProtectionEngineSettingsWithIdentity is deprecated, use MIP_CC_CreateProtectionEngineSettingsWithIdentityAndAuthCallback instead.
MIP_CC_CreateProtectionEngineSettingsWithEngineId is deprecated, use MIP_CC_CreateProtectionEngineSettingsWithEngineIdAndAuthCallback instead.
MIP_CC_CreateProtectionProfileSettings signature has changed.
MIP_CC_CreatePolicyEngineSettingsWithIdentity is deprecated, use MIP_CC_CreatePolicyEngineSettingsWithIdentityAndAuthCallback.
MIP_CC_CreatePolicyEngineSettingsWithEngineId is deprecated, use MIP_CC_CreatePolicyEngineSettingsWithEngineIdAndAuthCallback.
MIP_CC_PolicyEngineSettings_SetLabelFilter is deprecated, use MIP_CC_PolicyEngineSettings_ConfigureFunctionality.
MIP_CC_CreatePolicyProfileSettings signature has changed.
Breaking Changes
Common
TelemetryConfiguration::isTelemetryOptedOut renamed to isMinimalTelemetryEnabled.
C API
mip_cc_document_state is updated with a new value mip_cc_metadata_version_format contentMetadataVersionFormat
Version 1.6.103
Release date: April 16, 2020
General SDK Changes
TLS 1.2 enforced for all non-ADRMS HTTP communication.
Migrated iOS/macOS HTTP implementation from NSURLConnection to NSURLSession.
Migrated iOS telemetry component from Aria SDK to 1DS SDK.
Telemetry component now uses MIP's HttpDelegate on iOS, macOS, and Linux. (Previously only win32).
Improved type safety for C API.
Moved AuthDelegate from Profile to Engine in C++, C#, and Java APIs.
AuthDelegate moved from constructor of Profile::Settings to Engine::Settings.
Added Category to NoPolicyError to provide more info about why policy sync failed.
Added PolicyEngine::GetTenantId method.
Added explicit support for all clouds.
New Engine::Settings::SetCloud method to set target cloud (GCC High, 21-Vianet, etc.).
Existing Engine::Settings::SetCloudEndpointBaseUrl method call is no longer necessary for recognized clouds.
Enabled bitcode for iOS binaries.
File SDK
Added IFileHandler::InspectAsync to C# and Java Wrappers
New support via FileProfile::AcquirePolicyAuthToken for triggering policy token acquisition to allow an application to warm up its token cache.
MsgInspector::GetAttachments returns vector<shared_ptr<MsgAttachmentData>> instead of vector<unique_ptr<MsgAttachmentData>>
TelemetryConfiguration::isOptedOut setting now completely disables telemetry. Previously a set of minimum telemetry was sent.
Policy SDK
New support for triggering token acquisition to allow an application to warm up its token cache via PolicyProfile::AcquireAuthToken.
Hold Your Own Key (HYOK) labels are filtered by default.
Metadata associated with deleted labels are now removed.
If there is ever a mismatch between cached label policy and sensitivity policy, the policy cache is cleared.
New support for versioned metadata:
A file format may rev the location/format of its label metadata. In that case, an application should provide MIP with all metadata, and MIP determines which metadata is "true".
ContentLabel::GetExtendedProperties now returns vector<MetadataEntry> instead of vector<pair<string, string>>.
MetadataAction::GetMetadataToAdd now returns vector<MetadataEntry> instead of vector<pair<string, string>>.
ExecutionState::GetContentMetadata should now return vector<MetadataEntry> instead of vector<pair<string, string>>.
ExecutionState::GetContentMetadataVersion should return the highest version of metadata that the application recognizes for the current file format (usually 0).
PolicyEngine::GetWxpMetadataVersion returns the metadata version for Office documents as configured by tenant admin (0 = default, 1 = coauth-enabled format).
Equivalent changes in C API:
MIP_CC_ContentLabel_GetExtendedProperties
MIP_CC_MetadataAction_GetMetadataToAdd
mip_cc_metadata_callback
mip_cc_document_state
MIP_CC_PolicyEngine_GetWxpMetadataVersion
TelemetryConfiguration::isOptedOut setting now completely disables telemetry. Previously a set of minimum telemetry was sent.
Protection SDK
New support for registration and revocation for doc tracking.
New support for generating a pre-license when publishing.
Exposed public Microsoft TLS cert used by protection service.
GetMsftCert and GetMsftCertPEM
If an application overrides HttpDelegate interface, it must trust server certificates issued by this CA.
This requirement is expected to be removed late in 2020.
Version 1.5.124
Release date: March 2, 2020
General SDK Changes
Java API (Windows-only)
Cancellation of async MIP tasks
All async calls return mip::AsyncControl object with a Cancel() method
Delay-load dependent binaries
Optionally mask specific telemetry/audit properties
Configurable via mip::TelemetryConfiguration::maskedProperties
Improved exceptions:
All errors include actionable correlation IDs in description string
Network error has 'Category', 'BaseUrl', 'RequestId', and 'StatusCode' fields
Improved C API result/error details
File SDK
Network-free check if file is labeled or protected
mip::FileHandler::IsLabeledOrProtected()
Minor risk of false positives (for example if file contains zombie label metadata)
Filter labels associated with specific types of protection
Configurable via mip::FileEngine::Settings::SetLabelFilter()
Expose policy data to File SDK
mip::FileEngine::GetPolicyDataXml()
Policy SDK
Dynamic content marking for watermark/header/footer actions:
Fields like ${Item.Label}, ${Item.Name}, ${User.Name}, ${Event.DateTime} are automatically
populated by MIP
mip::Identity can be constructed with user-friendly "name" field used by dynamic content marking
Configurable via mip::PolicyEngine::Settings::SetVariableTextMarkingType()
Network-free check if content is labeled
mip::PolicyHandler::IsLabeled()
Minor risk of false positives (for example if content contains zombie label metadata)
Label policy cache TTL
Default: 30 days
Configurable via mip::PolicyProfile::SetCustomSettings()
Breaking Change
Updated PolicyEngine.Settings.LabelFilter from list of enums to nullable bitfield.
Protection SDK
Pre-license
Existence of a pre-license alongside encrypted content, along with a previously retrieved user
cert, allows for offline decryption of content
mip::ProtectionHandler::ConsumptionSettings can be constructed with a pre-license
mip::ProtectionEngine::LoadUserCert|Async() fetches user cert which is stored according to
mip::ProtectionProfile's caching policy
Server-specific feature checking
Checks if user's tenant supports "encrypt only" feature (only available in Azure RMS)
mip::ProtectionEngine::IsFeatureSupported()
Richer details when fetching RMS templates
Breaking Changes
mip::ProtectionEngine::GetTemplates()vector<shared_ptr<string>> return value replaced with
vector<shared_ptr<mip::TemplateDescriptor>> (C++)
mip::ProtectionEngine::Observer::OnGetTemplatesSuccess() callback shared_ptr<vector<string>>
parameter replaced with vector<shared_ptr<mip::TemplateDescriptor>> (C++)
IProtectionEngine.GetTemplates|Async() return value List<string> replaced with
List<TemplateDescriptor>. (C#)
MIP_CC_ProtectionEngine_GetTemplates() mip_cc_guid* param replaced with mip_cc_template_descriptor* (C API)
C API
Breaking Changes: Updated most functions to include mip_cc_error* parameter, can be NULL
Error/Exception Updates
Error handling summary:
AccessDeniedError: User has not been granted rights to access content
NoAuthTokenError: App did not provide auth token
NoPermissionsError: User has not been granted rights to specific content, but referrer/owner is available
ServiceDisabledError: Service is disabled for user/device/platform/tenant
AdhocProtectionRequiredError: Ad hoc protection must be set before setting a label
BadInputError: Invalid input from user/app
InsufficientBufferError: Invalid buffer input from user/app
LabelDisabledError: Label ID is recognized but disabled for use
LabelNotFoundError: Unrecognized label ID
TemplateNotFoundError: Unrecognized template ID
ConsentDeniedError: An operation that required consent from user/app wasn't granted consent
DeprecatedApiError: This API is deprecated
FileIOError: Failed to read/write file
InternalError: Unexpected internal failure
NetworkError
ProxyAuthenticationError: Proxy authentication is required
Category=BadResponse: Server returned unreadable HTTP response (retry might succeed)
Category=Cancelled: Failed to establish HTTP connection because operation was canceled by user/app (retry probably succeeds)
Category=FailureResponseCode: Server returned a generic failure response (retry might succeed)
Category=NoConnection: Failed to establish HTTP connection (retry might succeed)
Category=Offline: Failed to establish HTTP connection because application is in offline mode (retry won't succeed)
Category=Proxy: Failed to establish HTTP connection due to proxy issue (retry probably won't succeed)
Category=SSL: Failed to establish HTTP connection due to SSL issue (retry probably won't succeed)
Category=Throttled: Server returned "throttled" response (backoff/retry probably succeeds)
Category=Timeout: Failed to establish HTTP connection after timeout (retry probably succeeds)
Category=UnexpectedResponse: Server returned unexpected data (retry might succeed)
NoPolicyError: Tenant or user isn't configured for labels
NotSupportedError: Operation not supported in current state
Removed unused PolicySyncError. Replaced by NetworkError
Removed unused TransientNetworkError. Replaced by NetworkError categories
Version 1.4.0
Release date: November 6, 2019
This version introduces support for the Protection SDK in the .NET package (Microsoft.InformationProtection.File).
SDK changes
Performance improvements and bug fixes
Renamed StorageType enum to CacheStorageType
Android links to libc++ instead of gnustl
Removed previously deprecated APIs
File/Policy/Profile::Settings must be initialized with a MipContext
File/Policy/Profile::Settings path, application info, logger delegate, telemetry, and log level getters/setters have been removed. These properties are managed by MipContext
Better static library support on Apple platforms
Monolithic static libraries
libmip_file_sdk_static.a
libmip_upe_sdk_static.a
libmip_protection_sdk_static.a
libmip_upe_and_protection_sdk_static.a
Third-party dependencies extracted into separate libraries
libsqlite3.a
libssl.a
Removed mip_telemetry.dll (merged into mip_core.dll)
File SDK
RPMSG
Encryption
Added support for string8 decryption
Configurable PFILE extension behavior (default, {extension}.PFILE, or P{extension})
ProtectionSettings::SetPFileExtensionBehavior
Policy SDK
Complete C API
Configure filtering of labels associated with protection
C API normalization changes from v1.3 C API preview:
Renamed mip_cc_storage_type to mip_cc_cache_storage_type
Renamed MIP_CC_AddProtectionProfileEngine to MIP_CC_ProtectionProfile_AddEngine
Renamed MIP_CC_CreateProtectionEngineSettingsForExistingEngine to MIP_CC_CreateProtectionEngineSettingsWithEng
Renamed MIP_CC_CreateProtectionEngineSettingsForNewEngine to MIP_CC_CreateProtectionEngineSettingsWithIdentity
Renamed MIP_CC_SetProtectionProfileSettingsHttpDelegate to MIP_CC_ProtectionProfileSettings_SetHttpDelegate
Renamed MIP_CC_CreateProtectionHandlerForConsumption to MIP_CC_ProtectionEngine_CreateProtectionHandlerForConsumption
Renamed MIP_CC_CreateProtectionHandlerForPublishing to MIP_CC_ProtectionEngine_CreateProtectionHandlerForPublishing
Renamed MIP_CC_GetProtectionEngineId to MIP_CC_ProtectionEngine_GetEngineId
Renamed MIP_CC_GetProtectionEngineTemplates to MIP_CC_ProtectionEngine_GetTemplates
Renamed MIP_CC_GetProtectionEngineTemplatesSize to MIP_CC_ProtectionEngine_GetTemplatesSize
Renamed MIP_CC_SetTelemetryConfigurationHttpDelegate to MIP_CC_TelemetryConfiguration_SetHttpDelegate
Renamed MIP_CC_SetTelemetryConfigurationHostName to MIP_CC_TelemetryConfiguration_SetHostName
Renamed MIP_CC_SetTelemetryConfigurationIsLocalCachingEnabled to MIP_CC_TelemetryConfiguration_SetIsLocalCachingEnabled
Renamed MIP_CC_SetTelemetryConfigurationIsNetworkDetectionEnabled to MIP_CC_TelemetryConfiguration_SetIsNetworkDetectionEnabled
Renamed MIP_CC_SetTelemetryConfigurationIsTelemetryOptedOut to MIP_CC_TelemetryConfiguration_SetIsTelemetryOptedOut
Renamed MIP_CC_SetTelemetryConfigurationLibraryName to MIP_CC_TelemetryConfiguration_SetLibraryName
Removed MIP_CC_ProtectionEngine_GetRightsForLabelIdSize and updated MIP_CC_ProtectionEngine_GetRightsForLabelId to populate a mip_cc_string_list instead of a comma-separated string buffer
Removed MIP_CC_ProtectionHandler_GetRightsSize and updated MIP_CC_ProtectionHandler_GetRights to populate a mip_cc_string_list instead of a comma-separated string buffer
Added MIP_CC_ProtectionEngine_GetEngineIdSize and updated MIP_CC_ProtectionEngine_GetEngineId to populate a string buffer instead of a mip_cc_guid
MIP_CC_CreateProtectionDescriptorFromUserRights now takes 'mip_cc_dictionary-' param instead of 'mip_cc_dictionary'
MIP_CC_ProtectionEngineSettings_SetCustomSettings now takes 'mip_cc_dictionary-' param instead of 'mip_cc_dictionary'
MIP_CC_ProtectionProfileSettings_SetCustomSettings now takes 'mip_cc_dictionary-' param instead of 'mip_cc_dictionary'
MIP_CC_TelemetryConfiguration_SetCustomSettings now takes 'mip_cc_dictionary-' param instead of 'mip_cc_dictionary'
MIP_CC_CreateMipContext takes 'isOfflineOnly' and 'loggerDelegateOverride' params
Version 1.3.0
Release date: August 22, 2019
New Features
mip::MipContext is the new highest-level object.
Decryption of protected MSG files is now supported.
Inspection of message.rpmsg files is supported via mip::FileInspector and mip::FileHandler::InspectAsync().
On-disk cache may now be optionally encrypted.
Protection SDK now supports Chinese cloud customers.
ARM64 support on Android.
ARM64e support on iOS.
End-user license (EUL) cache can now be disabled.
.pfile encryption may be disabled via mip::FileEngine::EnablePFile
Improved performance for protection operations by reducing number of HTTP calls
Removed the delegated identity details from mip::Identity and instead added DelegatedUserEmail to mip::FileEngine::Settings, mip::ProtectionSettings, mip::PolicyEngine::Settings, and mip::ProtectionHandler's PublishingSettings and ConsumptionSettings.
Functions that previously returned LabelId now return a mip::Label object.
Changes
In previous versions, we required that you called mip::ReleaseAllResources. Version 1.3 replaces this with mip::MipContext::~MipContext or mip::MipContext::Shutdown.
Removed ActionSource from mip::LabelingOptions and mip::ExecutionState::GetNewLabelActionSource
Replaced mip::ProtectionEngine::CreateProtectionHandlerFromDescriptor with mip::ProtectionEngine::CreateProtectionHandlerForPublishing.
Replaced mip::ProtectionEngine::CreateProtectionHandlerFromPublishingLicense with mip::ProtectionEngine::CreateProtectionHandlerForConsumption.
Renamed mip::PublishingLicenseContext to mip::PublishingLicenseInfo and updated to contain rich fields instead of raw serialized bytes.
mip::PublishingLicenseInfo contains the data relevant to MIP after parsing a publishing license (PL).
mip::TemplateNotFoundError and mip::LabelNotFoundError thrown when application passes MIP a template ID or label ID that isn't recognized.
Added support for label-based conditional access via the claims parameter of AcquireToken() and mip::AuthDelegate::OAuth2Challenge(). This functionality hasn't yet been exposed via the compliance center portal.
Version 1.2.0
Release date: April 15, 2019
New Features
Telemetry component now uses same HTTP stack as the rest of MIP, even if client application has overridden it with HttpDelegate.
Client applications can control the threading behavior of async tasks by overriding TaskDispatcherDelegate in Profiles.
RPMSG encryption now in preview.
Align File/Policy SDK exception handling behavior with Protection SDK:
ProxyAuthError thrown by all SDKs if a proxy is configured to require authentication.
NoAuthTokenError thrown by all SDKs if empty auth token is provided by application's implementation of mip::AuthDelegate::AcquireOAuth2Token.
Improved HTTP caching for Policy SDK reduces # of required HTTP calls by half.
Richer logs/audit/telemetry for improved failure detection and debugging.
Support for external/foreign labels to facilitate migration to AIP labels.
Enabled support for third-party applications to download sensitivity types from SCC.
More telemetry settings are exposed and configurable (caching/threading behavior, etc.).
SDK Changes
mip_common.dll split into mip_core.dll and mip_telemetry.dll.
Renamed mip::ContentState to mip::DataState to describe how an application interacts with data at a high level.
mip::AdhocProtectionRequiredError exception is thrown by FileHandler::SetLabel to notify an application that it must first apply ad hoc protection before applying a label.
mip::OperationCancelledError exception is thrown when an operation is canceled (for example due to shutdown or HTTP cancellation).
mip::ReleaseAllResources must be called prior to process termination (after clearing references to all Profiles, Engines, and Handlers)
(interface) mip::ExecutionState::GetClassificationResults return type and "classificationIds" parameter has changed
(interface) mip::FileExecutionState::GetAuditMetadata can be implemented by applications to specify detailed information to surface to a tenant admin's audit dashboard (for example sender, recipients, last modified, etc.)
(interface) mip::FileExecutionState::GetClassificationResults return type has changed, and it now requires a FileHandler parameter
(interface) mip::FileExecutionState::GetDataState should be implemented by applications to specify how an application is interacting with contentIdentifier
(interface) mip::HttpDelegate interface requires 'CancelOperation' and 'CancelAllOperations' methods
(interface) mip::HttpDelegate interface 'Send' and 'SendAsync' return mip::HttpOperation instead of mip::HttpResponse
(interface) mip::HttpResponse::GetBody returns std::vector<uint8_t> instead of std::string
mip::ContentLabel::GetCreationTime return std::chrono::time_point instead of std::string
mip::FileEngine::CreateFileHandlerAsync no longer accepts 'contentIdentifier' parameter
mip::PolicyHandler::NotifyCommitedActions renamed to mip::PolicyHandler::NotifyCommittedActions
Version 1.1.0
Release date: January 15, 2019
This version introduces support for the following platforms:
.NET
iOS SDK (Policy SDK)
Android SDK (Policy SDK and Protection SDK)
New Features
ADRMS support
Protection SDK operations are truly asynchronous (on Win32), allowing for simultaneous non-blocking encrypt/decrypt operations
Application callbacks (AuthDelegate, HTTPDelegate, etc.) may now be invoked on -any- background thread
Custom label properties set by IT administrators can now be read via mip::Label::GetCustomSettings
Serialized publishing license can now be retrieved directly from a file without any HTTP operations via mip::FileHandler::GetSerializedPublishingLicense
Applications are notified whether an HTTP operation is required to complete the creation of a mip::FileEngine/mip::PolicyEngine via mip::FileProfile::Observer::OnAddPolicyEngineStarting/mip::PolicyProfile::Observer::OnAddEngineStarting
Detection of whether protected content has an expiration date or not is simplified with convenience method mip::ProtectionDescriptor::DoesContentExpire
Classification:
Sensitivity types (regex expressions for CC#'s, passport #'s, etc.) can be acquired from SCC service
Enable feature by setting mip::FileEngine::Settings/mip::PolicyEngine::Settings flag
Read types via mip::FileEngine::ListSensitivityTypes/mip::PolicyEngine::ListSensitivityTypes
Classification results from external document scanner utilities can be fed to MIP to drive recommended/required labels based on document content
Pass results to MIP via mip::FileExecutionState::GetClassificationResults/mip::ExecutionState::GetClassificationResults
mip::ApplyLabelAction and mip::RecommendLabelAction can be returned by mip::PolicyEngine::ComputeActions when classification results match a policy rule indicating required/recommended labels
New Requirements
Enforced population of ID/name/version fields mip::ApplicationInfo when creating mip::FileProfile, mip::PolicyProfile, and mip::ProtectionProfile
Applications must implement new mip::FileExecutionState interface when creating mip::FileHandlers
New Exceptions
mip::NoAuthTokenError thrown if application's AuthDelegate returns an empty token (due to cancellation)
Applies to creation of:
mip::FileEngine
mip::FileHandler
mip::PolicyEngine
mip::ProtectionHandler
mip::NoPolicyError thrown if tenant isn't configured for labels
Applies to creation of:
mip::FileEngine
mip::PolicyEngine
mip::ServiceDisabledError thrown if RMS service is disabled for a specific user/device/platform/tenant
Applies to creation of:
mip::FileHandler
mip::ProtectionHandler
mip::NoPermissionsError thrown if a user doesn't have rights to decrypt a document or the content is expired