Getting Started with the Microsoft Information Protection SDK

Before we get started with the Microsoft Information Protection SDK. Let us, very briefly, understand what MIP and sensitivity labels mean in Microsoft 365.

Microsoft Information Protection (MIP) is a service that is used to discover, classify, label and protect information across Azure, Microsoft 365 and Windows. It covers all the services like AIP, WIP, Microsoft 365 and Microsoft Cloud App Security.

It helps you discover and understand your sensitive information such as PII (personally identifiable information), across a variety of locations including devices, apps, cloud services, and on-premises.

Lets you classify the information manually or automatically apply sensitivity labels to files. Easily configure data security actions such as encryption, digital rights management (DRM), and visual markings (watermarks, headers and footers).

Based on the classification you can apply protection policies like configure sharing, encryption of your documents and emails. View trends in your sensitive data landscape. Monitor policy violations and risky behavior. Fine-tune policies to balance security and end-user productivity.

Sensitivity labels from the Microsoft Information Protection framework let you classify and protect your organization’s data.

They are like stickers or a form of metadata that stick to your content wherever it goes. By applying sensitivity labels to documents / emails you can apply settings such as encryptions or watermarks.

You can apply them to containers like a SharePoint site or teams and prevent external sharing for instance or access from unmanaged devices.

The MIP SDK exposes the labeling and protection services from Microsoft 365 Security and Compliance Center, to third-party applications and services. You can use the SDK to build native support for applying labels and protection to files. 

It is composed of three APIs.

The File API – It is used for applying labels to defined file types and reading labels from those file types.

The Policy API –  Provides the ability for you to retrieve labeling policies for a specific user. You can then configure the actions you want to apply based on the policy.

The Protection API – It provides the ability for you to convert plaintext streams into rights-managed streams. Like, allow only certain users to print a file, decrypt a protected file etc.,

MIP SDK (C#) Prerequisites

Okay, lets see how to set up and configure your Microsoft 365 subscription and client workstation, in preparation for using the SDK.

• You need either one of these, a Microsoft 365 E3 or E5 license.
• Visual Studio 2017 or later.
• We also need the universal windows platform development workflow installed for Visual studio.
• You need to enable developer features if you are using Windows 10.
• You need to register an Azure AD app to get an application account to access the secured MIP APIs
• Finally, we need to setup some sensitivity labels for the purpose of this demo.

I have specifically mentioned c# because MIP SDK can be implemented using C++ as well.

The Microsoft Information Protection SDK .NET Wrapper enables you to integrate the Microsoft Information Protection experience in to your own applications and services. The SDK’s classification, labeling, and protection features help to ensure that information is classified, labeled, and protected no matter where it travels.

The wrapper uses compiled C++ libraries from the Microsoft Information Protection SDK. These DLLs are the same DLLs that are included with the C++ version of the SDK.

In the video below, I explain how to develop a very simple console application that uses MIP SDK to list sensitivity labels present in the security and compliance center and I also demonstrate how to use the File API to apply sensitivity labels to a file stored in your desktop.