Microsoft Information Protection SDK - Policy handler concepts

In the Policy SDK, mip::PolicyHandler exposes operations used to compute policy actions, and submit audit events.

Policy handler functions

mip::PolicyHandler exposes methods for reading, writing, and removing both labels and protection information. For the full list, consult the API reference.

In this article, the following methods will be covered:

  • ComputeActions
  • NotifyCommittedActions

Requirements

Creating a PolicyHandler requires:

  • A mip::MipContext
  • A mip::PolicyProfile
  • A mip::PolicyEngine added to the mip::PolicyProfile
  • A class that implements mip::PolicyHandler::Observer

Create a policy handler

The first step required in obtaining policy actions, is to create a PolicyHandler object. This class implements functionality required to get the list of actions a specific label must take. It also implements the function to trigger an audit event.

Creating the PolicyHandler is as easy as calling the PolicyEngine's CreatePolicyHandlerAsync function using the promise/future pattern.

CreatePolicyHandlerAsync accepts a single parameter: isAuditDiscoveryEnabled. Set this value to true if the application should surface heartbeat and discovery events in audit logging.

Note

The mip::PolicyHandler::Observer class must be implemented in a derived class as CreatePolicyHandler requires the Observer object.

auto createPolicyHandlerPromise = std::make_shared<std::promise<std::shared_ptr<mip::PolicyHandler>>>();
auto createPolicyHandlerFuture = createPolicyHandlerPromise->get_future();
PolicyEngine->CreatePolicyHandlerAsync(true);
auto handler = createPolicyHandlerFuture.get();

After successfully creating the PolicyHandler object, actions may be computed and audit events submitted.

Next Steps

Now that you've learned about creation of a Policy handler: