ProtectionPolicyManager ProtectionPolicyManager ProtectionPolicyManager ProtectionPolicyManager ProtectionPolicyManager Class

Definition

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Manages enterprise-protection policy on protected content.

public : sealed class ProtectionPolicyManager : IProtectionPolicyManager, IProtectionPolicyManager2
struct winrt::Windows::Security::EnterpriseData::ProtectionPolicyManager : IProtectionPolicyManager, IProtectionPolicyManager2
public sealed class ProtectionPolicyManager : IProtectionPolicyManager, IProtectionPolicyManager2
Public NotInheritable Class ProtectionPolicyManager Implements IProtectionPolicyManager, IProtectionPolicyManager2
// This class does not provide a public constructor.
Attributes
Windows 10 requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

Properties

Identity Identity Identity Identity Identity

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Gets or sets the enterprise identity.

IsProtectionEnabled IsProtectionEnabled IsProtectionEnabled IsProtectionEnabled IsProtectionEnabled

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this property to determine whether Windows Information Protection (WIP) is enabled on the device.

PrimaryManagedIdentity PrimaryManagedIdentity PrimaryManagedIdentity PrimaryManagedIdentity PrimaryManagedIdentity

Gets the primary enterprise identity.

ShowEnterpriseIndicator ShowEnterpriseIndicator ShowEnterpriseIndicator ShowEnterpriseIndicator ShowEnterpriseIndicator

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

A value indicating whether or not the shell should decorate a window to show that it is an enterprise window.

Methods

CheckAccess(String, String) CheckAccess(String, String) CheckAccess(String, String) CheckAccess(String, String) CheckAccess(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request if access to enterprise-protected content is available to an identity.

CheckAccessForApp(String, String) CheckAccessForApp(String, String) CheckAccessForApp(String, String) CheckAccessForApp(String, String) CheckAccessForApp(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Perform enterprise-protection policy evaluation for a data transfer between your app and a specific target app.

ClearProcessUIPolicy() ClearProcessUIPolicy() ClearProcessUIPolicy() ClearProcessUIPolicy() ClearProcessUIPolicy()

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Clear UI policy enforcement for an enterprise identity. The app calls this method before it displays non-enterprise-protected content.

CreateCurrentThreadNetworkContext(String) CreateCurrentThreadNetworkContext(String) CreateCurrentThreadNetworkContext(String) CreateCurrentThreadNetworkContext(String) CreateCurrentThreadNetworkContext(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Creates a ThreadNetworkContext protected to an enterprise identity. The creation of the context tags all network connections made thereafter on the current thread with the identity, and allows access to enterprise resources that are access controlled by the enterprise's policy.

GetEnforcementLevel(String) GetEnforcementLevel(String) GetEnforcementLevel(String) GetEnforcementLevel(String) GetEnforcementLevel(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

You can use this method to determine the current Windows Information Protection (WIP) enforcement level. WIP enforcement level is one aspect of mobile device management (MDM) policy configuration.

GetForCurrentView() GetForCurrentView() GetForCurrentView() GetForCurrentView() GetForCurrentView()

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Returns the ProtectionPolicyManager object associated with the current app window.

GetPrimaryManagedIdentityForIdentity(String) GetPrimaryManagedIdentityForIdentity(String) GetPrimaryManagedIdentityForIdentity(String) GetPrimaryManagedIdentityForIdentity(String) GetPrimaryManagedIdentityForIdentity(String)

Gets the parent or primary identity of a given child or secondary identity.

GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName) GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName) GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName) GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName) GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Returns the enterprise identity of a network resource if the resource is on an enterprise-policy-managed endpoint.

HasContentBeenRevokedSince(String, DateTime) HasContentBeenRevokedSince(String, DateTime) HasContentBeenRevokedSince(String, DateTime) HasContentBeenRevokedSince(String, DateTime) HasContentBeenRevokedSince(String, DateTime)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this method to check (for a known identity that is managed or ever was managed) whether access to protected data has been revoked since a specified date and time, or is still accessible. Note that the API returns true for an unknown identity (that is, an identity that has never been managed and is not currently managed). This is so that your app can clean up data associated with an identity for which there is no information. For more info, see Remarks.

IsFileProtectionRequiredAsync(IStorageItem, String) IsFileProtectionRequiredAsync(IStorageItem, String) IsFileProtectionRequiredAsync(IStorageItem, String) IsFileProtectionRequiredAsync(IStorageItem, String) IsFileProtectionRequiredAsync(IStorageItem, String)

Indicates whether a file needs to be protected by the enterprise identity.

IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String) IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String) IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String) IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String) IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String)

Indicates whether a file needs to be protected by the enterprise identity.

IsIdentityManaged(String) IsIdentityManaged(String) IsIdentityManaged(String) IsIdentityManaged(String) IsIdentityManaged(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Determines if an enterprise entity is managed by an enterprise policy.

IsProtectionUnderLockRequired(String) IsProtectionUnderLockRequired(String) IsProtectionUnderLockRequired(String) IsProtectionUnderLockRequired(String) IsProtectionUnderLockRequired(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this property to determine the value of the ProtectionUnderLockConfigRequired enterprise data protection (WIP) policy.

IsRoamableProtectionEnabled(String) IsRoamableProtectionEnabled(String) IsRoamableProtectionEnabled(String) IsRoamableProtectionEnabled(String) IsRoamableProtectionEnabled(String)

Determines whether the policy is configured to protect files that are copied to removable drives by using Azure Information Protection.

IsUserDecryptionAllowed(String) IsUserDecryptionAllowed(String) IsUserDecryptionAllowed(String) IsUserDecryptionAllowed(String) IsUserDecryptionAllowed(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this property to determine whether decryption of files protected by Windows Information Protection (WIP) is allowed.

LogAuditEvent(String, String, ProtectionPolicyAuditInfo) LogAuditEvent(String, String, ProtectionPolicyAuditInfo) LogAuditEvent(String, String, ProtectionPolicyAuditInfo) LogAuditEvent(String, String, ProtectionPolicyAuditInfo) LogAuditEvent(String, String, ProtectionPolicyAuditInfo)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Causes an audit event to be logged.

RequestAccessAsync(String, String) RequestAccessAsync(String, String) RequestAccessAsync(String, String) RequestAccessAsync(String, String) RequestAccessAsync(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise protected content for an identity.

RequestAccessAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise protected content for an identity.

RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise protected content for an identity.

RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Request access to enterprise protected content for an identity

RequestAccessForAppAsync(String, String) RequestAccessForAppAsync(String, String) RequestAccessForAppAsync(String, String) RequestAccessForAppAsync(String, String) RequestAccessForAppAsync(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise-protected content for a specific target app.

RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise-protected content for a specific target app.

RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise-protected content for a specific target app.

RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Request access to enterprise-protected content for a specific target app.

RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo)

Requests access to enterprise-protected content for a specific app.

RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Requests access to enterprise-protected content for a specific app.

RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo)

Requests access to enterprise-protected content for a process of an app.

RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Requests access to enterprise-protected content for a process of an app.

RevokeContent(String) RevokeContent(String) RevokeContent(String) RevokeContent(String) RevokeContent(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Revoke the keys required to access all content protected to the specified enterprise identity.

A remote management client on a device receives an unenrollment request from the enterprise’s remote management server, and calls to revoke the keys that are required to access content protected on that device to that enterprise identity. This causes the ProtectedContentRevoked event to be raised. Your app can also call in response to that event, in which case the effect is to revoke your app's access to content protected by itself.

TryApplyProcessUIPolicy(String) TryApplyProcessUIPolicy(String) TryApplyProcessUIPolicy(String) TryApplyProcessUIPolicy(String) TryApplyProcessUIPolicy(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Enables UI policy enforcement for an enterprise identity. When an app is about to display a protected file (such as a PDF) or resource (buffer or stream) on its UI, it must enable UI policy enforcement based on the identity the file is protected to. A call to TryApplyProcessUIPolicy ensures that the OS knows about the current context of the app.

Events

PolicyChanged PolicyChanged PolicyChanged PolicyChanged PolicyChanged

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

An event that is raised in response to changes in Windows Information Protection (WIP) policy managed by the Policy CSP.

ProtectedAccessResumed ProtectedAccessResumed ProtectedAccessResumed ProtectedAccessResumed ProtectedAccessResumed

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Event with which the app registers to receive notification that protection has been resumed.

ProtectedAccessSuspending ProtectedAccessSuspending ProtectedAccessSuspending ProtectedAccessSuspending ProtectedAccessSuspending

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Event with which the app registers to receive notification that protection is to be suspended.

ProtectedContentRevoked ProtectedContentRevoked ProtectedContentRevoked ProtectedContentRevoked ProtectedContentRevoked

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Event with which your app registers to receive notification that protection is to be revoked. When your app receives this event, it should determine from ProtectedContentRevokedEventArgs.Identities which enterprise entities have had protection revoked, and call RevokeContent as well as delete any metadata associated with the identity. This event is not raised when your app calls RevokeContent to revoke its own access.