Protection​Policy​Manager Protection​Policy​Manager Protection​Policy​Manager Class

Definition

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Manages enterprise-protection policy on protected content.

public : sealed class ProtectionPolicyManager : IProtectionPolicyManager, IProtectionPolicyManager2public sealed class ProtectionPolicyManager : IProtectionPolicyManager, IProtectionPolicyManager2Public NotInheritable Class ProtectionPolicyManager Implements IProtectionPolicyManager, IProtectionPolicyManager2
Attributes
Windows 10 requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

Properties

Identity Identity Identity

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Gets or sets the enterprise identity.

public : PlatForm::String Identity { get; set; }public string Identity { get; set; }Public ReadWrite Property Identity As string
Value
PlatForm::String string string

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

IsProtectionEnabled IsProtectionEnabled IsProtectionEnabled

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this property to determine whether Windows Information Protection (WIP) is enabled on the device.

public : static PlatForm::Boolean IsProtectionEnabled { get; }public static bool IsProtectionEnabled { get; }Public Static ReadOnly Property IsProtectionEnabled As bool
Value
PlatForm::Boolean bool bool

true if WIP is enabled on the device, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

PrimaryManagedIdentity PrimaryManagedIdentity PrimaryManagedIdentity

Gets the primary enterprise identity.

public : static PlatForm::String PrimaryManagedIdentity { get; }public static string PrimaryManagedIdentity { get; }Public Static ReadOnly Property PrimaryManagedIdentity As string
Value
PlatForm::String string string

The primary enterprise identity. This is an email address or domain that is managed. This property returns null if there is no managed identity associated with the ProtectionPolicyManager .

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

ShowEnterpriseIndicator ShowEnterpriseIndicator ShowEnterpriseIndicator

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

A value indicating whether or not the shell should decorate a window to show that it is an enterprise window.

public : PlatForm::Boolean ShowEnterpriseIndicator { get; set; }public bool ShowEnterpriseIndicator { get; set; }Public ReadWrite Property ShowEnterpriseIndicator As bool
Value
PlatForm::Boolean bool bool

true to indicate that the shell should decorate a window to show that it is an enterprise window, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.14393.0) Windows Mobile Extension SDK (introduced v10.0.14393.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v3)
Capabilities
enterpriseDataPolicy

Methods

CheckAccess(String, String) CheckAccess(String, String) CheckAccess(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request if access to enterprise-protected content is available to an identity.

public : static ProtectionPolicyEvaluationResult CheckAccess(PlatForm::String sourceIdentity, PlatForm::String targetIdentity)public static ProtectionPolicyEvaluationResult CheckAccess(String sourceIdentity, String targetIdentity)Public Static Function CheckAccess(sourceIdentity As String, targetIdentity As String) As ProtectionPolicyEvaluationResult
Parameters
sourceIdentity
PlatForm::String String String

The source enterprise identity of the app. This is an email address or domain that is managed. Your app should use IsIdentityManaged to check if an email address or domain is managed.

targetIdentity
PlatForm::String String String

The enterprise identity you want to check has access to the protected content.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

CheckAccessForApp(String, String) CheckAccessForApp(String, String) CheckAccessForApp(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Perform enterprise-protection policy evaluation for a data transfer between your app and a specific target app.

public : static ProtectionPolicyEvaluationResult CheckAccessForApp(PlatForm::String sourceIdentity, PlatForm::String appPackageFamilyName)public static ProtectionPolicyEvaluationResult CheckAccessForApp(String sourceIdentity, String appPackageFamilyName)Public Static Function CheckAccessForApp(sourceIdentity As String, appPackageFamilyName As String) As ProtectionPolicyEvaluationResult
Parameters
sourceIdentity
PlatForm::String String String

The source enterprise identity of the app. This is an email address or domain that is managed. Your app should use IsIdentityManaged to check if an email address or domain is managed.

appPackageFamilyName
PlatForm::String String String

The package family name of the app you want to check has access to the protected content.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

ClearProcessUIPolicy() ClearProcessUIPolicy() ClearProcessUIPolicy()

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Clear UI policy enforcement for an enterprise identity. The app calls this method before it displays non-enterprise-protected content.

public : static void ClearProcessUIPolicy()public static void ClearProcessUIPolicy()Public Static Function ClearProcessUIPolicy() As void
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

CreateCurrentThreadNetworkContext(String) CreateCurrentThreadNetworkContext(String) CreateCurrentThreadNetworkContext(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Creates a ThreadNetworkContext protected to an enterprise identity. The creation of the context tags all network connections made thereafter on the current thread with the identity, and allows access to enterprise resources that are access controlled by the enterprise's policy.

public : static ThreadNetworkContext CreateCurrentThreadNetworkContext(PlatForm::String identity)public static ThreadNetworkContext CreateCurrentThreadNetworkContext(String identity)Public Static Function CreateCurrentThreadNetworkContext(identity As String) As ThreadNetworkContext
Parameters
identity
PlatForm::String String String

The enterprise identity. This is an email address or domain that is managed. This may be returned from GetPrimaryManagedIdentityForNetworkEndpoint; otherwise your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Returns

The protected network context. The app must call ThreadNetworkContext.Close after access to the resource is completed.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy
See Also

GetEnforcementLevel(String) GetEnforcementLevel(String) GetEnforcementLevel(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

You can use this method to determine the current Windows Information Protection (WIP) enforcement level. WIP enforcement level is one aspect of mobile device management (MDM) policy configuration.

public : static EnforcementLevel GetEnforcementLevel(PlatForm::String identity)public static EnforcementLevel GetEnforcementLevel(String identity)Public Static Function GetEnforcementLevel(identity As String) As EnforcementLevel
Parameters
identity
PlatForm::String String String

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

GetForCurrentView() GetForCurrentView() GetForCurrentView()

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Returns the ProtectionPolicyManager object associated with the current app window.

public : static ProtectionPolicyManager GetForCurrentView()public static ProtectionPolicyManager GetForCurrentView()Public Static Function GetForCurrentView() As ProtectionPolicyManager
Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

GetPrimaryManagedIdentityForIdentity(String) GetPrimaryManagedIdentityForIdentity(String) GetPrimaryManagedIdentityForIdentity(String)

Gets the parent or primary identity of a given child or secondary identity.

public : static PlatForm::String GetPrimaryManagedIdentityForIdentity(PlatForm::String identity)public static string GetPrimaryManagedIdentityForIdentity(String identity)Public Static Function GetPrimaryManagedIdentityForIdentity(identity As String) As string
Parameters
identity
PlatForm::String String String

The child or secondary identity that you want to use to get the parent or primary identity.

Returns
PlatForm::String string string

The parent or primary identity.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

Remarks

Most policies have a list of identities. The primary identity usually appears first in that list. The secondary identities usually appear after the primary identity. Those secondary identities are, in a sense "owned" by the primary identity.

GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName) GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName) GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Returns the enterprise identity of a network resource if the resource is on an enterprise-policy-managed endpoint.

public : static IAsyncOperation<PlatForm::String> GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName endpointHost)public static IAsyncOperation<string> GetPrimaryManagedIdentityForNetworkEndpointAsync(HostName endpointHost)Public Static Function GetPrimaryManagedIdentityForNetworkEndpointAsync(endpointHost As HostName) As IAsyncOperation( Of string )
Parameters
endpointHost
HostName HostName HostName

The host name or IP address of the network resource.

Returns
IAsyncOperation<PlatForm::String> IAsyncOperation<string> IAsyncOperation<string>

The enterprise identity.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

HasContentBeenRevokedSince(String, DateTime) HasContentBeenRevokedSince(String, DateTime) HasContentBeenRevokedSince(String, DateTime)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this method to check (for a known identity that is managed or ever was managed) whether access to protected data has been revoked since a specified date and time, or is still accessible. Note that the API returns true for an unknown identity (that is, an identity that has never been managed and is not currently managed). This is so that your app can clean up data associated with an identity for which there is no information. For more info, see Remarks.

public : static PlatForm::Boolean HasContentBeenRevokedSince(PlatForm::String identity, DateTime since)public static bool HasContentBeenRevokedSince(String identity, DateTimeOffset since)Public Static Function HasContentBeenRevokedSince(identity As String, since As DateTimeOffset) As bool
Parameters
identity
PlatForm::String String String

The enterprise identity protecting the data. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

since
DateTime DateTimeOffset DateTimeOffset

The date and time from which point forward you want to include in the check.

Returns
PlatForm::Boolean bool bool

true if access has been revoked since the specified date and time, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

Remarks

Call this API only for an identity that has protected content on the device (in other words, for an identity that has been managed by Windows Information Protection (WIP)). Asking whether content has been revoked for an identity is only meaningful for an identity that has ever been managed by Windows Information Protection (WIP). Consequently, the answer returned from is meaningful only on the condition that the identity passed to the API has ever been managed by Windows Information Protection (WIP).

We recommend that your app maintains a log of the times it first protected data (files, buffers, or streams) associated with an identity. After this, you should call only if the identity has protected content associated with it on that device and your app wishes to know whether the protected content was revoked since the time it was protected.

is not intended to be used as a way to determine whether Windows Information Protection (WIP) was ever enabled and then revoked for an arbitrary identity, in other words as a retrospective-looking form of IsIdentityManaged.

IsFileProtectionRequiredAsync(IStorageItem, String) IsFileProtectionRequiredAsync(IStorageItem, String) IsFileProtectionRequiredAsync(IStorageItem, String)

Indicates whether a file needs to be protected by the enterprise identity.

public : static IAsyncOperation<PlatForm::Boolean> IsFileProtectionRequiredAsync(IStorageItem target, PlatForm::String identity)public static IAsyncOperation<bool> IsFileProtectionRequiredAsync(IStorageItem target, String identity)Public Static Function IsFileProtectionRequiredAsync(target As IStorageItem, identity As String) As IAsyncOperation( Of bool )
Parameters
target
IStorageItem IStorageItem IStorageItem

The file that you want to know whether to protect.

identity
PlatForm::String String String

The enterprise identity.

Returns
IAsyncOperation<PlatForm::Boolean> IAsyncOperation<bool> IAsyncOperation<bool>

true if the file should be protected, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

Remarks

Your code can call this method to avoid encrypting files that don’t need to be encrypted such as exe, dll, and other build artifacts. This lowers the risk of those files being inaccessible to other users of a computer and lowers performance cost for unnecessarily encrypting files.

IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String) IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String) IsFileProtectionRequiredForNewFileAsync(IStorageFolder, String, String)

Indicates whether a file needs to be protected by the enterprise identity.

public : static IAsyncOperation<PlatForm::Boolean> IsFileProtectionRequiredForNewFileAsync(IStorageFolder parentFolder, PlatForm::String identity, PlatForm::String desiredName)public static IAsyncOperation<bool> IsFileProtectionRequiredForNewFileAsync(IStorageFolder parentFolder, String identity, String desiredName)Public Static Function IsFileProtectionRequiredForNewFileAsync(parentFolder As IStorageFolder, identity As String, desiredName As String) As IAsyncOperation( Of bool )
Parameters
parentFolder
IStorageFolder IStorageFolder IStorageFolder

The folder that contains files that that you want to know whether to protect.

identity
PlatForm::String String String

The enterprise identity.

desiredName
PlatForm::String String String

The name that you would like to give the file.

Returns
IAsyncOperation<PlatForm::Boolean> IAsyncOperation<bool> IAsyncOperation<bool>

true if files in this folder should be protected, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

Remarks

See the remarks section of this method: IsFileProtectionRequiredAsync.

IsIdentityManaged(String) IsIdentityManaged(String) IsIdentityManaged(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Determines if an enterprise entity is managed by an enterprise policy.

public : static PlatForm::Boolean IsIdentityManaged(PlatForm::String identity)public static bool IsIdentityManaged(String identity)Public Static Function IsIdentityManaged(identity As String) As bool
Parameters
identity
PlatForm::String String String

The enterprise identity. This is an email address or domain.

Returns
PlatForm::Boolean bool bool

true if the enterprise identity is managed, or false if it is not.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

IsProtectionUnderLockRequired(String) IsProtectionUnderLockRequired(String) IsProtectionUnderLockRequired(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this property to determine the value of the ProtectionUnderLockConfigRequired enterprise data protection (WIP) policy.

public : static PlatForm::Boolean IsProtectionUnderLockRequired(PlatForm::String identity)public static bool IsProtectionUnderLockRequired(String identity)Public Static Function IsProtectionUnderLockRequired(identity As String) As bool
Parameters
identity
PlatForm::String String String

The enterprise identity you want to check has ProtectionUnderLockConfigRequired policy set.

Returns
PlatForm::Boolean bool bool

true if ProtectionUnderLockConfigRequired policy is set for the identity, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

IsRoamableProtectionEnabled(String) IsRoamableProtectionEnabled(String) IsRoamableProtectionEnabled(String)

Determines whether the policy is configured to protect files that are copied to removable drives by using Azure Information Protection.

public : static PlatForm::Boolean IsRoamableProtectionEnabled(PlatForm::String identity)public static bool IsRoamableProtectionEnabled(String identity)Public Static Function IsRoamableProtectionEnabled(identity As String) As bool
Parameters
identity
PlatForm::String String String

The enterprise identity.

Returns
PlatForm::Boolean bool bool

true if files will be protected by using RMS keys, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

Remarks

If this method returns false, files that users copy to removable drives will be protected by using local keys and those files won't be accessible on those drives to other users on the current device or, if the drive is connected to another device, to anyone on that newly connected device. If this method returns false, you could (optionally) let users know about this limitation by presenting this information in a dialog box.

IsUserDecryptionAllowed(String) IsUserDecryptionAllowed(String) IsUserDecryptionAllowed(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Use this property to determine whether decryption of files protected by Windows Information Protection (WIP) is allowed.

public : static PlatForm::Boolean IsUserDecryptionAllowed(PlatForm::String identity)public static bool IsUserDecryptionAllowed(String identity)Public Static Function IsUserDecryptionAllowed(identity As String) As bool
Parameters
identity
PlatForm::String String String

The enterprise identity you want to check has access to the protected content.

Returns
PlatForm::Boolean bool bool

true if decryption of files protected by WIP is allowed, otherwise false.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

LogAuditEvent(String, String, ProtectionPolicyAuditInfo) LogAuditEvent(String, String, ProtectionPolicyAuditInfo) LogAuditEvent(String, String, ProtectionPolicyAuditInfo)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Causes an audit event to be logged.

public : static void LogAuditEvent(PlatForm::String sourceIdentity, PlatForm::String targetIdentity, ProtectionPolicyAuditInfo auditInfo)public static void LogAuditEvent(String sourceIdentity, String targetIdentity, ProtectionPolicyAuditInfo auditInfo)Public Static Function LogAuditEvent(sourceIdentity As String, targetIdentity As String, auditInfo As ProtectionPolicyAuditInfo) As void
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

targetIdentity
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.14393.0) Windows Mobile Extension SDK (introduced v10.0.14393.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v3)
Capabilities
enterpriseDataPolicy

RequestAccessAsync(String, String) RequestAccessAsync(String, String) RequestAccessAsync(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise protected content for an identity.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(PlatForm::String sourceIdentity, PlatForm::String targetIdentity)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(String sourceIdentity, String targetIdentity)Public Static Function RequestAccessAsync(sourceIdentity As String, targetIdentity As String) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

targetIdentity
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

Returns
Attributes

Remarks

Call this method from the main UI thread of your foreground app.

See Also

RequestAccessAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise protected content for an identity.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(PlatForm::String sourceIdentity, PlatForm::String targetIdentity, ProtectionPolicyAuditInfo auditInfo)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(String sourceIdentity, String targetIdentity, ProtectionPolicyAuditInfo auditInfo)Public Static Function RequestAccessAsync(sourceIdentity As String, targetIdentity As String, auditInfo As ProtectionPolicyAuditInfo) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

targetIdentity
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.14393.0) Windows Mobile Extension SDK (introduced v10.0.14393.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v3)
Capabilities
enterpriseDataPolicy

Remarks

Call this method from the main UI thread of your foreground app.

See Also

RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise protected content for an identity.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(PlatForm::String sourceIdentity, PlatForm::String targetIdentity, ProtectionPolicyAuditInfo auditInfo, PlatForm::String messageFromApp)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(String sourceIdentity, String targetIdentity, ProtectionPolicyAuditInfo auditInfo, String messageFromApp)Public Static Function RequestAccessAsync(sourceIdentity As String, targetIdentity As String, auditInfo As ProtectionPolicyAuditInfo, messageFromApp As String) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

targetIdentity
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

messageFromApp
PlatForm::String String String

A message that will be displayed in the consent dialog so that the user can make a consent decision.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.14393.0) Windows Mobile Extension SDK (introduced v10.0.14393.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v3)
Capabilities
enterpriseDataPolicy

Remarks

Call this method from the main UI thread of your foreground app.

See Also

RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Request access to enterprise protected content for an identity

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(PlatForm::String sourceIdentity, PlatForm::String targetIdentity, ProtectionPolicyAuditInfo auditInfo, PlatForm::String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessAsync(String sourceIdentity, String targetIdentity, ProtectionPolicyAuditInfo auditInfo, String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)Public Static Function RequestAccessAsync(sourceIdentity As String, targetIdentity As String, auditInfo As ProtectionPolicyAuditInfo, messageFromApp As String, behavior As ProtectionPolicyRequestAccessBehavior) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected.

targetIdentity
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

messageFromApp
PlatForm::String String String

A message that will be displayed in the consent dialog so that the user can make a consent decision.

behavior
ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior

A constant that defines how you would like to override default policy behavior.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

Remarks

Call this method from the main UI thread of your foreground app.

RequestAccessForAppAsync(String, String) RequestAccessForAppAsync(String, String) RequestAccessForAppAsync(String, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise-protected content for a specific target app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(PlatForm::String sourceIdentity, PlatForm::String appPackageFamilyName)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(String sourceIdentity, String appPackageFamilyName)Public Static Function RequestAccessForAppAsync(sourceIdentity As String, appPackageFamilyName As String) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app can use IsIdentityManaged to confirm that an email address or domain is managed.

appPackageFamilyName
PlatForm::String String String

The description of the App package family name.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy
See Also

RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise-protected content for a specific target app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(PlatForm::String sourceIdentity, PlatForm::String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(String sourceIdentity, String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo)Public Static Function RequestAccessForAppAsync(sourceIdentity As String, appPackageFamilyName As String, auditInfo As ProtectionPolicyAuditInfo) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app can use IsIdentityManaged to confirm that an email address or domain is managed.

appPackageFamilyName
PlatForm::String String String

The description of the App package family name.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.14393.0) Windows Mobile Extension SDK (introduced v10.0.14393.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v3)
Capabilities
enterpriseDataPolicy
See Also

RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Request access to enterprise-protected content for a specific target app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(PlatForm::String sourceIdentity, PlatForm::String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo, PlatForm::String messageFromApp)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(String sourceIdentity, String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo, String messageFromApp)Public Static Function RequestAccessForAppAsync(sourceIdentity As String, appPackageFamilyName As String, auditInfo As ProtectionPolicyAuditInfo, messageFromApp As String) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

appPackageFamilyName
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

messageFromApp
PlatForm::String String String

A message that will be displayed in the consent dialog so that the user can make a consent decision.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.14393.0) Windows Mobile Extension SDK (introduced v10.0.14393.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v3)
Capabilities
enterpriseDataPolicy
See Also

RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessForAppAsync(String, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Request access to enterprise-protected content for a specific target app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(PlatForm::String sourceIdentity, PlatForm::String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo, PlatForm::String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessForAppAsync(String sourceIdentity, String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo, String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)Public Static Function RequestAccessForAppAsync(sourceIdentity As String, appPackageFamilyName As String, auditInfo As ProtectionPolicyAuditInfo, messageFromApp As String, behavior As ProtectionPolicyRequestAccessBehavior) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceIdentity
PlatForm::String String String

The enterprise identity to which the content is protected. This is an email address or domain that is managed.

appPackageFamilyName
PlatForm::String String String

The enterprise identity to which the content is being disclosed. This is an email address or domain.

messageFromApp
PlatForm::String String String

A message that will be displayed in the consent dialog so that the user can make a consent decision.

behavior
ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior

A constant that defines how you would like to override default policy behavior.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo)

Requests access to enterprise-protected content for a specific app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForAppAsync(IIterable<IStorageItem> sourceItemList, PlatForm::String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForAppAsync(IEnumerable<IStorageItem> sourceItemList, String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo)Public Static Function RequestAccessToFilesForAppAsync(sourceItemList As IEnumerable<IStorageItem>, appPackageFamilyName As String, auditInfo As ProtectionPolicyAuditInfo) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceItemList
IIterable<IStorageItem> IEnumerable<IStorageItem> IEnumerable<IStorageItem>

An array of files to that you want to grant access to.

appPackageFamilyName
PlatForm::String String String

The package name of the app that you want to grant permission to.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForAppAsync(IIterable<IStorageItem>, String, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Requests access to enterprise-protected content for a specific app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForAppAsync(IIterable<IStorageItem> sourceItemList, PlatForm::String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo, PlatForm::String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForAppAsync(IEnumerable<IStorageItem> sourceItemList, String appPackageFamilyName, ProtectionPolicyAuditInfo auditInfo, String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)Public Static Function RequestAccessToFilesForAppAsync(sourceItemList As IEnumerable<IStorageItem>, appPackageFamilyName As String, auditInfo As ProtectionPolicyAuditInfo, messageFromApp As String, behavior As ProtectionPolicyRequestAccessBehavior) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceItemList
IIterable<IStorageItem> IEnumerable<IStorageItem> IEnumerable<IStorageItem>

An array of files to that you want to grant access to.

appPackageFamilyName
PlatForm::String String String

The package name of the app that you want to grant the permission to.

messageFromApp
PlatForm::String String String

A message that will be displayed in the consent dialog box so that the user can make a consent decision.

behavior
ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior

A constant that defines how you would like to override default policy behavior.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo)

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForProcessAsync(IIterable<IStorageItem> sourceItemList, unsigned int processId, ProtectionPolicyAuditInfo auditInfo)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForProcessAsync(IEnumerable<IStorageItem> sourceItemList, UInt32 processId, ProtectionPolicyAuditInfo auditInfo)Public Static Function RequestAccessToFilesForProcessAsync(sourceItemList As IEnumerable<IStorageItem>, processId As UInt32, auditInfo As ProtectionPolicyAuditInfo) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceItemList
IIterable<IStorageItem> IEnumerable<IStorageItem> IEnumerable<IStorageItem>

An array of files to that you want to grant access to.

processId
unsigned int UInt32 UInt32

The process id of the process that you want to grant the permission to.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior) RequestAccessToFilesForProcessAsync(IIterable<IStorageItem>, UInt32, ProtectionPolicyAuditInfo, String, ProtectionPolicyRequestAccessBehavior)

Requests access to enterprise-protected content for a process of an app.

public : static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForProcessAsync(IIterable<IStorageItem> sourceItemList, unsigned int processId, ProtectionPolicyAuditInfo auditInfo, PlatForm::String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)public static IAsyncOperation<ProtectionPolicyEvaluationResult> RequestAccessToFilesForProcessAsync(IEnumerable<IStorageItem> sourceItemList, UInt32 processId, ProtectionPolicyAuditInfo auditInfo, String messageFromApp, ProtectionPolicyRequestAccessBehavior behavior)Public Static Function RequestAccessToFilesForProcessAsync(sourceItemList As IEnumerable<IStorageItem>, processId As UInt32, auditInfo As ProtectionPolicyAuditInfo, messageFromApp As String, behavior As ProtectionPolicyRequestAccessBehavior) As IAsyncOperation( Of ProtectionPolicyEvaluationResult )
Parameters
sourceItemList
IIterable<IStorageItem> IEnumerable<IStorageItem> IEnumerable<IStorageItem>

An array of files to that you want to grant access to.

processId
unsigned int UInt32 UInt32

The process id of the process that you want to grant the permission to.

messageFromApp
PlatForm::String String String

A message that will be displayed in the consent dialog box so that the user can make a consent decision.

behavior
ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior ProtectionPolicyRequestAccessBehavior

A constant that defines how you would like to override default policy behavior.

Returns
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.15063.0) Windows Mobile Extension SDK (introduced v10.0.15063.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v4)
Capabilities
enterpriseDataPolicy

Remarks

Use this method to temporarily grant access of a protected file to a process that can only access unprotected files.

RevokeContent(String) RevokeContent(String) RevokeContent(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Revoke the keys required to access all content protected to the specified enterprise identity.

A remote management client on a device receives an unenrollment request from the enterprise’s remote management server, and calls to revoke the keys that are required to access content protected on that device to that enterprise identity. This causes the ProtectedContentRevoked event to be raised. Your app can also call in response to that event, in which case the effect is to revoke your app's access to content protected by itself.

public : static void RevokeContent(PlatForm::String identity)public static void RevokeContent(String identity)Public Static Function RevokeContent(identity As String) As void
Parameters
identity
PlatForm::String String String

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

Remarks

This API is intended for remote device management client apps to call. requires that all of the following conditions are true for your app.

  • Your app is allowed or running unmanaged through MDM.
  • Your app is either a medium integrity level app (most Win32 apps are medium integrity level), or on a list of UWP apps that can only be configured through Group Policy. When the enterprise identity that you want to revoke is not managed through MDM, it can still be revoked. The scope of the revoke is different depending on whether the app calling is a medium (or greater) integrity level app, or a low integrity level app. Examples of low integrity level are Low Rights Internet Explorer (LoRIE), and UWP apps. If the app is medium (or greater) integrity level then it can revoke the keys for all apps. If the app is low integrity level then it can only revoke the key for data that it created itself.

Selective Wipe keys are generated for each UWP app when MDM is not in the picture. This behavior is for compatibility with Windows 8.1, which introduced Selective Wipe.

See Also

TryApplyProcessUIPolicy(String) TryApplyProcessUIPolicy(String) TryApplyProcessUIPolicy(String)

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Enables UI policy enforcement for an enterprise identity. When an app is about to display a protected file (such as a PDF) or resource (buffer or stream) on its UI, it must enable UI policy enforcement based on the identity the file is protected to. A call to TryApplyProcessUIPolicy ensures that the OS knows about the current context of the app.

public : static PlatForm::Boolean TryApplyProcessUIPolicy(PlatForm::String identity)public static bool TryApplyProcessUIPolicy(String identity)Public Static Function TryApplyProcessUIPolicy(identity As String) As bool
Parameters
identity
PlatForm::String String String

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Returns
PlatForm::Boolean bool bool

true if the identity is being managed by an enterprise policy, or false if it is not.

Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

Events

PolicyChanged PolicyChanged PolicyChanged

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

An event that is raised in response to changes in Windows Information Protection (WIP) policy managed by the Policy CSP.

public : static event EventHandler PolicyChangedpublic static event EventHandler PolicyChangedPublic Static Event PolicyChanged
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10586.0) Windows Mobile Extension SDK (introduced v10.0.10586.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v2)
Capabilities
enterpriseDataPolicy

ProtectedAccessResumed ProtectedAccessResumed ProtectedAccessResumed

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Event with which the app registers to receive notification that protection has been resumed.

public : static event EventHandler ProtectedAccessResumedpublic static event EventHandler ProtectedAccessResumedPublic Static Event ProtectedAccessResumed
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

Remarks

See the remarks section of the ProtectedAccessSuspending method.

See Also

ProtectedAccessSuspending ProtectedAccessSuspending ProtectedAccessSuspending

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Event with which the app registers to receive notification that protection is to be suspended.

public : static event EventHandler ProtectedAccessSuspendingpublic static event EventHandler ProtectedAccessSuspendingPublic Static Event ProtectedAccessSuspending
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy

Remarks

An app that is designed to handle enterprise content must make sure that it does not keep any sensitive data in memory. To ensure this, it registers for the ProtectedAccessSuspending and ProtectedAccessResumed events to be notified when, for instance, the device is locked or unlocked. ProtectedAccessSuspending is fired before data protection keys provisioned on the device are temporarily removed. These keys are removed when the device is locked in order to prevent unauthorized access to encrypted data while the device is locked. ProtectedAccessResumed is fired once the keys are available again upon device unlock. When the device is locked, the app makes sure that it protects any sensitive content in memory with the DataProtectionManager. It also closes open file handles to its protected files to ensure that the system does not cache any sensitive data in memory.

See Also

ProtectedContentRevoked ProtectedContentRevoked ProtectedContentRevoked

Note

Windows Information Protection (WIP) policy cannot be applied on Windows 10, version 1511 (build 10586) or earlier.

Event with which your app registers to receive notification that protection is to be revoked. When your app receives this event, it should determine from ProtectedContentRevokedEventArgs.Identities which enterprise entities have had protection revoked, and call RevokeContent as well as delete any metadata associated with the identity. This event is not raised when your app calls RevokeContent to revoke its own access.

public : static event EventHandler ProtectedContentRevokedpublic static event EventHandler ProtectedContentRevokedPublic Static Event ProtectedContentRevoked
Attributes
Additional features and requirements
Device family
Windows Desktop Extension SDK (introduced v10.0.10240.0) Windows Mobile Extension SDK (introduced v10.0.10240.0)
API contract
Windows.Security.EnterpriseData.EnterpriseDataContract (introduced v1)
Capabilities
enterpriseDataPolicy
See Also