Share via


ProtectionPolicyManager.ProtectedAccessSuspending Event

Definition

Note

Starting in July 2022, Microsoft is deprecating Windows Information Protection (WIP) and the APIs that support WIP. Microsoft will continue to support WIP on supported versions of Windows. New versions of Windows won't include new capabilities for WIP, and it won't be supported in future versions of Windows. For more information, see Announcing sunset of Windows Information Protection.

For your data protection needs, Microsoft recommends that you use Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention. Purview simplifies the configuration set-up and provides an advanced set of capabilities.

Event with which the app registers to receive notification that protection is to be suspended.

// Register
static event_token ProtectedAccessSuspending(EventHandler<ProtectedAccessSuspendingEventArgs> const& handler) const;

// Revoke with event_token
static void ProtectedAccessSuspending(event_token const* cookie) const;

// Revoke with event_revoker
static ProtectionPolicyManager::ProtectedAccessSuspending_revoker ProtectedAccessSuspending(auto_revoke_t, EventHandler<ProtectedAccessSuspendingEventArgs> const& handler) const;
public static event System.EventHandler<ProtectedAccessSuspendingEventArgs> ProtectedAccessSuspending;
function onProtectedAccessSuspending(eventArgs) { /* Your code */ }
Windows.Security.EnterpriseData.ProtectionPolicyManager.addEventListener("protectedaccesssuspending", onProtectedAccessSuspending);
Windows.Security.EnterpriseData.ProtectionPolicyManager.removeEventListener("protectedaccesssuspending", onProtectedAccessSuspending);
- or -
Windows.Security.EnterpriseData.ProtectionPolicyManager.onprotectedaccesssuspending = onProtectedAccessSuspending;
Public Shared Custom Event ProtectedAccessSuspending As EventHandler(Of ProtectedAccessSuspendingEventArgs) 

Event Type

Windows requirements

App capabilities
enterpriseDataPolicy

Remarks

An app that is designed to handle enterprise content must make sure that it does not keep any sensitive data in memory. To ensure this, it registers for the ProtectedAccessSuspending and ProtectedAccessResumed events to be notified when, for instance, the device is locked or unlocked. ProtectedAccessSuspending is fired before data protection keys provisioned on the device are temporarily removed. These keys are removed when the device is locked in order to prevent unauthorized access to encrypted data while the device is locked. ProtectedAccessResumed is fired once the keys are available again upon device unlock. When the device is locked, the app makes sure that it protects any sensitive content in memory with the DataProtectionManager. It also closes open file handles to its protected files to ensure that the system does not cache any sensitive data in memory.

Applies to

See also