Reputation: 5552
Exception decrypting .msg files using MIP SDK: NoPolicyException: Label policy did not contain data
I followed this and this to decrypt .msg using the MIP SDK. Following is my code:
class Program
{
private const string clientId = "[test client id here]";
private const string appName = "MIPSDKTestApp";
static void Main(string[] args)
{
Console.WriteLine("Provide path to protected msg file:");
string inputFilePath = Console.ReadLine();
string outputFilePath = Path.Combine(Path.GetDirectoryName(inputFilePath), "Unprotected_" + Path.GetFileName(inputFilePath));
// Initialize Wrapper for File API operations.
MIP.Initialize(MipComponent.File);
// Create ApplicationInfo, setting the clientID from Azure AD App Registration as the ApplicationId.
ApplicationInfo appInfo = new ApplicationInfo()
{
ApplicationId = clientId,
ApplicationName = appName,
ApplicationVersion = "1.0.0"
};
// Instantiate the AuthDelegateImpl object, passing in AppInfo.
AuthDelegateImplementation authDelegate = new AuthDelegateImplementation(appInfo);
MipContext mipContext = MIP.CreateMipContext(appInfo,
"mip_data",
LogLevel.Trace,
null,
null);
// Initialize and instantiate the File Profile.
// Create the FileProfileSettings object.
// Initialize file profile settings to create/use local state.
var profileSettings = new FileProfileSettings(mipContext,
CacheStorageType.OnDiskEncrypted,
new ConsentDelegateImplementation());
// Load the Profile async and wait for the result.
var fileProfile = Task.Run(async () => await MIP.LoadFileProfileAsync(profileSettings)).Result;
// Create a FileEngineSettings object, then use that to add an engine to the profile.
var customSettings = new List<KeyValuePair<string, string>>();
customSettings.Add(new KeyValuePair<string, string>("enable_msg_file_type", "true"));
// Create a FileEngineSettings object, then use that to add an engine to the profile.
var engineSettings = new FileEngineSettings("[user@tenant]", authDelegate, "", CultureInfo.CurrentCulture.Name);
engineSettings.Identity = new Identity("[user@tenant]");
//set custom settings for the engine
engineSettings.CustomSettings = customSettings;
var fileEngine = Task.Run(async () => await fileProfile.AddEngineAsync(engineSettings)).Result; // EXCEPTION THROWN HERE
var handler = Task.Run(async () => await fileEngine.CreateFileHandlerAsync(inputFilePath,
inputFilePath,
true)).Result;
handler.RemoveProtection();
var result = Task.Run(async () => await handler.CommitAsync(outputFilePath)).Result;
// Application Shutdown
handler = null; // This will be used in later quick starts.
fileEngine = null;
fileProfile = null;
mipContext = null;
}
}
However it throws the following error:
NoPolicyException: Label policy did not contain data, CorrelationId=3268dfdf-2ea3-4958-9c72-fe88ae3c6f59, CorrelationId.Description=PolicyProfile, NoPolicyError.Category=SyncFile, NoPolicyError.Category=SyncFile
at
var fileEngine = Task.Run(async () => await fileProfile.AddEngineAsync(engineSettings)).Result;
Can canyone point out what I am doing wrong?
Upvotes: 0
Views: 749
Answers (2)
Reputation: 51
The official documentation contains information related to this issue.
This is Summary.
The error NoPolicyException: Label policy didn't contain data occurs when trying to read or list labels via the MIP SDK. It typically indicates that a label policy hasn't been published in the Microsoft Purview compliance portal. To resolve this, you should create and configure sensitivity labels and their policies. If the policy is already published, ensure the user's account is included in the groups listed in the label policy's "published to" section. External users, such as guest users, cannot access another organization's label policies. For these users, implement a retry mechanism, setting the ProtectionOnlyEngine property to true in FileEngineSettings to allow protection operations without labeling
In my case, when I tried to open a file that had a label policy and sensitivity label applied from Tenant A in Tenant B, I encountered the same error. In this scenario, setting engineSettings.ProtectionOnlyEngine = true; did not work, and I needed to have the label policy and sensitivity labels specific to the respective tenant
Upvotes: 0
Reputation: 786
It seems that you haven't configured or published a label policy in Security and Compliance Center (https://security.microsoft.com).
For this use case, you don't necessarily need to publish labels. Add this to your engine settings:
engineSettings.ProtectionOnlyEngine = true;
That'll skip loading the policy and should allow you to decrypt the MSG files. You won't be able to read or apply labels until you publish the label policy and remove that setting, though.
Upvotes: 2
Related Questions
- Mimekit - ASN1 bad tag value met when decrypting graph api mime message
- MIP SDK Getting Access Denied error while invoking profile AddEngineAsync
- MIP SDK setting unexpected ContentBits metadata
- Decrypting an encrypted office 365 email from MS 365 Personal account using MIP SDK
- Microsoft.InformationProtection.Exceptions.AccessDeniedException: The service didn't accept the auth token
- LoadLibrary failed for: [sdk_wrapper_dotnet.dll] when calling MIP SDK for labeling a document from Azure Function
- Azure mip sdk Error: NoPolicyException: Compliance policy not configured: missing <policy> tag,
- MIP SDK error: LoadLibrary failed for: [sdk_wrapper_dotnet.dll] using c#
- Decrypting an mcrypt file in .Net (C#)
- Unable to decrypt p7m using MimeKit