Windows.Security.EnterpriseData.EnterpriseDataContract

Contains information about the result from protecting or unprotecting an enterprise protected buffer.

Gets the enterprise protected buffer that has been protected or unprotected.

The enterprise protected buffer.

Gets the DataProtectionInfo object concerning the enterprise protected buffer that has been protected or unprotected.

The info object concerning the enterprise protected buffer.

Contains information about an enterprise protected buffer or stream.

The enterprise identity of the enterprise protected buffer or stream.

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

The protection status of the enterprise protected buffer or stream.

A value of the DataProtectionStatus enumeration.

Provides access to operations that manage buffers and streams that are protected to an enterprise identity.

Get the status of an enterprise protected buffer.

The buffer for which protection status is being queried. When the call to this method completes successfully, it returns a DataProtectionInfo object that contains the status of the buffer.

Get the status of an enterprise protected stream.

The stream for which protection status is being queried. When the call to this method completes successfully, it returns a DataProtectionInfo object that contains the status of the stream.

Protect the data in a buffer to an enterprise identity.

The buffer to be protected. The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. When the call to this method completes successfully, it returns a BufferProtectUnprotectResult object that contains the status of the newly protected buffer.

Protect a stream of data to an enterprise identity.

The input, unprotected stream. The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. The output, protected stream. When the call to this method completes successfully, it returns a DataProtectionInfo object that contains the status of the protected stream.

Removes the protection to an enterprise identity from a buffer.

The buffer to be unprotected. When the call to this method completes successfully, it returns a BufferProtectUnprotectResult object that contains the status of the unprotected buffer.

Removes the protection to an enterprise identity from a stream of data.

The input, protected stream. The output, unprotected stream. When the call to this method completes successfully, it returns a DataProtectionInfo object that contains the status of the unprotected stream.

Describes the enterprise identity protection state of a buffer or stream.

The keys to access the protected item have been dropped while the device is locked.

The item's RMS license has expired. This value is not currently supported.

The item is protected.

The item is protected to another enterprise identity.

The protection of the item has been revoked.

The item is not protected to an enterprise identity.

A set of enumerated values together describing the possible Windows Information Protection (WIP) enforcement levels. WIP enforcement level is one aspect of mobile device management (MDM) policy configuration.

The policy calls for the user to be blocked. In response to an attempted action such as pasting data into an unauthorized app, your app should block the action, and audit it.

The policy calls for no protection. Your app should disable WIP behavior if data is protected, and unprotect data.

The policy calls for the user to be allowed to override a warning message. In response to an attempted action such as pasting data into an unauthorized app, your app should prompt the user via an overridable warning message. If the user overrides, then your app should perform the action and audit it.

The policy calls for silent protection. Your app should not prompt in response to an action such as pasting data into an unauthorized app. Instead, your app should silently allow the action, and audit it.

Contains information about an enterprise protected file.

The enterprise identity of the enterprise protected file.

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Determines whether your app can protect a file while it is open.

**true** if your app can protect a file while it is open, or **false** if that capability is not supported on the device.

Specifies if the protection of the enterprise protected file can be roamed to other devices.

**true** if the file's protection can be roamed to other devices.

The protection status of the enterprise protected file.

A value of the FileProtectionStatus enumeration.

Provides access to operations that manage files that are protected to an enterprise identity.

Replicate the file protection of one file onto another file.

The source file, from which file protection is being copied. The target file, to which file protection is being copied. When the call to this method completes successfully, it returns **true** if the file protection was copied, or **false** if there was an error.

Create an enterprise-protected file.

The folder into which to create the enterprise protected file. The desired name of the new enterprise protected file. The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. A CreationCollisionOption value that specifies what to do if *desiredName* already exists. When the call to this method completes successfully, it returns a ProtectedFileCreateResult object representing the newly created protected file.

Get the status of an enterprise-protected file.

The file or folder for which protection status is being queried. When the call to this method completes successfully, it returns a FileProtectionInfo object that contains the status of the file.

Use this property to determine whether the storage file is actually a container with a file contained within it.

The file that you want to determine is a container or not. **true** if the storage file is a container, and **false** if it is not.

Create an enterprise-protected file, and load it from a container file.

The enterprise protected file to be created and loaded. When the call to this method completes successfully, it returns a ProtectedContainerImportResult object representing the newly created protected file.

Create an enterprise-protected file in a specified storage item (such as a folder), and load it from a container file.

The enterprise protected file to be created and loaded. The storage item into which to create the enterprise protected file. When the call to this method completes successfully, it returns a ProtectedContainerImportResult object representing the newly created protected file.

Create an enterprise-protected file in a specified storage item (such as a folder), and load it from a container file.

The enterprise protected file to be created and loaded. The storage item into which to create the enterprise protected file. The enum value that determines how Windows responds if the created file has the same name as an existing item in the container's location. When the call to this method completes successfully, it returns a ProtectedContainerImportResult object representing the newly created protected file.

Protect the data in a file to an enterprise identity. The app can then use standard API to read or write from the file.

The file to be protected. The enterprise identity. This is an email address or domain that is managed. Use ProtectionPolicyManager.IsIdentityManaged to confirm that an email address or domain is managed before using the identity to protect a file. When the call to this method completes successfully, it returns a FileProtectionInfo object that contains the status of the newly protected file.

Save an enterprise-protected file as a containerized version.

The protected source file being copied. When the call to this method completes successfully, it returns a ProtectedContainerExportResult object representing the newly created container file.

Save an enterprise-protected file as a containerized version, and share it with a specified list of user identities.

The protected source file being copied. A collection of strings representing the user identities to share the containerized file with. For example, email recipients. When the call to this method completes successfully, it returns a ProtectedContainerExportResult object representing the newly created container file.

Removes protection from an enterprise-protected file.

The file to unprotect. When the call to this method completes successfully, it returns a FileProtectionInfo object that provides information about the protection status of the file.

Removes protection from an enterprise-protected file.

The file to unprotect. An object that specifies whether to audit this action. When the call to this method completes successfully, it returns a FileProtectionInfo object that provides information about the protection status of the file.

Describes the enterprise protection state of a file or folder.

The keys to access the protected item have been dropped while the device is locked.

The item is being used by another process. You can apply enterprise protection to it only after it becomes exclusively available.

The item's RMS license has expired.

The item is encrypted or is a system file and cannot be protected using enterprise protection.

The item is protected using enterprise protection and you're app can open this file because it is on the allowed list of the policy.

Another user has protected the item using enterprise protection.

ProtectedByOtherUser might be unavailable after Windows 10. Instead, use ProtectedToOtherIdentity.

The item is protected for another enterprise id using enterprise protection.

ProtectedToOtherEnterprise might be unavailable after Windows 10. Instead, use ProtectedToOtherIdentity.

The item is protected for another enterprise identity using enterprise protection.

The item has been revoked using enterprise protection.

The item is either encrypting or decrypting and the enterprise protection status cannot be determined. Check again later.

Undetermined might be unavailable after Windows 10. Instead, use Unknown.

The item is either encrypting or decrypting and the enterprise protection status cannot be determined. Check again later.

The item is not protected using enterprise protection.

Provides access to Selective Wipe operations.

FileRevocationManager might be unavailable after Windows 10. Instead, use FileProtectionManager.

Copy the selective wipe protection state of a file or folder to a new file or folder.

FileRevocationManager might be unavailable after Windows 10. Instead, use FileProtectionManager. The source item to copy the selective wipe protection status from. The target item to copy the selective wipe protection status to. True if the copy operation was successful; otherwise false.

Gets the selective wipe protection status for a file or folder.

FileRevocationManager might be unavailable after Windows 10. Instead, use FileProtectionManager. The file or folder to get the selective wipe protection status for. An aysnchronous operation that retrieves the selective wipe protection status for the *storageItem*.

Protects a file or folder for selective wipe.

FileRevocationManager might be unavailable after Windows 10. Instead, use FileProtectionManager. The file or folder to protect for selective wipe. The enterprise id that the file or folder is protected for. The *enterpriseIdentity* value must be formatted as an Internationalized Domain Name (IDN) and cannot contain spaces. For example, **contoso.com**. An asynchronous operation that retrieves the selective wipe protection status for the *storageItem*.

Revokes all files and folders protected for selective wipe for a specified enterprise id.

FileRevocationManager might be unavailable after Windows 10. Instead, use FileProtectionManager. Revoke all files and folders protected by selective wipe for this enterprise id. The *enterpriseIdentity* value must be formatted as an Internationalized Domain Name (IDN) and cannot contain spaces. For example, **contoso.com**.

Contains options that apply to removing protection from an enterprise-protected file.

Creates an instance of the FileUnprotectOptions class.

Specifies whether to log this action for audit.

Specifies whether to log the unprotect action for audit.

**true** if the removing protection from the file will be logged for audit, otherwise **false**.

Provides data when content protection is resumed.

Contains the enterprise identities for which content protection is being resumed.

The enterprise identities for which content protection is being resumed.

Provides data when content protection is being suspended.

DateTime at which content protection will be suspended. The app can subtract **DateTime.Now** from this value to determine how much time there is to perform any processing before the suspension occurs.

DateTime at which content protection will be suspended.

Contains the enterprise identities for which content protection is being suspended.

The enterprise identities for which content protection is being suspended.

Gets the Deferral object that manages the protection suspension. The app must call **Deferral.Complete** before it returns from the event handler.

The Deferral object.

Represents the result of an enterprise protected file that has been exported to a container file.

The container file that has been exported from an enterprise protected file.

The protection status after an enterprise protected file has been exported to a container file.

A value of the ProtectedImportExportStatus enumeration.

Represents the result of an enterprise protected file that has been imported from a container file.

The enterprise protected file that has been loaded from a container file.

The protection status after an enterprise protected file has been imported from a container file.

A value of the ProtectedImportExportStatus enumeration.

Provides data when content protection has been revoked.

Contains the enterprise identities for which content protection has been revoked.

The enterprise identities for which content protection has been revoked.

Contains information about a newly created enterprise protected file.

The newly created enterprise protected file.

Information about the enterprise protected file.

The stream random access to the newly created enterprise protected file.

Possible status values for an enterprise protected file that has been imported from or exported to a container file.

The keys to access the protected file have been dropped while the device is locked.

The file's RMS license has expired.

The file cannot be roamed to another device.

The file's protection is OK.

The file is inaccessible, as it is protected to a different enterprise identity.

The file's protection has been revoked, and it is inaccessible.

The file's protection can not be determined.

The file is not protected.

Defines constants that specify the audit action.

Indicates that data is being copied to a location.

Indicates a decryption action.

Indicates another action.

Indicates that data is being sent to a recipient.

Represents the information required for auditing.

Initializes a new instance of the class.

The audit action. A description of the data being audited.

Initializes a new instance of the class.

The audit action. A description of the data being audited. A description of the source of the data. A description of the target of the data.

The audit action.

A description of the data being audited.

A description of the source of the data.

A description of the target of the data.

Manages enterprise-protection policy on protected content.

Gets or sets the enterprise identity.

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Use this property to determine whether Windows Information Protection (WIP) is enabled on the device.

**true** if WIP is enabled on the device, otherwise **false**.

Gets the primary enterprise identity.

The primary enterprise identity. This is an email address or domain that is managed. This property returns **null** if there is no managed identity associated with the ProtectionPolicyManager .

A value indicating whether or not the shell should decorate a window to show that it is an enterprise window.

**true** to indicate that the shell should decorate a window to show that it is an enterprise window, otherwise **false**.

An event that is raised in response to changes in Windows Information Protection (WIP) policy managed by the Policy CSP.

Event with which the app registers to receive notification that protection has been resumed.

Event with which the app registers to receive notification that protection is to be suspended.

Event with which your app registers to receive notification that protection is to be revoked. When your app receives this event, it should determine from ProtectedContentRevokedEventArgs.Identities which enterprise entities have had protection revoked, and call RevokeContent as well as delete any metadata associated with the identity. This event is not raised when your app calls RevokeContent to revoke its own access.

Request if access to enterprise-protected content is available to an identity.

The source enterprise identity of the app. This is an email address or domain that is managed. Your app should use IsIdentityManaged to check if an email address or domain is managed. The enterprise identity you want to check has access to the protected content. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Perform enterprise-protection policy evaluation for a data transfer between your app and a specific target app.

The source enterprise identity of the app. This is an email address or domain that is managed. Your app should use IsIdentityManaged to check if an email address or domain is managed. The package family name of the app you want to check has access to the protected content. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Clear UI policy enforcement for an enterprise identity. The app calls this method before it displays non-enterprise-protected content.

Creates a ThreadNetworkContext protected to an enterprise identity. The creation of the context tags all network connections made thereafter on the current thread with the identity, and allows access to enterprise resources that are access controlled by the enterprise's policy.

The enterprise identity. This is an email address or domain that is managed. This may be returned from GetPrimaryManagedIdentityForNetworkEndpoint; otherwise your app should use IsIdentityManaged to confirm that an email address or domain is managed. The protected network context. The app must call ThreadNetworkContext.Close after access to the resource is completed.

You can use this method to determine the current Windows Information Protection (WIP) enforcement level. WIP enforcement level is one aspect of mobile device management (MDM) policy configuration.

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. A value of the EnforcementLevel enumeration.

Returns the ProtectionPolicyManager object associated with the current app window.

The ProtectionPolicyManager object associated with the current app window.

Gets the parent or primary identity of a given child or secondary identity.

The child or secondary identity that you want to use to get the parent or primary identity. The parent or primary identity.

Returns the enterprise identity of a network resource if the resource is on an enterprise-policy-managed endpoint.

The host name or IP address of the network resource. The enterprise identity.

Use this method to check (for a known identity that is managed or ever was managed) whether access to protected data has been revoked since a specified date and time, or is still accessible. Note that the API returns true for an unknown identity (that is, an identity that has never been managed and is not currently managed). This is so that your app can clean up data associated with an identity for which there is no information. For more info, see Remarks.

The enterprise identity protecting the data. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. The date and time from which point forward you want to include in the check. **true** if access has been revoked since the specified date and time, otherwise **false**.

Indicates whether a file needs to be protected by the enterprise identity.

The file that you want to know whether to protect. The enterprise identity. **true** if the file should be protected, otherwise **false**.

Indicates whether a file needs to be protected by the enterprise identity.

The folder that contains files that that you want to know whether to protect. The enterprise identity. The name that you would like to give the file. **true** if files in this folder should be protected, otherwise **false**.

Determines if an enterprise entity is managed by an enterprise policy.

The enterprise identity. This is an email address or domain. **true** if the enterprise identity is managed, or **false** if it is not.

Use this property to determine the value of the ProtectionUnderLockConfigRequired enterprise data protection (WIP) policy.

The enterprise identity you want to check has ProtectionUnderLockConfigRequired policy set. **true** if ProtectionUnderLockConfigRequired policy is set for the identity, otherwise **false**.

Determines whether the policy is configured to protect files that are copied to removable drives by using Azure Information Protection.

The enterprise identity. **true** if files will be protected by using RMS keys, otherwise **false**.

Use this property to determine whether decryption of files protected by Windows Information Protection (WIP) is allowed.

The enterprise identity you want to check has access to the protected content. **true** if decryption of files protected by WIP is allowed, otherwise **false**.

Causes an audit event to be logged.

Request access to enterprise protected content for an identity.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. The enterprise identity to which the content is being disclosed. This is an email address or domain. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the request.

Request access to enterprise protected content for an identity.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. The enterprise identity to which the content is being disclosed. This is an email address or domain. An audit info object; an instance of ProtectionPolicyAuditInfo. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the request.

Request access to enterprise protected content for an identity.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. The enterprise identity to which the content is being disclosed. This is an email address or domain. An audit info object; an instance of ProtectionPolicyAuditInfo. A message that will be displayed in the consent dialog so that the user can make a consent decision. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the request.

Request access to enterprise protected content for an identity

The enterprise identity to which the content is protected. The enterprise identity to which the content is being disclosed. This is an email address or domain. An audit info object; an instance of ProtectionPolicyAuditInfo. A message that will be displayed in the consent dialog so that the user can make a consent decision. A constant that defines how you would like to override default policy behavior. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the request.

Request access to enterprise-protected content for a specific target app.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app can use IsIdentityManaged to confirm that an email address or domain is managed. The description of the App package family name. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Request access to enterprise-protected content for a specific target app.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app can use IsIdentityManaged to confirm that an email address or domain is managed. The description of the App package family name. An audit info object; an instance of ProtectionPolicyAuditInfo. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Request access to enterprise-protected content for a specific target app.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. The enterprise identity to which the content is being disclosed. This is an email address or domain. An audit info object; an instance of ProtectionPolicyAuditInfo. A message that will be displayed in the consent dialog so that the user can make a consent decision. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Request access to enterprise-protected content for a specific target app.

The enterprise identity to which the content is protected. This is an email address or domain that is managed. The enterprise identity to which the content is being disclosed. This is an email address or domain. An audit info object; an instance of ProtectionPolicyAuditInfo. A message that will be displayed in the consent dialog so that the user can make a consent decision. A constant that defines how you would like to override default policy behavior. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Requests access to enterprise-protected content for a specific app.

An array of files to that you want to grant access to. The package name of the app that you want to grant permission to. An audit info object; an instance of ProtectionPolicyAuditInfo. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Requests access to enterprise-protected content for a specific app.

An array of files to that you want to grant access to. The package name of the app that you want to grant the permission to. An audit info object; an instance of ProtectionPolicyAuditInfo. A message that will be displayed in the consent dialog box so that the user can make a consent decision. A constant that defines how you would like to override default policy behavior. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Requests access to enterprise-protected content for a process of an app.

An array of files to that you want to grant access to. The process id of the process that you want to grant the permission to. An audit info object; an instance of ProtectionPolicyAuditInfo. A message that will be displayed in the consent dialog box so that the user can make a consent decision. A constant that defines how you would like to override default policy behavior. A value of the ProtectionPolicyEvaluationResult enumeration that is the result of the query.

Revoke the keys required to access all content protected to the specified enterprise identity.

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed.

Enables UI policy enforcement for an enterprise identity. When an app is about to display a protected file (such as a PDF) or resource (buffer or stream) on its UI, it must enable UI policy enforcement based on the identity the file is protected to. A call to TryApplyProcessUIPolicy ensures that the OS knows about the current context of the app.

The enterprise identity. This is an email address or domain that is managed. Your app should use IsIdentityManaged to confirm that an email address or domain is managed. **true** if the identity is being managed by an enterprise policy, or **false** if it is not.

Defines constants that you can use to override default behavior of the request access overloads of the ProtectionPolicyManager class.

Indicates that an override action behaves as expected.

Indicates that an override action behaves as a block action.

A protected network context for an enterprise identity. The creation of the context tags all network connections made thereafter on the current thread with the identity, and allows access to enterprise resources that are access controlled by the enterprise's policy.

Closes the protected network context. To avoid race conditions against other tasks, the app must call Close after access to the protected resource is initiated.