Windows Dev Center

Windows.Security.EnterpriseData namespace

Contains classes that support Enterprise Data Protection (EDP).

Members

The Windows.Security.EnterpriseData namespace has these types of members:

Classes

The Windows.Security.EnterpriseData namespace has these classes.

ClassDescription
BufferProtectUnprotectResult Contains information about the result from protecting or unprotecting an enterprise protected buffer.
DataProtectionInfo Contains information about an enterprise protected buffer or stream.
DataProtectionManager Provides access to operations that manage buffers and streams that are protected to an enterprise identity.
FileProtectionInfo Contains information about an enterprise protected file.
FileProtectionManager Provides access to operations that manage files that are protected to an enterprise identity.
FileRevocationManager Provides access to Selective Wipe operations.
ProtectedAccessResumedEventArgs Provides data when content protection is resumed.
ProtectedAccessSuspendingEventArgs Provides data when content protection is being suspended.
ProtectedContainerExportResult Represents the result of an enterprise protected file that has been exported to a container file.
ProtectedContainerImportResult Represents the result of an enterprise protected file that has been imported from a container file.
ProtectedContentRevokedEventArgs Provides data when content protection has been revoked.
ProtectedFileCreateResult Contains information about a newly created enterprise protected file.
ProtectionPolicyManager Manages enterprise protection policy on protected content.
ThreadNetworkContext A protected network context for an enterprise identity.

 

Enumerations

The Windows.Security.EnterpriseData namespace has these enumerations.

EnumerationDescription
DataProtectionStatus Describes the enterprise identity protection state of a buffer or stream.
FileProtectionStatus Describes the selective wipe protection state of a file or folder.
ProtectedImportExportStatus Possible status values for an enterprise protected file that has been imported from or exported to a container file.
ProtectionPolicyEvaluationResult Possible results when access to protected content is requested or queried.

 

Remarks

You can use selective wipe to identify protected files in your app that can be revoked when a user of your app is no longer authorized to your app data. This is a common scenario for businesses that allow employees to bring their own device to work. When the employee leaves the company, the company files on their personal device can be removed.

For example, an employee brings their personal tablet computer to the office and uses it for business e-mails. The e-mail app can protect all files that are used to store company e-mails locally on the computer using Selective Wipe. This associates those files with the company using an enterprise identifier, such as "sample.com". If the user is no longer an employee of the company, then the next time that they open the company e-mail app, the app can determine that the user is no longer an employee and tell Selective Wipe to revoke access to all files protected for their enterprise identifier. When the app attempts to access a file and determines that it is revoked, the app can then delete the file.


ApplicationData appRootFolder = ApplicationData.Current;
string enterpriseIdentity = "example.com";
int AccessDeniedHResult = -2147024891;  // Access Denied (0x80070005)



// Add a folder and protect it using Selective Wipe.
private async Task<StorageFolder> AddFolder(string folderName)
{
    StorageFolder newFolder = await appRootFolder.LocalFolder.CreateFolderAsync(folderName);

    var status = await ProtectItem(newFolder, enterpriseIdentity);

    return newFolder;
}

// Add a file and protect it using Selective Wipe.
private async Task<StorageFile> AddFile(string fileName, StorageFolder folder)
{
    StorageFile newFile = await folder.CreateFileAsync(fileName);

    var status = 
        await Windows.Security.EnterpriseData.FileRevocationManager.
            GetStatusAsync(newFile);

    if (status != Windows.Security.EnterpriseData.FileProtectionStatus.Protected)
    {
        status = await ProtectItem(newFile, enterpriseIdentity);
    }

    return newFile;
}

private async Task<Windows.Security.EnterpriseData.FileProtectionStatus> 
    ProtectItem(IStorageItem item, string enterpriseIdentity)
{
    var status = 
        await Windows.Security.EnterpriseData.FileRevocationManager.
            ProtectAsync(item, enterpriseIdentity);

    return status;
}



private async Task<IRandomAccessStream> GetFileContents(string filePath)
{
    IRandomAccessStream stream = null;
    StorageFile file = null;

    try
    {
        file = await StorageFile.GetFileFromPathAsync(filePath);
        stream = await file.OpenReadAsync();
    }
    catch (UnauthorizedAccessException e)
    {
        if (e.HResult == AccessDeniedHResult)
        {
            // Delete file if it has been revoked.
            SelectiveWipeCleanup(file);
        }

        return null;
    }

    return stream;
}

// Delete items revoked by Selective Wipe.
private async void SelectiveWipeCleanup(StorageFile file)
{
    var status = await Windows.Security.EnterpriseData.FileRevocationManager.GetStatusAsync(file);
    if (status == Windows.Security.EnterpriseData.FileProtectionStatus.Revoked)
    {
        await file.DeleteAsync();
    }
}



var appRootFolder = Windows.Storage.ApplicationData.current;
var enterpriseIdentity = "example.com";
var accessDeniedHResult = -2147024891;  // Access Denied (0x80070005)



// Add a folder and protect it using Selective Wipe.
function addFolder(folderName) {
    appRootFolder.localFolder.createFolderAsync(folderName).then(
        function (newFolder) {
            protectItem(newFolder);
        });
}

// Add a file and protect it using Selective Wipe.
function addFile(fileName, folder) {
    folder.createFileAsync(fileName).then(
        function (newFile) {
            Windows.Security.EnterpriseData.
                FileRevocationManager.getStatusAsync(newFile).then(
                    function (status) {
                        if (status != Windows.Security.EnterpriseData.
                                FileProtectionStatus.Protected) {
                            protectItem(newFile, enterpriseIdentity);
                        }
                    });
        },
        function (err) {
            // Handle error. For example, file already exists.
        });
}

function protectItem(item, enterpriseIdentity) {
    Windows.Security.EnterpriseData.FileRevocationManager.
        protectAsync(item, enterpriseIdentity).then(
            function (status) {
                return status;
            });
}



function getFileContents(filePath) {
    var stream;
    var file;

    Windows.Storage.StorageFile.getFileFromPathAsync(filePath).then(
        function (f) {
            file = f;
            file.openReadAsync().then(
                function (s) {
                    stream = s;
                    return stream;
                },
                function (err) {
                    if (err.number == accessDeniedHResult) {
                        // Delete file if it has been revoked.
                        selectiveWipeCleanup(file);
                    }
                });
        });

    return null;
}

// Delete items revoked by Selective Wipe.
function selectiveWipeCleanup(file) {
    Windows.Security.EnterpriseData.FileRevocationManager.
        getStatusAsync(file).then(
            function (status) {
                if (status == 
                    Windows.Security.EnterpriseData.FileProtectionStatus.revoked) {
                        file.deleteAsync();
                }
        });

}



function initializeApp(userName) {
    if (getUserStatus(userName) == "Not Found") {
        Windows.Security.EnterpriseData.FileRevocationManager.revoke(enterpriseIdentity);
    }
}


Requirements

Minimum supported client

Windows 8

Minimum supported server

Windows Server 2012

Minimum supported phone

None supported

Namespace

Windows.Security.EnterpriseData
Windows::Security::EnterpriseData [C++]

Metadata

Windows.winmd

 

 

Show:
© 2015 Microsoft