office365microsoft-information-protectionazure-information-protectionmip-sdk

MIP label visibility issue


I am using C++ MIPSDK version 1.14.108 to read\write MIP labels on the documents. It using client credential grant flow to authenticate and uses client secret based authentication to fetch tokens (RMS token and non-RMS) both. I am able to read\write MIP labels on all files and see them through

  1. Using Azure Information Protection client add-in
  2. In office document's custom attributes
  3. In title bar (O365 version)'
  4. Right click and select the "Classify and Protect" context menu

Everything works fine in my local environment and I am able to read and write labels and see them. But when I tested same code in one of our customer environment from API we are not getting any error and write API is successful but when I try to see the label not able to see that label information by any of the above methods, but when I query label information from the file API returns the same label, which I have written. If customer sets the label using office add-in UI then that label is getting shown without any issue. So, I am not able to understand what could be the issue here ?

Few more details about customer's environment

  1. Customers have proxy configured in their environment and all traffic goes through proxy. They have whitelisted machine IPs with proxy server.
  2. Customer have auto label policy enabled means everytime they create a office file they have to choose a default label to apply.
  3. Happening with two different customers and same behavior where label shown on office application is default label, but when I query through MIPSDK it returns the correct MIP label applied during previous write call.

Solution

  • It appears that customer have two tenants, one used in production and another used foe testing. They have MIP label hierarchy and name by looking at the label names only one can't differentiate whether MIP label belongs to Production tenant or test tenant. User was logged into OS and all applications using production tenant only but through API they were using the test tenant detail hence when the MIP label is applied using MIPSDK it was not visible in office application (Because user was logged in using production tenant detail)