cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Important Update for MIP SDK 1.2 and 1.3
By
Tom Moser
Published Oct 16 2019 09:43 PM 3,489 Views
Tom Moser
Microsoft
‎Oct 16 2019 09:43 PM

Important Update for MIP SDK 1.2 and 1.3

‎Oct 16 2019 09:43 PM

MIP SDK Service Discovery Cache Fix

We recently discovered a bug in the Microsoft Information Protection SDK that may cause MIP SDK clients to fail to download policy updates. The root cause has to do with how we cache service discovery information. We've released updates for MIP SDK versions 1.2 and 1.3. You can find those updates here:

 

Root Cause

When the MIP SDK fetches the label policy for a specific user, it makes a call to https://dataservice.protection.outlook.com. This endpoint looks up the service location for that specific user and returns an HTTP 301, redirecting the client to an endpoint specific to their location in the Exchange Online infrastructure. That will look something like this: https://nam01b.dataservice.protection.outlook.com. The SDK caches this 301 redirect. The next time the client needs to fetch policy, the SDK uses this cached result to skip discovery and directly connects to the endpoint.

 

Occasionally, the Office 365 team moves tenants to different segments of the Exchange Online infrastructure. In the event that a client has already cached the endpoint from the 301 redirect and then the tenant is moved elsewhere, the endpoint in Office will return another HTTP 301 redirect with the new location. The SDK will treat this as an error, as it thinks it already has the authoritative result, and tries again to fetch labels. It retries a few times, then fails.

The result is that clients that have already fetched policy will never update policy if administrators make updates to the policy.

 

Workaround

This issue applies only if the MIP SDK implementation is using the on disk cache. If the cache is in memory, simply restart the application to resolve. For applications using the on disk cache, you must:

  • End the process that is using MIP SDK.
  • Remove the MIP cache storage. The location of this will vary by application implementation, but the databases are called mip.policies.sqlite3 and mip.protection.sqlite3. The SDK will recreate them at next app launch.

 

 

The Azure Information Protection Unified Labeling client, which uses the MIP SDK, can be reset by the user navigating to Sensitivity -> Help and Feedback -> Reset Settings. The client will clear its cache and update policy. 

 

Please leave any questions or comments below!

 

-@Tom Moser and the MIP SDK Team

2 Comments
Version history
Last update:
‎May 11 2021 02:07 PM
Updated by:
Labels