Android MIP Policy SDK Integration Failed, Microsoft Graph REST API Unresponsive in Postman

Gautam Badveti 0 Reputation points
2024-10-25T02:03:52.75+00:00

I am an android developer, and we are trying to integrate MIP policy sdk in our app with libmip_upe_sdk.so.We can get the token successfully, but there is an inner exception while adding PolicyEngine:PolicyProfileObserverImpl::OnAddEngineFailure: Inner exception: ['Failed to execute web request, NetworkError.Category=Unknown, HttpRequest.SanitizedUrl=https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies, HttpRequest.Id={E9BD1951-E99D-4761-BD16-5FB7D7DEA263}'], CorrelationId=1ec2187d-07f5-42b8-871e-3d0fe5a8b429, CorrelationId.Description=PolicyProfile

We tried the same code/configuration on the Windows side with no issue.

In addition, we noticed that there are Microsoft Graph REST APIs provided: https://learn.microsoft.com/en-us/graph/api/security-informationprotection-list-sensitivitylabels?view=graph-rest-beta&tabs=http#examples, but when we tried to test it with postman, it returned 403 Forbidden with UnknownError.
User's image

Can someone help me understand why this happening and what I can do to fix it?

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
551 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Smaran Thoomu 18,710 Reputation points Microsoft Vendor
    2024-10-25T14:36:45.66+00:00

    Hi @Gautam Badveti

    Welcome to Microsoft Q&A platform and thanks for posting your query here.

    It looks like the 403 Forbidden error you're encountering while testing the Microsoft Graph REST API for sensitivity labels in Postman is due to permission issues. Here are a few steps to help resolve this:

    1. Ensure that your Azure AD app has the appropriate Microsoft Graph API permissions assigned. In this case, you'll need:
      • SecurityActions.Read.All
      • InformationProtectionPolicy.Read
      • Go to Azure Portal > Azure Active Directory > App Registrations > Your App > API Permissions to verify these.
    2. If these permissions require admin consent, ensure that the admin has granted it. This is necessary for certain security or information protection scopes.
    3. Make sure your token includes the right scopes for the API. You can check the token in Postman to ensure it contains scopes like https://graph.microsoft.com/.default or SecurityActions.Read.All.
    4. Verify that you are using the correct endpoint and API version. You are currently using the beta version (/beta/security/informationProtection/sensitivityLabels), which can sometimes have more restrictions. If possible, try using the v1.0 endpoint if it's available.
    5. Ensure that the user or service principal making the API call has the necessary roles, such as Security Administrator or Global Administrator.

    I hope these steps resolves the issue, try the request again. If you continue to face issues, please let us know if you have any questions.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.