manage_information_protection_policies
Configure and manage Azure Information Protection policies to control data classification, encryption, and rights management across your Microsoft 365 environment.
Instructions
Manage Azure Information Protection policies for data classification, encryption, and rights management.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Action to perform on information protection policy | |
| policyId | No | Information protection policy ID for specific operations | |
| displayName | No | Display name for the policy | |
| description | No | Description of the policy | |
| scope | No | Policy scope | |
| settings | No | Policy settings |
Implementation Reference
- Main handler function implementing CRUD operations for Azure Information Protection policies using Microsoft Graph API /security/informationProtection/labelPolicies endpoint.export async function handleInformationProtectionPolicies( graphClient: Client, args: InformationProtectionPolicyArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; switch (args.action) { case 'list': // List all information protection policies apiPath = '/security/informationProtection/labelPolicies'; result = await graphClient.api(apiPath).get(); break; case 'get': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for get action'); } apiPath = `/security/informationProtection/labelPolicies/${args.policyId}`; result = await graphClient.api(apiPath).get(); break; case 'create': if (!args.displayName) { throw new McpError(ErrorCode.InvalidParams, 'displayName is required for create action'); } const infoPolicyPayload = { displayName: args.displayName, description: args.description || '', settings: args.settings || {} }; apiPath = '/security/informationProtection/labelPolicies'; result = await graphClient.api(apiPath).post(infoPolicyPayload); break; case 'update': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for update action'); } const updatePayload: any = {}; if (args.displayName) updatePayload.displayName = args.displayName; if (args.description) updatePayload.description = args.description; if (args.settings) updatePayload.settings = args.settings; apiPath = `/security/informationProtection/labelPolicies/${args.policyId}`; result = await graphClient.api(apiPath).patch(updatePayload); break; case 'delete': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for delete action'); } apiPath = `/security/informationProtection/labelPolicies/${args.policyId}`; await graphClient.api(apiPath).delete(); result = { message: `Information protection policy ${args.policyId} deleted successfully` }; break; default: throw new McpError(ErrorCode.InvalidParams, `Unknown action: ${args.action}`); } return { content: [{ type: 'text', text: `Information Protection Policy ${args.action} operation completed:\n\n${JSON.stringify(result, null, 2)}` }] }; }
- src/schemas/policy-schemas.ts:92-105 (schema)Zod input schema defining parameters for the manage_information_protection_policies tool, including actions (list/get/create/update/delete), policy details, scope, and settings.export const informationProtectionPolicyArgsSchema = z.object({ action: z.enum(['list', 'get', 'create', 'update', 'delete']).describe('Action to perform on information protection policy'), policyId: z.string().optional().describe('Information protection policy ID for specific operations'), displayName: z.string().optional().describe('Display name for the policy'), description: z.string().optional().describe('Description of the policy'), scope: z.enum(['User', 'Organization']).optional().describe('Policy scope'), settings: z.object({ defaultLabelId: z.string().optional().describe('Default sensitivity label ID'), requireJustification: z.boolean().optional().describe('Require justification for label changes'), mandatoryLabelPolicy: z.boolean().optional().describe('Mandatory labeling policy'), outlookDefaultLabel: z.string().optional().describe('Default label for Outlook'), powerBIDefaultLabel: z.string().optional().describe('Default label for Power BI'), }).optional().describe('Policy settings'), });
- src/types/policy-types.ts:92-105 (schema)TypeScript interface defining the arguments structure for the information protection policy handler.export interface InformationProtectionPolicyArgs { action: 'list' | 'get' | 'create' | 'update' | 'delete'; policyId?: string; displayName?: string; description?: string; scope?: 'User' | 'Organization'; settings?: { defaultLabelId?: string; requireJustification?: boolean; mandatoryLabelPolicy?: boolean; outlookDefaultLabel?: string; powerBIDefaultLabel?: string; }; }
- src/tool-metadata.ts:240-243 (registration)Tool metadata registration providing description, title, and behavioral annotations (readOnlyHint, destructiveHint, etc.) for the manage_information_protection_policies tool.manage_information_protection_policies: { description: "Manage Azure Information Protection policies for data classification, encryption, and rights management.", title: "Information Protection Policy Manager", annotations: { title: "Information Protection Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true }