manage_information_protection_policies
Manage Azure Information Protection policies to classify, encrypt, and control access to sensitive data across Microsoft 365 services.
Instructions
Manage Azure Information Protection policies for data classification, encryption, and rights management.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Action to perform on information protection policy | |
| policyId | No | Information protection policy ID for specific operations | |
| displayName | No | Display name for the policy | |
| description | No | Description of the policy | |
| scope | No | Policy scope | |
| settings | No | Policy settings |
Implementation Reference
- The core handler function implementing manage_information_protection_policies tool logic. Handles CRUD operations on Microsoft Purview information protection label policies via Graph API /security/informationProtection/labelPolicies endpoint.export async function handleInformationProtectionPolicies( graphClient: Client, args: InformationProtectionPolicyArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; switch (args.action) { case 'list': // List all information protection policies apiPath = '/security/informationProtection/labelPolicies'; result = await graphClient.api(apiPath).get(); break; case 'get': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for get action'); } apiPath = `/security/informationProtection/labelPolicies/${args.policyId}`; result = await graphClient.api(apiPath).get(); break; case 'create': if (!args.displayName) { throw new McpError(ErrorCode.InvalidParams, 'displayName is required for create action'); } const infoPolicyPayload = { displayName: args.displayName, description: args.description || '', settings: args.settings || {} }; apiPath = '/security/informationProtection/labelPolicies'; result = await graphClient.api(apiPath).post(infoPolicyPayload); break; case 'update': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for update action'); } const updatePayload: any = {}; if (args.displayName) updatePayload.displayName = args.displayName; if (args.description) updatePayload.description = args.description; if (args.settings) updatePayload.settings = args.settings; apiPath = `/security/informationProtection/labelPolicies/${args.policyId}`; result = await graphClient.api(apiPath).patch(updatePayload); break; case 'delete': if (!args.policyId) { throw new McpError(ErrorCode.InvalidParams, 'policyId is required for delete action'); } apiPath = `/security/informationProtection/labelPolicies/${args.policyId}`; await graphClient.api(apiPath).delete(); result = { message: `Information protection policy ${args.policyId} deleted successfully` }; break; default: throw new McpError(ErrorCode.InvalidParams, `Unknown action: ${args.action}`); } return { content: [{ type: 'text', text: `Information Protection Policy ${args.action} operation completed:\n\n${JSON.stringify(result, null, 2)}` }] }; }
- src/schemas/policy-schemas.ts:92-105 (schema)Zod schema defining input parameters for the manage_information_protection_policies tool, including actions (list/get/create/update/delete), policy details, and settings.export const informationProtectionPolicyArgsSchema = z.object({ action: z.enum(['list', 'get', 'create', 'update', 'delete']).describe('Action to perform on information protection policy'), policyId: z.string().optional().describe('Information protection policy ID for specific operations'), displayName: z.string().optional().describe('Display name for the policy'), description: z.string().optional().describe('Description of the policy'), scope: z.enum(['User', 'Organization']).optional().describe('Policy scope'), settings: z.object({ defaultLabelId: z.string().optional().describe('Default sensitivity label ID'), requireJustification: z.boolean().optional().describe('Require justification for label changes'), mandatoryLabelPolicy: z.boolean().optional().describe('Mandatory labeling policy'), outlookDefaultLabel: z.string().optional().describe('Default label for Outlook'), powerBIDefaultLabel: z.string().optional().describe('Default label for Power BI'), }).optional().describe('Policy settings'), });
- src/tool-metadata.ts:240-243 (schema)Tool metadata providing description, title, and annotations (readOnlyHint, destructiveHint, etc.) for the manage_information_protection_policies tool.manage_information_protection_policies: { description: "Manage Azure Information Protection policies for data classification, encryption, and rights management.", title: "Information Protection Policy Manager", annotations: { title: "Information Protection Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true }
- src/types/policy-types.ts:92-105 (helper)TypeScript interface defining the structure of arguments for the information protection policies handler.export interface InformationProtectionPolicyArgs { action: 'list' | 'get' | 'create' | 'update' | 'delete'; policyId?: string; displayName?: string; description?: string; scope?: 'User' | 'Organization'; settings?: { defaultLabelId?: string; requireJustification?: boolean; mandatoryLabelPolicy?: boolean; outlookDefaultLabel?: string; powerBIDefaultLabel?: string; }; }
- src/tool-definitions.ts:533-533 (registration)Export of the informationProtectionPolicyArgsSchema used for tool registration and discovery in MCP server.informationProtectionPolicyArgsSchema,