Azure Information Protection | How to decrypt .EMLs coming from EWS API?

Question

Given:

1. We use EWS API to download email messages from Office 365 (Exchange Online)
2. When emails are encrypted using AIP, body comes in encrypted
3. Admin user is super-user - this user's creds are used to make requests against EWS

Ask:

1. In order to decrypt, it seems that we need to use https://learn.microsoft.com/en-us/information-protection/develop/concept-handler-protection-cpp. Is this the correct API to use?
2. If so, above API is in C++. Is there anything available in C#?

3. Simple samples of how to decrypt a message would be appreciated?

4. Final question, is there a way to avoid decryption all together by setting some higher-level permission on the user that we use for EWS?

Answer 1

We shipped support this week for decryption of MSG files. We don't yet support protected EML files. You may be able to convert the EML to MSG, then use the functionality we announced here to decrypt.

The File API package is available via NuGet. This package includes both .NET and native libraries.

All of our samples are available here. I haven't published a decryption example, yet, but you need to call FileHandler.RemoveProtection() followed by FileHandler.CommitAsync() and that'll give you the decrypted output.