Windows Information Protection
License: Gold
Applicable to: Windows 10+
A Windows Information Protection (WIP) configuration defines WIP settings to protect enterprise data. This configuration can be applied to devices enrolled under management. You can also view WIP details for a configured device on the overview page of that device.
Setting Up Windows Information Protection for Windows
Procedure
- Go to Configuration > +Add.
- Select the Windows Information Protection configuration.
- Enter a name for the configuration.
- Enter a description.
- In the Configuration Setup section, specify the remaining settings as described in the following table.
- Click Next.
- Select a distribution for this configuration.
Category |
Setting |
What To Do |
---|---|---|
Name |
Enter a name that identifies this configuration. |
|
|
Description |
Enter a description that clarifies the purpose of this configuration. |
Enterprise Information |
All Versions (Windows 10+) |
|
Protected Domain Names |
Specify the list of identities for which Data Protection policies are configured. Emails and other data associated with these identities will be considered enterprise and protected.
|
|
|
Network Domain names |
Specify the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected.
|
|
Cloud Resources |
Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. Specify one or more domain names with optional proxy addresses in brackets.
|
|
IP Range |
Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges.
|
|
Neutral Resources |
Specifies the list of domain names that can be used for work or personal resource. |
Proxy Servers |
Specifies the comma-separated list of proxy servers. Any server on this list is considered non-enterprise.
|
|
|
Internal Proxy Servers |
Specifies the comma-separated list of internal proxy servers.
|
Data Protection |
All Versions (Windows 10+) |
|
|
Enforcement Level |
Choose one of the following enforcement levels:
Except in the Off mode, any data or app that was not supposed to use enterprise data or resources will be logged on the device. That data can be removed from the device using another configuration service provider (CSP). |
Data Recovery Certificate |
Specify a recovery certificate that can be used for data recovery of encrypted files.
You can also select one or more of the following options:
|
|
RMS |
All Versions (Windows 10+) |
|
Allow Azure RMS |
Specify whether to allow Azure Rights Management (Azure RMS) encryption for WIP. |
|
RMS Template ID |
Specify TemplateID GUID to use for RMS encryption. The RMS template allows the admins to configure the details about who has access to RMS-protected file and how long they have access. |
|
App Control |
All Versions (Windows 10+) |
|
Specify a collection of apps that are built under the Apps > App Catalog page with a value of WIP. Specify the rule definitions for the apps using the following set of parameters: |
||
App Type |
Select one of the following app types:
|
|
App Identifier |
Select the app from the choices displayed to add it to the App Identifier. You can also click Lookup Apps. |
|
App Description |
Enter a description for the app. |