BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Windows Information Protection is a feature built into Windows 10 that allows IT shops to control and manage business data separately from personal data on users' devices.
Formerly known as enterprise data protection, Windows Information Protection (WIP) debuted in the Windows 10 Anniversary Update. In addition to separating business and personal data, IT administrators can use WIP to determine which users and which applications have access to what data and what users can do with corporate data. For example, IT can prevent users from copying corporate data from an approved app and pasting it in an unapproved app. They can also prevent users from moving data to removable disks or sending it to cloud-based tools such as Dropbox.
Users do not have to access a special app or enter a specific mode for WIP to work. Microsoft designed WIP to deliver the data protection IT requires while allowing users to continue to work with the apps they are familiar with.
To set policies for WIP, admins can use Microsoft System Center Configuration Manager, Microsoft Intune or third-party mobile device management tools. Admins can apply WIP settings on a user-by-user basis so if two or more users share a device, IT can assign different permissions to each user. Admins can apply WIP policies to line-of-business apps and consumer apps. When users access a protected website or app through the Microsoft Edge browser, a briefcase appears in the URL bar to indicate they are now subject to WIP rules.
After admins decide which applications and users can access what data, they must select a level of protection to put on the data. WIP offers four protection levels:
Block prevents users from taking unauthorized actions, including sharing data outside the corporate network;
Override alerts users when they try to perform an unauthorized action, but the user can go through with the action anyway. If the user ignores the warning, WIP logs that information and includes it in its audit log;
Silent essentially runs in the background, tracking users' actions without stopping them. This option still blocks users from seeing information they are not authorized to view;
Off deactivates WIP.
Admins next set network locations for the data, which designates the data approved apps can access. WIP automatically encrypts any data users download from a registered network location. WIP also protects any new data approved apps generate. Admins can give users the option to mark new data as business or personal.
WIP delivers audit reports to IT admins that detail user behavior. It also works with Microsoft Office 365 Pro Plus and Azure Rights Management so WIP can protect data after it leaves a user's device or is shared.