-The **Create Configuration Item Wizard** starts. - -  - -3. On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes. - -4. In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use Configuration Manager for device management, and then select **Next**. - - - **Settings for devices managed with the Configuration Manager client:** Windows 10 - - -OR- - - - **Settings for devices managed without the Configuration Manager client:** Windows 8.1 and Windows 10 - -5. On the **Supported Platforms** screen, select the **Windows 10** box, and then select **Next**. - -  - -6. On the **Device Settings** screen, select **Windows Information Protection**, and then select **Next**. - -  - -The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization. - -## Add app rules to your policy - -During the policy-creation process in Configuration Manager, you can choose the apps you want to give access to your enterprise data through Windows Information Protection. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps. - -The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file. - ->[!IMPORTANT] ->Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.
Care must be taken to get a support statement from the software provider that their app is safe with Windows Information Protection before adding it to your **App rules** list. If you don't get this statement, it's possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
-
-### Add a store app rule to your policy
-For this example, we're going to add Microsoft OneNote, a store app, to the **App Rules** list.
-
-**To add a store app**
-
-1. From the **App rules** area, select **Add**.
-
- The **Add app rule** box appears.
-
- 
-
-2. Add a friendly name for your app into the **Title** box. In this example, it's *Microsoft OneNote*.
-
-3. Select **Allow** from the **Windows Information Protection mode** drop-down list.
-
- Allow turns on WIP, helping to protect that app's corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
-
-4. Pick **Store App** from the **Rule template** drop-down list.
-
- The box changes to show the store app rule options.
-
-5. Type the name of the app and the name of its publisher, and then select **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
-
-If you don't know the publisher or product name, you can find them for both desktop devices by following these steps.
-
-**To find the Publisher and Product Name values for Store apps without installing them**
-
-1. Go to the [Microsoft Store](https://apps.microsoft.com/) website, and find your app. For example, Microsoft OneNote.
-
- > [!NOTE]
- > If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in [Add an AppLocker policy file](#add-an-applocker-policy-file) in this article.
-
-2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is `https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl`, and you'd copy the ID value, `9wzdncrfhvjl`.
-
-3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata`, where `9wzdncrfhvjl` is replaced with your ID value.
-
- The API runs and opens a text editor with the app details.
-
- ```json
- {
- "packageIdentityName": "Microsoft.Office.OneNote",
- "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
- }
- ```
-
-4. Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
-
- > [!IMPORTANT]
- > The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that's using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as "CN=" followed by the `windowsPhoneLegacyId`.
- >
- > For example:
- >
- > ```json
- > {
- > "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
- > }
- > ```
-
-### Add a desktop app rule to your policy
-
-For this example, we're going to add Internet Explorer, a desktop app, to the **App Rules** list.
-
-**To add a desktop app to your policy**
-
-1. From the **App rules** area, select **Add**.
-
- The **Add app rule** box appears.
-
- 
-
-2. Add a friendly name for your app into the **Title** box. In this example, it's *Internet Explorer*.
-
-3. Select **Allow** from the **Windows Information Protection mode** drop-down list.
-
- Allow turns on WIP, helping to protect that app's corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section.
-
-4. Pick **Desktop App** from the **Rule template** drop-down list.
-
- The box changes to show the desktop app rule options.
-
-5. Pick the options you want to include for the app rule (see table), and then select **OK**.
-
- |Option|Manages|
- |--- |--- |
- |All fields left as "*"|All files signed by any publisher. (Not recommended.)|
- |**Publisher** selected|All files signed by the named publisher. This might be useful if your company is the publisher and signer of internal line-of-business apps.|
- |**Publisher** and **Product Name** selected|All files for the specified product, signed by the named publisher.|
- |**Publisher**, **Product Name**, and **Binary name** selected|Any version of the named file or package for the specified product, signed by the named publisher.|
- |**Publisher**, **Product Name**, **Binary name**, and **File Version, and above**, selected|Specified version or newer releases of the named file or package for the specified product, signed by the named publisher. This option is recommended for enlightened apps that weren't previously enlightened.|
- |**Publisher**, **Product Name**, **Binary name**, and **File Version, And below** selected|Specified version or older releases of the named file or package for the specified product, signed by the named publisher.|
- |**Publisher**, **Product Name**, **Binary name**, and **File Version, Exactly** selected|Specified version of the named file or package for the specified product, signed by the named publisher.|
-
-If you're unsure about what to include for the publisher, you can run this PowerShell command:
-
-```powershell
-Get-AppLockerFileInformation -Path " After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn WIP protection back on. For more information, see [How to disable Windows Information Protection](how-to-disable-wip.md).|
-
-:::image type="content" alt-text="Create Configuration Item wizard, choose your WIP-protection level" source="images/wip-configmgr-appmgmt.png":::
-
-## Define your enterprise-managed identity domains
-Corporate identity, usually expressed as your primary internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you've marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies.
-
-You can specify multiple domains owned by your enterprise by separating them with the `|` character. For example, `contoso.com|newcontoso.com`. With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list.
-
-**To add your corporate identity**
-
-- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
-
- 
-
-## Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
-
-There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise's range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
-
->[!IMPORTANT]
->Every WIP policy should include policy that defines your enterprise network locations. After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn Windows Information Protection back on. |
-
-## Turn off WIP
-You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn't recommended. If you choose to turn off WIP, you can always turn it back on, but your decryption and policy info won't be automatically reapplied.
-
-## Next steps
-
-After you decide to use WIP in your environment, [create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md).
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
deleted file mode 100644
index fc9dfc237c..0000000000
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ /dev/null
@@ -1,50 +0,0 @@
----
-title: Recommended URLs for Windows Information Protection
-description: Recommended URLs to add to your Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP).
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/25/2019
----
-
-# Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
-We recommend that you add the following URLs to the Enterprise Cloud Resources and Neutral Resources network settings when you create a Windows Information Protection policy. If you are using Intune, the SharePoint entries may be added automatically.
-
-## Recommended Enterprise Cloud Resources
-
-This table includes the recommended URLs to add to your Enterprise Cloud Resources network setting, based on the apps you use in your organization.
-
-|If your organization uses... |Add these entries to your Enterprise Cloud Resources network setting
- This is the XML file that AppLocker creates for Microsoft Photos.
-
- ```xml
-
->Classless Inter-Domain Routing (CIDR) notation isn't supported for WIP configurations.
-
-**To define where your protected apps can find and send enterprise data on your network**
-
-1. Add additional network locations your apps can access by clicking **Add**.
-
- The **Add or edit corporate network definition** box appears.
-
-2. Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
-
- 
-
- - **Enterprise Cloud Resources**: Specify the cloud resources to be treated as corporate and protected by WIP.
-
- For each cloud resource, you may also optionally specify a proxy server from your internal proxy servers list to route traffic for this cloud resource. All traffic routed through your internal proxy servers is considered enterprise.
-
- If you have multiple resources, you must separate them using the `|` delimiter. If you don't use proxy servers, you must also include the `,` delimiter just before the `|`. For example: URL `<,proxy>|URL <,proxy>`.
-
- **Format examples**:
-
- - **With proxy**: `contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com`
-
- - **Without proxy**: `contoso.sharepoint.com|contoso.visualstudio.com`
-
- >[!Important]
- > In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.
-
- - **Enterprise Network Domain Names (Required)**: Specify the DNS suffixes used in your environment. All traffic to the fully qualified domains appearing in this list will be protected.
-
- This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.
-
- If you have multiple resources, you must separate them using the "," delimiter.
-
- **Format examples**: `corp.contoso.com,region.contoso.com`
-
- - **Proxy servers**: Specify the proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
- This list shouldn't include any servers listed in your Internal proxy servers list. Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
-
- If you have multiple resources, you must separate them using the ";" delimiter.
-
- **Format examples**: `proxy.contoso.com:80;proxy2.contoso.com:443`
-
- - **Internal proxy servers**: Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
- This list shouldn't include any servers listed in your Proxy servers list. Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
-
- If you have multiple resources, you must separate them using the ";" delimiter.
-
- **Format examples**: `contoso.internalproxy1.com;contoso.internalproxy2.com`
-
- - **Enterprise IPv4 Range (Required)**: Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
-
- If you have multiple ranges, you must separate them using the "," delimiter.
-
- **Format examples**:
-
- - **Starting IPv4 Address:** `3.4.0.1`
- - **Ending IPv4 Address:** `3.4.255.254`
- - **Custom URI:** `3.4.0.1-3.4.255.254, 10.0.0.1-10.255.255.254`
-
- - **Enterprise IPv6 Range**: Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.
-
- If you have multiple ranges, you must separate them using the "," delimiter.
-
- **Format examples**:
-
- - **Starting IPv6 Address:** `2a01:110::`
- - **Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff`
- - **Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff`
-
- - **Neutral Resources**: Specify your authentication redirection endpoints for your company. These locations are considered enterprise or personal, based on the context of the connection before the redirection.
-
- If you have multiple resources, you must separate them using the "," delimiter.
-
- **Format examples**: `sts.contoso.com,sts.contoso2.com`
-
-3. Add as many locations as you need, and then select **OK**.
-
- The **Add or edit corporate network definition** box closes.
-
-4. Decide if you want to Windows to look for additional network settings and if you want to show the WIP icon on your corporate files while in File Explorer.
-
- :::image type="content" alt-text="Create Configuration Item wizard, Add whether to search for additional network settings" source="images/wip-configmgr-optsettings.png":::
-
- - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Select this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network. Not configured is the default option.
-
- - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Select this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network. Not configured is the default option.
-
- - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware on corporate files in the File Explorer.** Select this box if you want the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but allowed apps, the icon overlay also appears on the app tile and with *Managed* text on the app name in the **Start** menu. Not configured is the default option.
-
-5. In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, select **Browse** to add a data recovery certificate for your policy.
-
- 
-
- After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees' local device drive. If somehow the employees' local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
-
- For more info about how to find and export your data recovery certificate, see [Data Recovery and Encrypting File System (EFS)](/previous-versions/tn-archive/cc512680(v=technet.10)). For more info about creating and verifying your EFS DRA certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
-
-## Choose your optional WIP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you'll be asked to decide if you want to add any optional WIP settings.
-
-
-
-**To set your optional settings**
-1. Choose to set any or all of the optional settings:
-
- - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
-
- - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
-
- - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
-
- - **Revoke local encryption keys during the unenrollment process.** Determines whether to revoke a user's local encryption keys from a device when it's unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
- - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-
- - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you're migrating between Mobile Device Management (MDM) solutions.
-
- - **Allow Azure RMS.** Enables secure sharing of files by using removable media such as USB drives. For more information about how RMS works with WIP, see [Create a WIP policy using Intune](create-wip-policy-using-intune-azure.md). To confirm what templates your tenant has, run [Get-AadrmTemplate](/powershell/module/aadrm/get-aadrmtemplate) from the [AADRM PowerShell module](/azure/information-protection/administer-powershell). If you don't specify a template, WIP uses a key from a default RMS template that everyone in the tenant will have access to.
-
-2. After you pick all of the settings you want to include, select **Summary**.
-
-## Review your configuration choices in the Summary screen
-After you've finished configuring your policy, you can review all of your info on the **Summary** screen.
-
-**To view the Summary screen**
-- Select the **Summary** button to review your policy choices, and then select **Next** to finish and to save your policy.
-
- 
-
- A progress bar appears, showing you progress for your policy. After it's done, select **Close** to return to the **Configuration Items** page.
-
-## Deploy the WIP policy
-After you've created your WIP policy, you'll need to deploy it to your organization's devices. For more information about your deployment options, see the following articles:
-
-- [Create configuration baselines in Configuration Manager](/mem/configmgr/compliance/deploy-use/create-configuration-baselines)
-
-- [How to deploy configuration baselines in Configuration Manager](/mem/configmgr/compliance/deploy-use/deploy-configuration-baselines)
-
-## Related articles
-
-- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
-
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
-
-- [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
deleted file mode 100644
index c73eda005f..0000000000
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ /dev/null
@@ -1,605 +0,0 @@
----
-title: Create a WIP policy in Intune
-description: Learn how to use the Microsoft Intune admin center to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: how-to
-ms.date: 07/15/2022
----
-
-# Create a Windows Information Protection policy in Microsoft Intune
-
-[!INCLUDE [Deprecate Windows Information Protection](includes/wip-deprecation.md)]
-
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
-
-## Differences between MDM and MAM for WIP
-
-You can create an app protection policy in Intune either with device enrollment for MDM or without device enrollment for MAM. The process to create either policy is similar, but there are important differences:
-
-- MAM has more **Access** settings for Windows Hello for Business.
-- MAM can [selectively wipe company data](/intune/apps-selective-wipe) from a user's personal device.
-- MAM requires an [Microsoft Entra ID P1 or P2 license](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).
-- A Microsoft Entra ID P1 or P2 license is also required for WIP auto-recovery, where a device can re-enroll and regain access to protected data. WIP auto-recovery depends on Microsoft Entra registration to back up the encryption keys, which requires device auto-enrollment with MDM.
-- MAM supports only one user per device.
-- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
-- Only MDM can use [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) policies.
-- If the same user and device are targeted for both MDM and MAM, the MDM policy will be applied to devices joined to Microsoft Entra ID. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access.
-
-
-## Prerequisites
-
-Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Microsoft Entra ID. MAM requires an [Microsoft Entra ID P1 or P2 license](/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). A Microsoft Entra ID P1 or P2 license is also required for WIP auto-recovery, where a device can re-enroll and regain access to protected data. WIP auto-recovery relies on Microsoft Entra registration to back up the encryption keys, which requires device auto-enrollment with MDM.
-
-## Configure the MDM or MAM provider
-
-1. Sign in to the Azure portal.
-
-2. Select **Microsoft Entra ID** > **Mobility (MDM and MAM)** > **Microsoft Intune**.
-
-3. Select **Restore Default URLs** or enter the settings for MDM or MAM user scope and select **Save**:
-
- 
-
-## Create a WIP policy
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-2. Open Microsoft Intune and select **Apps** > **App protection policies** > **Create policy**.
-
- 
-
-3. In the **App policy** screen, select **Add a policy**, and then fill out the fields:
-
- - **Name.** Type a name (required) for your new policy.
-
- - **Description.** Type an optional description.
-
- - **Platform.** Choose **Windows 10**.
-
- - **Enrollment state.** Choose **Without enrollment** for MAM or **With enrollment** for MDM.
-
- 
-
-4. Select **Protected apps** and then select **Add apps**.
-
- 
-
- You can add these types of apps:
-
- - [Recommended apps](#add-recommended-apps)
- - [Store apps](#add-store-apps)
- - [Desktop apps](#add-desktop-apps)
-
->[!NOTE]
->An application might return access denied errors after removing it from the list of protected apps. Rather than remove it from the list, uninstall and reinstall the application or exempt it from WIP policy.
-
-### Add recommended apps
-
-Select **Recommended apps** and select each app you want to access your enterprise data or select them all, and select **OK**.
-
-
-
-### Add Store apps
-
-Select **Store apps**, type the app product name and publisher, and select **OK**. For example, to add the Power BI Mobile App from the Store, type the following:
-
-- **Name**: Microsoft Power BI
-- **Publisher**: `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
-- **Product Name**: `Microsoft.MicrosoftPowerBIForWindows`
-
-
-
-To add multiple Store apps, select the ellipsis `…`.
-
-If you don't know the Store app publisher or product name, you can find them by following these steps.
-
-1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Power BI Mobile App*.
-
-2. Copy the ID value from the app URL. For example, the Power BI Mobile App ID URL is `https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1`, and you'd copy the ID value, `9nblgggzlxn1`.
-
-3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run `https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata`, where `9nblgggzlxn1` is replaced with your ID value.
-
- The API runs and opens a text editor with the app details.
-
- ```json
- {
- "packageIdentityName": "Microsoft.MicrosoftPowerBIForWindows",
- "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
- }
- ```
-
-4. Copy the `publisherCertificateName` value into the **Publisher** box and copy the `packageIdentityName` value into the **Name** box of Intune.
-
- >[!Important]
- >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that's using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.
- >
- > For example:
- >
- > ```json
- > {
- > "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
- > }
-
-
-
-### Add Desktop apps
-
-To add **Desktop apps**, complete the following fields, based on what results you want returned.
-
-|Field|Manages|
-|--- |--- |
-|All fields marked as `*`|All files signed by any publisher. (Not recommended and may not work)|
-|Publisher only|If you only fill out this field, you'll get all files signed by the named publisher. This might be useful if your company is the publisher and signer of internal line-of-business apps.|
-|Publisher and Name only|If you only fill out these fields, you'll get all files for the specified product, signed by the named publisher.|
-|Publisher, Name, and File only|If you only fill out these fields, you'll get any version of the named file or package for the specified product, signed by the named publisher.|
-|Publisher, Name, File, and Min version only|If you only fill out these fields, you'll get the specified version or newer releases of the named file or package for the specified product, signed by the named publisher. This option is recommended for enlightened apps that weren't previously enlightened.|
-|Publisher, Name, File, and Max version only|If you only fill out these fields, you'll get the specified version or older releases of the named file or package for the specified product, signed by the named publisher.|
-|All fields completed|If you fill out all fields, you'll get the specified version of the named file or package for the specified product, signed by the named publisher.|
-
-To add another Desktop app, select the ellipsis `…`. After you've entered the info into the fields, select **OK**.
-
-
-
-If you're unsure about what to include for the publisher, you can run this PowerShell command:
-
-```powershell
-Get-AppLockerFileInformation -Path "
- This is the XML file that AppLocker creates for Microsoft Dynamics 365.
-
- ```xml
-
-
After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn WIP protection back on. For more information, see [How to disable Windows Information Protection](how-to-disable-wip.md).|
-
-2. Select **Save**.
-
-## Define your enterprise-managed corporate identity
-Corporate identity, typically expressed as your primary Internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you've marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies.
-
-Starting with Windows 10, version 1703, Intune automatically determines your corporate identity and adds it to the **Corporate identity** field.
-
-**To change your corporate identity**
-
-1. From **App policy**, select the name of your policy, and then select **Required settings**.
-
-2. If the auto-defined identity isn't correct, you can change the info in the **Corporate identity** field.
-
- 
-
-3. To add domains, such your email domain names, select **Configure Advanced settings** > **Add network boundary** and select **Protected domains**.
-
- 
-
-## Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network. Every WIP policy should include your enterprise network locations.
-
-There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise's range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
-
-To define the network boundaries, select **App policy** > the name of your policy > **Advanced settings** > **Add network boundary**.
-
-
-
-Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the options covered in the following subsections, and then select **OK**.
-
-### Cloud resources
-
-Specify the cloud resources to be treated as corporate and protected by WIP.
-For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource.
-All traffic routed through your Internal proxy servers is considered enterprise.
-
-Separate multiple resources with the "|" delimiter.
-For example:
-
-```console
-URL <,proxy>|URL <,proxy>
-```
-
-Personal applications can access a cloud resource that has a blank space or an invalid character, such as a trailing dot in the URL.
-
-To add a subdomain for a cloud resource, use a period (.) instead of an asterisk (*). For example, to add all subdomains within Office.com, use ".office.com" (without the quotation marks).
-
-In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can't tell whether it's attempting to connect to an enterprise cloud resource or to a personal site.
-In this case, Windows blocks the connection by default.
-To stop Windows from automatically blocking these connections, you can add the `/*AppCompat*/` string to the setting.
-For example:
-
-```console
-URL <,proxy>|URL <,proxy>|/*AppCompat*/
-```
-
-When you use this string, we recommend that you also turn on [Microsoft Entra Conditional Access](/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.
-
-Value format with proxy:
-
-```console
-contoso.sharepoint.com,contoso.internalproxy1.com|contoso.visualstudio.com,contoso.internalproxy2.com
-```
-
-Value format without proxy:
-
-```console
-contoso.sharepoint.com|contoso.visualstudio.com|contoso.onedrive.com,
-```
-
-### Protected domains
-
-Specify the domains used for identities in your environment.
-All traffic to the fully qualified domains appearing in this list will be protected.
-Separate multiple domains with the "|" delimiter.
-
-```console
-exchange.contoso.com|contoso.com|region.contoso.com
-```
-
-### Network domains
-
-Specify the DNS suffixes used in your environment.
-All traffic to the fully qualified domains appearing in this list will be protected.
-Separate multiple resources with the "," delimiter.
-
-```console
-corp.contoso.com,region.contoso.com
-```
-
-### Proxy servers
-
-Specify the proxy servers your devices will go through to reach your cloud resources.
-Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
-This list shouldn't include any servers listed in your Internal proxy servers list.
-Proxy servers must be used only for non-WIP-protected (non-enterprise) traffic.
-Separate multiple resources with the ";" delimiter.
-
-```console
-proxy.contoso.com:80;proxy2.contoso.com:443
-```
-
-### Internal proxy servers
-
-Specify the internal proxy servers your devices will go through to reach your cloud resources. Using this server type indicates that the cloud resources you're connecting to are enterprise resources.
-
-This list shouldn't include any servers listed in your Proxy servers list.
-Internal proxy servers must be used only for WIP-protected (enterprise) traffic.
-Separate multiple resources with the ";" delimiter.
-
-```console
-contoso.internalproxy1.com;contoso.internalproxy2.com
-```
-
-### IPv4 ranges
-
-Specify the addresses for a valid IPv4 value range within your intranet.
-These addresses, used with your Network domain names, define your corporate network boundaries.
-Classless Inter-Domain Routing (CIDR) notation isn't supported.
-
-Separate multiple ranges with the "," delimiter.
-
-**Starting IPv4 Address:** 3.4.0.1
-**Ending IPv4 Address:** 3.4.255.254
-**Custom URI:** 3.4.0.1-3.4.255.254,
-10.0.0.1-10.255.255.254
-
-### IPv6 ranges
-
-Starting with Windows 10, version 1703, this field is optional.
-
-Specify the addresses for a valid IPv6 value range within your intranet.
-These addresses, used with your network domain names, define your corporate network boundaries.
-Classless Inter-Domain Routing (CIDR) notation isn't supported.
-
-Separate multiple ranges with the "," delimiter.
-
-**Starting IPv6 Address:** `2a01:110::`
-**Ending IPv6 Address:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff`
-**Custom URI:** `2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,'
'fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff`
-
-### Neutral resources
-
-Specify your authentication redirection endpoints for your company.
-These locations are considered enterprise or personal, based on the context of the connection before the redirection.
-Separate multiple resources with the "," delimiter.
-
-```console
-sts.contoso.com,sts.contoso2.com
-```
-
-Decide if you want Windows to look for more network settings:
-
-- **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Turn on if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you turn this off, Windows will search for more proxy servers in your immediate network.
-
-- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Turn on if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you turn this off, Windows will search for more IP ranges on any domain-joined devices connected to your network.
-
-
-
-## Upload your Data Recovery Agent (DRA) certificate
-After you create and deploy your WIP policy to your employees, Windows begins to encrypt your corporate data on the employees' local device drive. If somehow the employees' local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the Data Recovery Agent (DRA) certificate lets Windows use an included public key to encrypt the local data while you maintain the private key that can unencrypt the data.
-
->[!Important]
->Using a DRA certificate isn't mandatory. However, we strongly recommend it. For more info about how to find and export your data recovery certificate, see [Data Recovery and Encrypting File System (EFS)](/previous-versions/tn-archive/cc512680(v=technet.10)). For more info about creating and verifying your EFS DRA certificate, see [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate).
-
-**To upload your DRA certificate**
-1. From **App policy**, select the name of your policy, and then select **Advanced settings** from the menu that appears.
-
- **Advanced settings** shows.
-
-2. In the **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, select **Browse** to add a data recovery certificate for your policy.
-
- 
-
-## Choose your optional WIP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you can choose optional settings.
-
-
-
-**Revoke encryption keys on unenroll.** Determines whether to revoke a user's local encryption keys from a device when it's unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
-- **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-
-- **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you're migrating between Mobile Device Management (MDM) solutions.
-
-**Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
-
-- **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Also, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
-
-- **Off, or not configured (recommended).** Stops the Windows Information Protection icon overlay from appearing on corporate files or unenlightened, but protected apps. Not configured is the default option.
-
-**Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](/azure/information-protection/what-is-azure-rms) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared with employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they're copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template's license. Only users with permission to that template can read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](/windows/client-management/mdm/enterprisedataprotection-csp).
-
-- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn't actually apply Azure Information Protection to the files.
-
- If you don't specify an [RMS template](/information-protection/deploy-use/configure-custom-templates), it's a regular EFS file using a default RMS template that all users can access.
-
-- **Off, or not configured.** Stops WIP from encrypting Azure Rights Management files that are copied to a removable drive.
-
- > [!NOTE]
- > Regardless of this setting, all files in OneDrive for Business will be encrypted, including moved Known Folders.
-
-**Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
-
-- **On.** Starts Windows Search Indexer to index encrypted files.
-
-- **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
-
-## Encrypted file extensions
-
-You can restrict which files are protected by WIP when they're downloaded from an SMB share within your enterprise network locations. If this setting is configured, only files with the extensions in the list will be encrypted. If this setting is not specified, the existing auto-encryption behavior is applied.
-
-
-
-## Related articles
-
-- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)
-
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
-
-- [What is Azure Rights Management?](/information-protection/understand-explore/what-is-azure-rms)
-
-- [Create a Windows Information Protection (WIP) protection policy using Microsoft Intune](overview-create-wip-policy.md)
-
-- [Intune MAM Without Enrollment](/archive/blogs/configmgrdogs/intune-mam-without-enrollment)
-
-- [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/)
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
deleted file mode 100644
index 0269f73fe5..0000000000
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
-description: After you've created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/05/2019
-ms.reviewer:
----
-
-# Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-After you've created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. Enrollment can be done for business or personal devices, allowing the devices to use your managed apps and to sync with your managed content and information.
-
-## To deploy your WIP policy
-
-1. On the **App protection policies** pane, click your newly created policy, click **Assignments**, and then select groups to include or exclude from the policy.
-
-2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
-
- The policy is deployed to the selected users' devices.
-
- 
-
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
-
-## Related topics
-
-- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
deleted file mode 100644
index 1660b49f10..0000000000
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ /dev/null
@@ -1,111 +0,0 @@
----
-title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
-description: Learn the difference between enlightened and unenlightened apps. Find out which enlightened apps are provided by Microsoft. Learn how to allow-list them.
-ms.reviewer:
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 05/02/2019
----
-
-# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
-
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.
-
-## Enlightened versus unenlightened apps
-Apps can be enlightened or unenlightened:
-
-- **Enlightened apps** can differentiate between corporate and personal data, correctly determining which to protect, based on your policies.
-
-- **Unenlightened apps** consider all data corporate and encrypt everything. Typically, you can tell an unenlightened app because:
-
- - Windows Desktop shows it as always running in enterprise mode.
-
- - Windows **Save As** experiences only allow you to save your files as enterprise.
-
-- **Windows Information Protection-work only apps** are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode.
-
-## List of enlightened Microsoft apps
-Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
-
-- Microsoft 3D Viewer
-
-- Microsoft Edge
-
-- Internet Explorer 11
-
-- Microsoft People
-
-- Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
-
-- Microsoft 365 Apps for enterprise apps, including Word, Excel, PowerPoint, OneNote, and Outlook
-
-- OneDrive app
-
-- OneDrive sync client (OneDrive.exe, the next generation sync client)
-
-- Microsoft Photos
-
-- Groove Music
-
-- Notepad
-
-- Microsoft Paint
-
-- Microsoft Movies & TV
-
-- Microsoft Messaging
-
-- Microsoft Remote Desktop
-
-- Microsoft To Do
-
-> [!NOTE]
-> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from Windows Information Protection policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning.
-
-## List of WIP-work only apps from Microsoft
-Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with Windows Information Protection and MAM solutions.
-
-- Skype for Business
-
-- Microsoft Teams (build 1.3.00.12058 and later)
-
-## Adding enlightened Microsoft apps to the allowed apps list
-
-> [!NOTE]
-> As of January 2019 it is no longer necessary to add Intune Company Portal as an exempt app since it is now included in the default list of protected apps.
-
-You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and Microsoft Configuration Manager.
-
-
-| Product name | App info |
-|------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Microsoft 3D Viewer | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Microsoft3DViewer
**App Type:** Universal app |
-| Microsoft Edge | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.MicrosoftEdge
**App Type:** Universal app |
-| Microsoft People | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.People
**App Type:** Universal app |
-| Word Mobile | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.Word
**App Type:** Universal app |
-| Excel Mobile | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.Excel
**App Type:** Universal app |
-| PowerPoint Mobile | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.PowerPoint
**App Type:** Universal app |
-| OneNote | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Office.OneNote
**App Type:** Universal app |
-| Outlook Mail and Calendar | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** microsoft.windowscommunicationsapps
**App Type:** Universal app |
-| Microsoft 365 Apps for enterprise and Office 2019 Professional Plus | Microsoft 365 Apps for enterprise and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for Windows Information Protection.
We don't recommend setting up Office by using individual paths or publisher rules. |
-| Microsoft Photos | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Windows.Photos
**App Type:** Universal app |
-| Groove Music | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneMusic
**App Type:** Universal app |
-| Microsoft Movies & TV | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneVideo
**App Type:** Universal app |
-| Microsoft Messaging | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Messaging
**App Type:** Universal app |
-| IE11 | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** iexplore.exe
**App Type:** Desktop app |
-| OneDrive Sync Client | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** onedrive.exe
**App Type:** Desktop app |
-| OneDrive app | **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Microsoftskydrive
Product Version:Product version: 17.21.0.0 (and later)
**App Type:** Universal app |
-| Notepad | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** notepad.exe
**App Type:** Desktop app |
-| Microsoft Paint | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app |
-| Microsoft Remote Desktop | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mstsc.exe
**App Type:** Desktop app |
-| Microsoft MAPI Repair Tool | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** fixmapi.exe
**App Type:** Desktop app |
-| Microsoft To Do | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Todos
**App Type:** Store app |
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
deleted file mode 100644
index f98f1a7125..0000000000
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: General guidance and best practices for Windows Information Protection (WIP)
-description: Find resources about apps that can work with Windows Information Protection (WIP) to protect data. Enlightened apps can tell corporate and personal data apart.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# General guidance and best practices for Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-This section includes info about the enlightened Microsoft apps, including how to add them to your allowed apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP).
-
-## In this section
-
-|Topic |Description |
-|------|------------|
-|[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. |
-|[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |Learn the difference between enlightened and unenlightened app behaviors. |
-|[Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](recommended-network-definitions-for-wip.md) |Recommended additions for the Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP). |
-|[Using Outlook on the web with Windows Information Protection (WIP)](using-owa-with-wip.md) |Options for using Outlook on the web with Windows Information Protection (WIP). |
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
deleted file mode 100644
index f30aaac954..0000000000
--- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
+++ /dev/null
@@ -1,124 +0,0 @@
----
-title: How to disable Windows Information Protection (WIP)
-description: How to disable Windows Information Protection (WIP) in Microsoft Intune or Microsoft Configuration Manager.
-ms.date: 07/21/2022
-ms.topic: how-to
-author: lizgt2000
-ms.author: lizlong
-ms.reviewer: aaroncz
-manager: aaroncz
----
-
-# How to disable Windows Information Protection (WIP)
-
-[!INCLUDE [wip-deprecation](includes/wip-deprecation.md)]
-
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-## Use Intune to disable WIP
-
-To disable Windows Information Protection (WIP) using Intune, you have the following options:
-
-### Option 1 - Unassign the WIP policy (preferred)
-
-When you unassign an existing policy, it removes the intent to deploy WIP from those devices. When that intent is removed, the device removes protection for files and the configuration for WIP. For more information, see [Assign user and device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign).
-
-### Option 2 - Change current WIP policy to off
-
-If you're currently deploying a WIP policy for enrolled or unenrolled devices, you switch the WIP policy to Off. When devices check in after this change, the devices will proceed to unprotect files previously protected by WIP.
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Open Microsoft Intune and select **Apps** > **App protection policies**.
-1. Select the existing policy to turn off, and then select the **Properties**.
-1. Edit **Required settings**.
- :::image type="content" alt-text="Intune App Protection policy properties, required settings, with WIP mode Off." source="images/intune-edit-app-protection-policy-mode-off.png":::
-1. Set **Windows Information Protection mode** to off.
-1. After making this change, select **Review and Save**.
-1. Select **Save**.
-
-> [!NOTE]
-> **Another option is to create a disable policy that sets WIP to Off.**
->
-> You can create a separate disable policy for WIP (both enrolled and unenrolled) and deploy that to a new group. You then can stage the transition to this disabled state. Move devices from the existing group to the new group. This process slowly migrates devices instead of all at once.
-
-### Revoke local encryption keys during the unenrollment process
-
-Determine whether to revoke a user's local encryption keys from a device when it's unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
-- Yes, or not configured. Revokes local encryption keys from a device during unenrollment.
-- No (recommended). Stop local encryption keys from being revoked from a device during unenrollment.
-
-## Use Configuration Manager to disable WIP
-
-To disable Windows Information Protection (WIP) using Configuration Manager, create a new configuration item that turns off WIP. Configure that new object for your environment to match the existing policy, except for disabling WIP. Then deploy the new policy, and move devices into the new collection.
-
-> [!WARNING]
-> Don't just delete your existing WIP policy. If you delete the old policy, Configuration Manager stops sending further WIP policy updates, but also leaves WIP enforced on the devices. To remove WIP from your managed devices, follow the steps in this section to create a new policy to turn off WIP.
-
-### Create a WIP policy
-
-To disable WIP for your organization, first create a configuration item.
-
-1. Open the Configuration Manager console, select the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
-
-2. Select the **Create Configuration Item** button.
- The **Create Configuration Item Wizard** starts.
-
- 
-
-3. On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-
-4. In the **Specify the type of configuration item you want to create** area, select **Windows 10 or later** for devices managed with the Configuration Manager client, and then select **Next**.
-
-5. On the **Supported Platforms** screen, select the **Windows 10** box, and then select **Next**.
-
-6. On the **Device Settings** screen, select **Windows Information Protection**, and then select **Next**.
-
-The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization. The following sections provide details on the required settings on this page.
-
-> [!TIP]
-> For more information on filling out the required fields, see [Create and deploy a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr).
-
-#### Turn off WIP
-
-Of the four options to specify the restriction mode, select **Off** to turn off Windows Information Protection.
-
-:::image type="content" alt-text="Create Configuration Item wizard, choose your WIP-protection level." source="images/wip-configmgr-disable-wip.png":::
-
-#### Specify the corporate identity
-
-Paste the value of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
-
-
-
-> [!IMPORTANT]
-> This corporate identity value must match the string in the original policy. Copy and paste the string from your original policy that enables WIP.
-
-#### Specify the corporate network definition
-
-For the **Corporate network definition**, select **Add** to specify the necessary network locations. The **Add or edit corporate network definition** box appears. Add the required fields.
-
-> [!IMPORTANT]
-> These corporate network definitions must match the original policy. Copy and paste the strings from your original policy that enables WIP.
-
-#### Specify the data recovery agent certificate
-
-In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, select **Browse** to add a data recovery certificate for your policy. This certificate should be the same as the original policy that enables WIP.
-
-
-
-### Deploy the WIP policy
-
-After you've created the new policy to turn off WIP, deploy it to your organization's devices. For more information about deployment options, see the following articles:
-
-- [Create a configuration baseline that includes the new configuration item](/mem/configmgr/compliance/deploy-use/create-configuration-baselines).
-
-- [Create a new collection](/mem/configmgr/core/clients/manage/collections/create-collections).
-
-- [Deploy the baseline to the collection](/mem/configmgr/compliance/deploy-use/deploy-configuration-baselines).
-
-- Move devices from the old collection to new collection.
diff --git a/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png b/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png
deleted file mode 100644
index 12d4f6eefd..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/access-wip-learning-report.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-a-mobile-app-policy.png b/windows/security/information-protection/windows-information-protection/images/add-a-mobile-app-policy.png
deleted file mode 100644
index 31f979f9f1..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-a-mobile-app-policy.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-a-protected-store-app.png b/windows/security/information-protection/windows-information-protection/images/add-a-protected-store-app.png
deleted file mode 100644
index 8522b463a7..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-a-protected-store-app.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-protected-apps.png b/windows/security/information-protection/windows-information-protection/images/add-protected-apps.png
deleted file mode 100644
index c702a0acff..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-protected-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png b/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png
deleted file mode 100644
index 848ff120a2..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/add-protected-domains.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png b/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png
deleted file mode 100644
index 345093afc8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/create-app-protection-policy.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png b/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png
deleted file mode 100644
index b33322202c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/exempt-apps.png b/windows/security/information-protection/windows-information-protection/images/exempt-apps.png
deleted file mode 100644
index 59b0ebd268..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/exempt-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/import-protected-apps.png b/windows/security/information-protection/windows-information-protection/images/import-protected-apps.png
deleted file mode 100644
index eefe2c57d4..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/import-protected-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-before-begin.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-before-begin.png
deleted file mode 100644
index 3f6a79c8d6..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-before-begin.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-permissions.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-permissions.png
deleted file mode 100644
index 901c861793..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-permissions.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher-with-app.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher-with-app.png
deleted file mode 100644
index 29f08e03f0..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher-with-app.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher.png
deleted file mode 100644
index 42da98610a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-publisher.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-applocker-select-apps.png b/windows/security/information-protection/windows-information-protection/images/intune-applocker-select-apps.png
deleted file mode 100644
index 38ba06d474..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-applocker-select-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-edit-app-protection-policy-mode-off.png b/windows/security/information-protection/windows-information-protection/images/intune-edit-app-protection-policy-mode-off.png
deleted file mode 100644
index e5cb84a44e..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-edit-app-protection-policy-mode-off.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-local-security-export.png b/windows/security/information-protection/windows-information-protection/images/intune-local-security-export.png
deleted file mode 100644
index 56b27c2387..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-local-security-export.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin-updated.png b/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin-updated.png
deleted file mode 100644
index d794b8976c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin-updated.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin.png b/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin.png
deleted file mode 100644
index 492f3fc50a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/intune-local-security-snapin.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/mobility-provider.png b/windows/security/information-protection/windows-information-protection/images/mobility-provider.png
deleted file mode 100644
index 280a0531dc..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/mobility-provider.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/path-condition.png b/windows/security/information-protection/windows-information-protection/images/path-condition.png
deleted file mode 100644
index 6aaf295bcc..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/path-condition.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/recommended-apps.png b/windows/security/information-protection/windows-information-protection/images/recommended-apps.png
deleted file mode 100644
index 658cbb343b..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/recommended-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png
deleted file mode 100644
index 141e7a1819..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/select-path.png b/windows/security/information-protection/windows-information-protection/images/select-path.png
deleted file mode 100644
index 0fd5274d45..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/select-path.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-default-rule-warning.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-default-rule-warning.png
deleted file mode 100644
index 50440a4fc8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-default-rule-warning.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-1.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-1.png
deleted file mode 100644
index 709ff73d25..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-1.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-create.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-create.png
deleted file mode 100644
index 74497fd6ab..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-create.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-export.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-export.png
deleted file mode 100644
index 1f5d20dffa..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-export.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-1.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-1.png
deleted file mode 100644
index 0ced278421..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-1.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-2.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-2.png
deleted file mode 100644
index e399d8aa66..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-2.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-3.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-3.png
deleted file mode 100644
index 0ac48ca032..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-3.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-4.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-4.png
deleted file mode 100644
index c924430a97..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-4.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-5.png b/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-5.png
deleted file mode 100644
index 4b5e707aec..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-applocker-secpol-wizard-5.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-desktop-apps.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-add-desktop-apps.png
deleted file mode 100644
index 1d1aff1a0c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-desktop-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png
deleted file mode 100644
index 34c89b37a9..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-add-user-groups.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-efsdra.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-efsdra.png
deleted file mode 100644
index 59e2071bd8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-efsdra.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png
deleted file mode 100644
index 7fff387ab2..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network-autodetect.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png
deleted file mode 100644
index 9fbe37d56d..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png
deleted file mode 100644
index 785925efdf..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-optional.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-import-apps.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-import-apps.png
deleted file mode 100644
index 01489c8059..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-import-apps.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png
deleted file mode 100644
index 752ea852ce..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-corp-identity.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png
deleted file mode 100644
index 734f23b46c..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-required-settings-protection-mode.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-add-network-domain.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-add-network-domain.png
deleted file mode 100644
index 6f5e80d670..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-add-network-domain.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addapplockerfile.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addapplockerfile.png
deleted file mode 100644
index 6cd571b404..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addapplockerfile.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adddesktopapp.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adddesktopapp.png
deleted file mode 100644
index 5da4686e3f..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adddesktopapp.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-additionalsettings.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-additionalsettings.png
deleted file mode 100644
index 89c1eae2a8..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-additionalsettings.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addpolicy.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addpolicy.png
deleted file mode 100644
index 49613b5587..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-addpolicy.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adduniversalapp.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adduniversalapp.png
deleted file mode 100644
index b2fc9ee966..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-adduniversalapp.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-appmgmt.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-appmgmt.png
deleted file mode 100644
index 8af8967001..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-appmgmt.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-corp-identity.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-corp-identity.png
deleted file mode 100644
index 940d60acf1..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-corp-identity.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-devicesettings.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-devicesettings.png
deleted file mode 100644
index bee8ddfb1a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-devicesettings.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-disable-wip.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-disable-wip.png
deleted file mode 100644
index f1cf7c107d..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-disable-wip.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-dra.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-dra.png
deleted file mode 100644
index cc58cdb34a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-dra.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen-off.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen-off.png
deleted file mode 100644
index ab05d9607a..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen-off.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen.png
deleted file mode 100644
index 2d6cadb5c6..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-generalscreen.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-optsettings.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-optsettings.png
deleted file mode 100644
index f3d12e7f2f..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-optsettings.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-summaryscreen.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-summaryscreen.png
deleted file mode 100644
index 5cae0416bd..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-summaryscreen.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-supportedplat.png b/windows/security/information-protection/windows-information-protection/images/wip-configmgr-supportedplat.png
deleted file mode 100644
index c09ff3cfc3..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-configmgr-supportedplat.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png b/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png
deleted file mode 100644
index 8ec000d2a7..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-encrypted-file-extensions.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-app-info.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-app-info.png
deleted file mode 100644
index 09539d6773..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-app-info.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-choose-store-or-desktop-app.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-choose-store-or-desktop-app.png
deleted file mode 100644
index 2393cc7eca..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-choose-store-or-desktop-app.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png b/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png
deleted file mode 100644
index 926a3c4473..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-learning-select-report.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-select-column.png b/windows/security/information-protection/windows-information-protection/images/wip-select-column.png
deleted file mode 100644
index d4e8a9e7a0..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-select-column.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/images/wip-taskmgr.png b/windows/security/information-protection/windows-information-protection/images/wip-taskmgr.png
deleted file mode 100644
index d69e829d65..0000000000
Binary files a/windows/security/information-protection/windows-information-protection/images/wip-taskmgr.png and /dev/null differ
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
deleted file mode 100644
index 783f627a5c..0000000000
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-title: Limitations while using Windows Information Protection (WIP)
-description: This section includes info about the common problems you might encounter while using Windows Information Protection (WIP).
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: conceptual
-ms.date: 04/05/2019
----
-
-# Limitations while using Windows Information Protection (WIP)
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-This following list provides info about the most common problems you might encounter while running Windows Information Protection in your organization.
-
-- **Limitation**: Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.
- - **How it appears**:
- - If you're using Azure RMS: Authenticated users can open enterprise data on USB drives, on computers running Windows 10, version 1703.
- - If you're not using Azure RMS: Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.
-
- - **Workaround**: Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.
-
- We strongly recommend educating employees about how to limit or eliminate the need for this decryption.
-
-- **Limitation**: Direct Access is incompatible with Windows Information Protection.
- - **How it appears**: Direct Access might experience problems with how Windows Information Protection enforces app behavior and data movement because of how WIP determines what is and isn't a corporate network resource.
- - **Workaround**: We recommend that you use VPN for client access to your intranet resources.
-
- > [!NOTE]
- > VPN is optional and isn't required by Windows Information Protection.
-
-- **Limitation**: **NetworkIsolation** Group Policy setting takes precedence over MDM Policy settings.
- - **How it appears**: The **NetworkIsolation** Group Policy setting can configure network settings that can also be configured by using MDM. WIP relies on these policies being correctly configured.
- - **Workaround**: If you use both Group Policy and MDM to configure your **NetworkIsolation** settings, you must make sure that those same settings are deployed to your organization using both Group Policy and MDM.
-
-- **Limitation**: Cortana can potentially allow data leakage if it's on the allowed apps list.
- - **How it appears**: If Cortana is on the allowed list, some files might become unexpectedly encrypted after an employee performs a search using Cortana. Your employees will still be able to use Cortana to search and provide results on enterprise documents and locations, but results might be sent to Microsoft.
- - **Workaround**: We don't recommend adding Cortana to your allowed apps list. However, if you wish to use Cortana and don't mind whether the results potentially go to Microsoft, you can make Cortana an Exempt app.
-
-
-
-- **Limitation**: Windows Information Protection is designed for use by a single user per device.
- - **How it appears**: A secondary user on a device might experience app compatibility issues when unenlightened apps start to automatically encrypt for all users. Additionally, only the initial, enrolled user's content can be revoked during the unenrollment process.
- - **Workaround**: Have only one user per managed device.
- - If this scenario occurs, it may be possible to mitigate. Once protection is disabled, a second user can remove protection by changing the file ownership. Although the protection is in place, the file remains accessible to the user.
-
-- **Limitation**: Installers copied from an enterprise network file share might not work properly.
- - **How it appears**: An app might fail to properly install because it can't read a necessary configuration or data file, such as a .cab or .xml file needed for installation, which was protected by the copy action.
- - **Workaround**: To fix this, you can:
- - Start the installer directly from the file share.
-
- OR
-
- - Decrypt the locally copied files needed by the installer.
-
- OR
-
- - Mark the file share with the installation media as "personal". To do this, you'll need to set the Enterprise IP ranges as **Authoritative** and then exclude the IP address of the file server, or you'll need to put the file server on the Enterprise Proxy Server list.
-
-- **Limitation**: Changing your primary Corporate Identity isn't supported.
- - **How it appears**: You might experience various instabilities, including but not limited to network and file access failures, and potentially granting incorrect access.
- - **Workaround**: Turn off Windows Information Protection for all devices before changing the primary Corporate Identity (first entry in the list), restarting, and finally redeploying.
-
-- **Limitation**: Redirected folders with Client-Side Caching are not compatible with Windows Information Protection.
- - **How it appears**: Apps might encounter access errors while attempting to read a cached, offline file.
- - **Workaround**: Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.
-
- > [!NOTE]
- > For more info about Work Folders and Offline Files, see the [Work Folders and Offline Files support for Windows Information Protection blog](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and Windows Information Protection, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip).
-
-- **Limitation**: An unmanaged device can use Remote Desktop Protocol (RDP) to connect to a WIP-managed device.
- - **How it appears**:
- - Data copied from the WIP-managed device is marked as **Work**.
- - Data copied to the WIP-managed device is not marked as **Work**.
- - Local **Work** data copied to the WIP-managed device remains **Work** data.
- - **Work** data that is copied between two apps in the same session remains ** data.
-
- - **Workaround**: Disable RDP to prevent access because there is no way to restrict access to only devices managed by Windows Information Protection. RDP is disabled by default.
-
-- **Limitation**: You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer.
- - **How it appears**: A message appears stating that the content is marked as **Work** and the user isn't given an option to override to **Personal**.
- - **Workaround**: Open File Explorer and change the file ownership to **Personal** before you upload.
-
-- **Limitation**: ActiveX controls should be used with caution.
- - **How it appears**: Webpages that use ActiveX controls can potentially communicate with other outside processes that aren't protected by using Windows Information Protection.
- - **Workaround**: We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.
-
- For more info, see [Out-of-date ActiveX control blocking](/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).
-
-- **Limitation**: Resilient File System (ReFS) isn't currently supported with Windows Information Protection.
- - **How it appears**:Trying to save or transfer Windows Information Protection files to ReFS will fail.
- - **Workaround**: Format drive for NTFS, or use a different drive.
-
-- **Limitation**: Windows Information Protection isn't turned on if any of the following folders have the **MakeFolderAvailableOfflineDisabled** option set to **False**:
- - AppDataRoaming
- - Desktop
- - StartMenu
- - Documents
- - Pictures
- - Music
- - Videos
- - Favorites
- - Contacts
- - Downloads
- - Links
- - Searches
- - SavedGames
-
-
-
- - **How it appears**: Windows Information Protection isn't turned on for employees in your organization. Error code 0x807c0008 will result if Windows Information Protection is deployed by using Microsoft Configuration Manager.
- - **Workaround**: Don't set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders. You can configure this parameter, as described [Disable Offline Files on individual redirected folders](/windows-server/storage/folder-redirection/disable-offline-files-on-folders).
-
- If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports Windows Information Protection, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after Windows Information Protection is already in place, you might be unable to open your files offline.
-
- For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](/troubleshoot/windows-client/networking/error-open-files-offline-offline-files-wip).
-
-- **Limitation**: Only enlightened apps can be managed without device enrollment
- - **How it appears**: If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintentionally encrypted by unenlighted apps.
-
- Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment.
-
- - **Workaround**: If all apps need to be managed, enroll the device for MDM.
-
-- **Limitation**: By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encrypted by one user, other users can't access it.
- - **How it appears**: Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.
- - **Workaround**: If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.
-
-- **Limitation**: OneNote notebooks on OneDrive for Business must be properly configured to work with Windows Information Protection.
- - **How it appears**: OneNote might encounter errors syncing a OneDrive for Business notebook and suggest changing the file ownership to Personal. Attempting to view the notebook in OneNote Online in the browser will show an error and unable to view it.
- - **Workaround**: OneNote notebooks that are newly copied into the OneDrive for Business folder from File Explorer should get fixed automatically. To do this, follow these steps:
-
- 1. Close the notebook in OneNote.
- 2. Move the notebook folder via File Explorer out of the OneDrive for Business folder to another location, such as the Desktop.
- 3. Copy the notebook folder and Paste it back into the OneDrive for Business folder.
-
- Wait a few minutes to allow OneDrive to finish syncing & upgrading the notebook, and the folder should automatically convert to an Internet Shortcut. Opening the shortcut will open the notebook in the browser, which can then be opened in the OneNote client by using the "Open in app" button.
-
-- **Limitation**: Microsoft Office Outlook offline data files (PST and OST files) are not marked as **Work** files, and are therefore not protected.
- - **How it appears**: If Microsoft Office Outlook is set to work in cached mode (default setting), or if some emails are stored in a local PST file, the data is unprotected.
- - **Workaround**: It is recommended to use Microsoft Office Outlook in Online mode, or to use encryption to protect OST and PST files manually.
-
-> [!NOTE]
->
-> - When corporate data is written to disk, Windows Information Protection uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity. One caveat to keep in mind is that the Preview Pane in File Explorer will not work for encrypted files.
->
-> - Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
deleted file mode 100644
index c849026e4b..0000000000
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ /dev/null
@@ -1,29 +0,0 @@
----
-title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
-description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 05/25/2022
----
-
-# Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise.
-
-|Task|Description|
-|----|-----------|
-|Add at least one app of each type (Store and Desktop) to the **Protected apps** list in your WIP policy.|You must have at least one Store app and one Desktop app added to your **Protected apps** list. For more info about where this area is and how to add apps, see the **Add apps to your Protected apps list** section of the policy creation topics. |
-|Choose your Windows Information Protection protection level.|You must choose the level of protection you want to apply to your WIP-protected content, including **Allow Overrides**, **Silent**, or **Block**. For more info about where this area is and how to decide on your protection level, see the [Manage Windows Information Protection mode for your enterprise data](create-wip-policy-using-configmgr.md#manage-the-wip-protection-level-for-your-enterprise-data) section of the policy creation topics. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).|
-|Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it's incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics.
-|Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.
Specify the DNS suffixes used in your environment. All traffic to the fully qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.|
-|Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.
Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.|
-|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.
This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) topic.|
-
-
->[!NOTE]
->Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
deleted file mode 100644
index 25099e224a..0000000000
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager
-description: Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 02/26/2019
----
-
-# Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy. It lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-
-## In this section
-
-|Article |Description |
-|------|------------|
-|[Create and deploy a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md) |Microsoft Configuration Manager helps you create and deploy your WIP policy. And, lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
-|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
deleted file mode 100644
index 794a46361f..0000000000
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Create a Windows Information Protection (WIP) policy using Microsoft Intune
-description: Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/11/2019
----
-
-# Create a Windows Information Protection (WIP) policy using Microsoft Intune
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy. It also lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
-
-## In this section
-
-|Article |Description |
-|------|------------|
-|[Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md)|Details about how to use Microsoft Intune to create and deploy your WIP policy with MDM (Mobile Device Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
-|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
deleted file mode 100644
index 4135a203b8..0000000000
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ /dev/null
@@ -1,151 +0,0 @@
----
-title: Protect your enterprise data using Windows Information Protection
-description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud.
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.reviewer: rafals
-ms.topic: overview
-ms.date: 07/15/2022
----
-
-# Protect your enterprise data using Windows Information Protection (WIP)
-
-[!INCLUDE [Deprecate Windows Information Protection](includes/wip-deprecation.md)]
-
-
-_Applies to:_
-
-- Windows 10
-- Windows 11
-
-With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise's control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
-
-Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Azure Rights Management, another data protection technology, also works alongside WIP. It extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
-
->[!IMPORTANT]
->While Windows Information Protection can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data. For more information about the benefits WIP provides, see [Why use WIP?](#why-use-wip) later in this topic.
-
-## Video: Protect enterprise data from being accidentally copied to the wrong place
-
-> [!Video https://www.microsoft.com/videoplayer/embed/RE2IGhh]
-
-## Prerequisites
-You'll need this software to run Windows Information Protection in your enterprise:
-
-|Operating system | Management solution |
-|-----------------|---------------------|
-|Windows 10, version 1607 or later | Microsoft Intune
-OR-
Microsoft Configuration Manager
-OR-
Your current company-wide third party mobile device management (MDM) solution. For info about third party MDM solutions, see the documentation that came with your product. If your third party MDM doesn't have UI support for the policies, refer to the [EnterpriseDataProtection CSP](/windows/client-management/mdm/enterprisedataprotection-csp) documentation.|
-
-## What is enterprise data control?
-Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security. Another extreme is when people can't share anything and it's all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure.
-
-As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn't guarantee that the data will remain within the secured locations of the enterprise. So, access controls are a great start, they're not enough.
-
-In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don't allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls.
-
-### Using data loss prevention systems
-To help address this security insufficiency, companies developed data loss prevention (also known as DLP) systems. Data loss prevention systems require:
-- **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers.
-
-- **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries.
-
-- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft Purview Data Loss Prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
-
-Unfortunately, data loss prevention systems have their own problems. For example, the less detailed the rule set, the more false positives are created. This behavior can lead employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. Perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees' natural workflow. It can stop some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn't see and can't understand.
-
-### Using information rights management systems
-To help address the potential data loss prevention system problems, companies developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on.
-
-After the type of protection is set, the creating app encrypts the document so that only authorized people can open it, and even then, only in compatible apps. After an employee opens the document, the app becomes responsible for enforcing the specified protections. Because protection travels with the document, if an authorized person sends it to an unauthorized person, the unauthorized person won't be able to read or change it. However, for this to work effectively information rights management systems require you to deploy and set up both a server and client environment. And, because only compatible clients can work with protected documents, an employees' work might be unexpectedly interrupted if he or she attempts to use a non-compatible app.
-
-### And what about when an employee leaves the company or unenrolls a device?
-Finally, there's the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would erase all of the corporate data from the device, along with any other personal data on the device.
-
-## Benefits of WIP
-Windows Information Protection provides:
-- Obvious separation between personal and corporate data, without requiring employees to switch environments or apps.
-
-- Additional data protection for existing line-of-business apps without a need to update the apps.
-
-- Ability to wipe corporate data from Intune MDM enrolled devices while leaving personal data alone.
-
-- Use of audit reports for tracking issues and remedial actions.
-
-- Integration with your existing management system (Microsoft Intune, Microsoft Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage Windows Information Protection for your company.
-
-## Why use WIP?
-Windows Information Protection is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
-
-- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. Windows Information Protection helps protect enterprise on both corporate and employee-owned devices, even when the employee isn't using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally maintained as enterprise data.
-
-- **Manage your enterprise documents, apps, and encryption modes.**
-
- - **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using a WIP-protected device, WIP encrypts the data on the device.
-
- - **Using protected apps.** Managed apps (apps that you've included on the **Protected apps** list in your WIP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but makes a mistake and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn't paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
-
- - **Managed apps and restrictions.** With WIP you can control which apps can access and use your enterprise data. After adding an app to your protected apps list, the app is trusted with enterprise data. All apps not on this list are stopped from accessing your enterprise data, depending on your WIP management-mode.
-
- You don't have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in the protected apps list.
-
- - **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Hiding overrides stops the action immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without stopping anything that the employee could have overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
-
-
- - **Data encryption at rest.** Windows Information Protection helps protect enterprise data on local files and on removable media.
-
- Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies Windows Information Protection to the new document.
-
- - **Helping prevent accidental data disclosure to public spaces.** Windows Information Protection helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn't on your protected apps list, employees won't be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your protected apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally.
-
- - **Helping prevent accidental data disclosure to removable media.** Windows Information Protection helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn't.
-
-- **Remove access to enterprise data from enterprise-protected devices.** Windows Information Protection gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or if a device is stolen. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
-
- >[!NOTE]
- >For management of Surface devices it is recommended that you use the Current Branch of Microsoft Configuration Manager.
Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
-
-## How WIP works
-Windows Information Protection helps address your everyday challenges in the enterprise. Including:
-
-- Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down.
-
-- Reducing employee frustrations because of restrictive data management policies on enterprise-owned devices.
-
-- Helping to maintain the ownership and control of your enterprise data.
-
-- Helping control the network and data access and data sharing for apps that aren't enterprise aware
-
-### Enterprise scenarios
-Windows Information Protection currently addresses these enterprise scenarios:
-- You can encrypt enterprise data on employee-owned and corporate-owned devices.
-
-- You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data.
-
-- You can protect specific apps that can access enterprise data that are clearly recognizable to employees. You can also stop non-protected apps from accessing enterprise data.
-
-- Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn't required.
-
-### WIP-protection modes
-Enterprise data is automatically encrypted after it's loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, Windows Information Protection uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity.
-
-Your Windows Information Protection policy includes a list of trusted apps that are protected to access and process corporate data. This list of apps is implemented through the [AppLocker](/windows/device-security/applocker/applocker-overview) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don't have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it's personally owned.
-
->[!NOTE]
->For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
-
-You can set your Windows Information Protection policy to use 1 of 4 protection and management modes:
-
-|Mode|Description|
-|----|-----------|
-|Block |Windows Information Protection looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization's network.|
-|Allow overrides |Windows Information Protection looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log.|
-|Silent |Windows Information Protection runs silently, logging inappropriate data sharing, without stopping anything that would have been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.|
-|Off |Windows Information Protection is turned off and doesn't help to protect or audit your data.
(Replace "contoso" with your domain name(s)|
-|-----------------------------|---------------------------------------------------------------------|
-|Sharepoint Online |- `contoso.sharepoint.com`
- `contoso-my.sharepoint.com`
- `contoso-files.sharepoint.com` |
-|Viva Engage |- `www.yammer.com`
- `yammer.com`
- `persona.yammer.com` |
-|Outlook Web Access (OWA) |- `outlook.office.com`
- `outlook.office365.com`
- `attachments.office.net` |
-|Microsoft Dynamics |`contoso.crm.dynamics.com` |
-|Visual Studio Online |`contoso.visualstudio.com` |
-|Power BI |`contoso.powerbi.com` |
-|Microsoft Teams |`teams.microsoft.com` |
-|Other Office 365 services |- `tasks.office.com`
- `protection.office.com`
- `meet.lync.com`
- `project.microsoft.com` |
-
-You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.
-
-For Office 365 endpoints, see [Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges).
-Office 365 endpoints are updated monthly.
-Allow the domains listed in section number 46 "Allow Required" and add also add the apps.
-Note that apps from officeapps.live.com can also store personal data.
-
-When multiple files are selected from SharePoint Online or OneDrive, the files are aggregated and the URL can change. In this case, add an entry for a second-level domain and use a wildcard such as .svc.ms.
-
-
-## Recommended Neutral Resources
-We recommended adding these URLs if you use the Neutral Resources network setting with Windows Information Protection (WIP).
-
-- `login.microsoftonline.com`
-- `login.windows.net`
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
deleted file mode 100644
index 30c94d76be..0000000000
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ /dev/null
@@ -1,149 +0,0 @@
----
-title: Testing scenarios for Windows Information Protection (WIP)
-description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
-ms.reviewer:
-author: aczechowski
-ms.author: aaroncz
-manager: aaroncz
-ms.topic: conceptual
-ms.date: 03/05/2019
----
-
-# Testing scenarios for Windows Information Protection (WIP)
-**Applies to:**
-
-- Windows 10, version 1607 and later
-
-We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
-
-## Testing scenarios
-You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
-
->[!IMPORTANT]
->If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
-
-- **Encrypt and decrypt files using File Explorer**:
-
- 1. Open File Explorer, right-click a work document, and then click **Work** from the **File Ownership** menu.
-
- Make sure the file is encrypted by right-clicking the file again, clicking **Advanced** from the **General** tab, and then clicking **Details** from the **Compress or Encrypt attributes** area. The file should show up under the heading, **This enterprise domain can remove or revoke access:** `*
For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
+| Windows Information Protection | [Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) will no longer be developed in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection (WIP)](https://go.microsoft.com/fwlink/?linkid=2202124).
For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). | July 2022 |
| BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**
Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows client.
The following items might not be available in a future release of Windows client:
- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**
- Command line parameter: [`manage-bde -DiscoveryVolumeType`](/windows-server/administration/windows-commands/manage-bde-on) (-dv)
- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**
- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 |
| Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
| Windows Management Instrumentation command-line (WMIC) utility. | The WMIC utility is deprecated in Windows 10, version 21H1 and the 21H1 General Availability Channel release of Windows Server. This utility is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation applies to only the [command-line management utility](/windows/win32/wmisdk/wmic). WMI itself isn't affected. **[Update - January 2024]**: Currently, WMIC is a Feature on Demand (FoD) that's [preinstalled by default](/windows-hardware/manufacture/desktop/features-on-demand-non-language-fod#wmic) in Windows 11, versions 23H2 and 22H2. In the next release of Windows, the WMIC FoD will be disabled by default. | 21H1 |
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index 315ac95603..9c94a7e808 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -82,10 +82,7 @@ With the increase of employee-owned devices in the enterprise, there's also an i
Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
-- [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
-- [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
-
-[Learn more about Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
+[Learn more about Windows Information Protection (WIP)](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
### Windows Defender
@@ -107,7 +104,7 @@ With the growing threat from more sophisticated targeted attacks, a new security
### VPN security
- The VPN client can integrate with the Conditional Access Framework, a cloud-based policy engine built into Microsoft Entra ID, to provide a device compliance option for remote clients.
-- The VPN client can integrate with Windows Information Protection (WIP) policy to provide extra security. [Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
+- The VPN client can integrate with Windows Information Protection (WIP) policy to provide extra security. [Learn more about Windows Information Protection](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip), previously known as Enterprise Data Protection.
- New VPNv2 configuration service provider (CSP) adds configuration settings. For details, see [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
- Microsoft Intune: *VPN* profile template includes support for native VPN plug-ins. For more information, see [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure).
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index 6e5084a543..9f16b31604 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -158,9 +158,9 @@ Improvements have been added to Windows Information Protection and BitLocker.
Windows Information Protection is now designed to work with Microsoft Office and Azure Information Protection.
-Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure).
+Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Intune](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure).
-You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs).
+You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For more information, see [How to collect Windows Information Protection (WIP) audit event logs](/previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/collect-wip-audit-event-logs).
This release enables support for WIP with Files on Demand, allows file encryption while the file is open in another app, and improves performance. For more information, see [OneDrive files on-demand for the enterprise](https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/onedrive-files-on-demand-for-the-enterprise/ba-p/117234).