deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #388 from Erikre/patch-1

Browse Source 
Update create-wip-policy-using-mam-intune-azure.md
This commit is contained in:
Elizabeth Ross 2018-01-02 07:24:43 -08:00 committed by GitHub
commit 2bf1bba420
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/threat-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
View File

@ -72,10 +72,12 @@ After youve set up Intune for your organization, you must create a WIP-specif
>Optionally, you can also add your apps and set your settings from the **Add a policy** blade, but for the purposes of this documentation, we recommend instead that you create the policy first, and then use the subsequent menus that become available. >Optionally, you can also add your apps and set your settings from the **Add a policy** blade, but for the purposes of this documentation, we recommend instead that you create the policy first, and then use the subsequent menus that become available.
## Add apps to your Allowed apps list ## Add apps to your Allowed apps list
During the policy-creation process in Intune, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps. During the policy-creation process in Intune, you can choose the apps you want to allow, as well as deny, access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
The steps to add your apps are based on the type of template being applied. You can add a recommended app, a store app (also known as a Universal Windows Platform (UWP) app), or a signed Windows desktop app. You can also import a list of approved apps or add exempt apps. The steps to add your apps are based on the type of template being applied. You can add a recommended app, a store app (also known as a Universal Windows Platform (UWP) app), or a signed Windows desktop app. You can also import a list of approved apps or add exempt apps.
In addition, you can create an app deny list related to the policy based on an **action** value. The action can be either **Allow** or **Deny**. When you specify the deny action for an app using the policy, corporate access is denied to the app.
>[!Important] >[!Important]
>Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.<br><br>Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **Allowed apps** list. If you dont get this statement, its possible that you could experience app compatibility issues due to an app losing the ability to access a necessary file after revocation. >Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.<br><br>Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **Allowed apps** list. If you dont get this statement, its possible that you could experience app compatibility issues due to an app losing the ability to access a necessary file after revocation.
@ -647,4 +649,4 @@ After youve created your policy, you'll need to deploy it to your employees.
- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) - [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
- [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md) - [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md)