From 56ec734cade0f4b25a3e047b0ac4a45bed5879ed Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 13 Jul 2016 09:24:26 -0700 Subject: [PATCH 1/8] Created new topic for inclusion in the guidance area --- .../keep-secure/mandatory-settings-for-wip.md | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 windows/keep-secure/mandatory-settings-for-wip.md diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md new file mode 100644 index 0000000000..9c265848d2 --- /dev/null +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -0,0 +1,31 @@ +--- +title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) +description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +--- + +# Mandatory tasks and settings required to turn on Windows Information Protection (WIP) +**Applies to:** + +- Windows 10 Insider Preview +- Windows 10 Mobile Preview + +[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] + +This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. + +>**Important**
+All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md), based on the tool you're using in your enterprise. + + +|Task |Description | +|------------------------------------|--------------------------| +|Add at least one app rule in the **App rules** area in your WIP policy. |You must have at least one app rule specified in the **App rules** area of your WIP policy. For more info about where this area is and how to add an app rule, see the **Add individual apps to your Protected App list** section of the policy creation topics.| +|Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the EDP protection level for your enterprise data** section of the policy creation topics.| +|Specify your corporate identity. |You must specify your corporate identity, usually expressed as your primary Internet domain (for example, contoso.com). For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. | +|Specify your Enterprise Network Domain Names. |You must specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics. | +|Specify your Enterprise IPv4 Ranges. |Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. | +|Include your Data Recovery Agent (DRA) certificate. |This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the **Create and verify an Encrypting File System (EFS) DRA certificate for EDP** section of the policy creation topics. | \ No newline at end of file From be179441ece74f8c7868c131255860d7ba79b7a1 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 13 Jul 2016 09:25:45 -0700 Subject: [PATCH 2/8] Added new topic for mandatory tasks --- windows/keep-secure/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 504f41304c..f478cdc121 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -23,6 +23,7 @@ ##### [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md) #### [Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) ### [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md) +#### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md) #### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md) #### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md) ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) From 42bb28e4dfe877a4c1a96154da4e917136e8da71 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 15 Jul 2016 09:36:48 -0700 Subject: [PATCH 3/8] Updated to include both IPv4 and IPv6 --- windows/keep-secure/mandatory-settings-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md index 9c265848d2..9a23e25d67 100644 --- a/windows/keep-secure/mandatory-settings-for-wip.md +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -27,5 +27,5 @@ All sections provided for more info appear in either the [Create a Windows Infor |Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the EDP protection level for your enterprise data** section of the policy creation topics.| |Specify your corporate identity. |You must specify your corporate identity, usually expressed as your primary Internet domain (for example, contoso.com). For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. | |Specify your Enterprise Network Domain Names. |You must specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics. | -|Specify your Enterprise IPv4 Ranges. |Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. | +|Specify your Enterprise IPv4 or IPv6 Ranges. |Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. | |Include your Data Recovery Agent (DRA) certificate. |This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the **Create and verify an Encrypting File System (EFS) DRA certificate for EDP** section of the policy creation topics. | \ No newline at end of file From fbe41720ed152269e3b4f3db517154804a320063 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 15 Jul 2016 11:22:20 -0700 Subject: [PATCH 4/8] Updated for publish --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 1 + windows/keep-secure/mandatory-settings-for-wip.md | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 8a96eaa113..d43c87c4e9 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md |New or changed topic | Description | |----------------------|-------------| +|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New | |[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New | |[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |New | |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated | diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md index 9a23e25d67..bc0c26537d 100644 --- a/windows/keep-secure/mandatory-settings-for-wip.md +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -1,6 +1,7 @@ --- title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) -description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. +description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP) in your enterprise. +keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Allowed apps list ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -15,7 +16,7 @@ ms.pagetype: security [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. +This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection(EDP), in your enterprise. >**Important**
All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md), based on the tool you're using in your enterprise. From ab1347da137452e8e0765e04c798d3e7c5b2fd26 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Fri, 15 Jul 2016 11:58:45 -0700 Subject: [PATCH 5/8] Fixed a typo --- ...ments-and-deployment-planning-guidelines-for-device-guard.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md index 2c6b76c490..9a91fc9bee 100644 --- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md +++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md @@ -57,8 +57,6 @@ The following tables provide more information about the hardware, firmware, and The following tables describes additional hardware and firmware requirements, and the additional protections that are available when those requirements are met. We strongly recommend the following additional protections, which help you maximize the benefits that Device Guard can provide. - to take advantage of all the security options Device Guard can provide. - ### 2015 Additional Qualification Requirements for Device Guard (Windows 10, version 1507 and Windows 10, version 1511) |Additional Protections - requirement | Description | From 46ca2a3d5eb56dfd20f5471417f0a8827a5fa4dc Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 15 Jul 2016 11:59:54 -0700 Subject: [PATCH 6/8] Changed App rules to App Rules --- windows/keep-secure/mandatory-settings-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md index bc0c26537d..8a68a0c1ac 100644 --- a/windows/keep-secure/mandatory-settings-for-wip.md +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -24,7 +24,7 @@ All sections provided for more info appear in either the [Create a Windows Infor |Task |Description | |------------------------------------|--------------------------| -|Add at least one app rule in the **App rules** area in your WIP policy. |You must have at least one app rule specified in the **App rules** area of your WIP policy. For more info about where this area is and how to add an app rule, see the **Add individual apps to your Protected App list** section of the policy creation topics.| +|Add at least one app rule in the **App Rules** area in your WIP policy. |You must have at least one app rule specified in the **App Rules** area of your WIP policy. For more info about where this area is and how to add an app rule, see the **Add individual apps to your Protected App list** section of the policy creation topics.| |Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the EDP protection level for your enterprise data** section of the policy creation topics.| |Specify your corporate identity. |You must specify your corporate identity, usually expressed as your primary Internet domain (for example, contoso.com). For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. | |Specify your Enterprise Network Domain Names. |You must specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics. | From 025f685626aa1aed85a9dd08dfc69784348e90f0 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 15 Jul 2016 12:19:47 -0700 Subject: [PATCH 7/8] Updated parent topic for new child topic --- windows/keep-secure/guidance-and-best-practices-edp.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/guidance-and-best-practices-edp.md b/windows/keep-secure/guidance-and-best-practices-edp.md index 805ac84dfc..dbbf9a2d3a 100644 --- a/windows/keep-secure/guidance-and-best-practices-edp.md +++ b/windows/keep-secure/guidance-and-best-practices-edp.md @@ -23,6 +23,7 @@ This section includes info about the enlightened Microsoft apps, including how t ## In this section |Topic |Description | |------|------------| +|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection(EDP), in your enterprise. | |[Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your **Protected Apps** list. | |[Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md) |We've come up with a list of suggested testing scenarios that you can use to test EDP in your company. | From 8bfbea21ba52d8d1fb49fdb46116e9518e111024 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Fri, 15 Jul 2016 14:16:19 -0700 Subject: [PATCH 8/8] correcting typo --- devices/surface-hub/connect-and-display-with-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md index 35d14c4df5..e5250193a8 100644 --- a/devices/surface-hub/connect-and-display-with-surface-hub.md +++ b/devices/surface-hub/connect-and-display-with-surface-hub.md @@ -130,7 +130,7 @@ When a Surface hub is connected to guest computer with the wired connect USB por - HID-compliant mouse -**Universal serial bus conntrollers** +**Universal serial bus controllers** - Generic USB hub