diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index b3fa96c51d..73123f8d6f 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -338,9 +338,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor **To change your corporate identity** -1. From the **App policy** blade, click the name of your policy, and then click **Required settings** from the menu that appears. - - The **Required settings** blade appears. +1. From the **App policy** blade, click the name of your policy, and then click **Required settings**. 2. If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add additional domains, for example your email domains, you can do it in the **Advanced settings** area. @@ -356,14 +354,10 @@ There are no default locations included with WIP, you must add each of your netw **To define where your protected apps can find and send enterprise data on you network** -1. From the **App policy** blade, click the name of your policy, and then click **Advanced settings** from the menu that appears. - - The **Advanced settings** blade appears. +1. From the **App policy** blade, click the name of your policy, and then click **Advanced settings**. 2. Click **Add network boundary** from the Network perimeter area. - The **Add network boundary** blade appears. - ![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png) 3. Select the type of network boundary to add from the **Boundary type** box. @@ -382,7 +376,12 @@ There are no default locations included with WIP, you must add each of your netw Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. - Network domain names + Protected domains + exchange.contoso.com,contoso.com,region.contoso.com + Specify the domains used for identities in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

If you have multiple domains, you must separate them using the "," delimiter. + + + Network domains corp.contoso.com,region.contoso.com Starting with Windows 10, version 1703, this field is optional.

Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.

If you have multiple resources, you must separate them using the "," delimiter. diff --git a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png index ff743d4e05..9fbe37d56d 100644 Binary files a/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png and b/windows/security/information-protection/windows-information-protection/images/wip-azure-advanced-settings-network.png differ