diff --git a/windows/keep-secure/create-edp-policy-using-sccm.md b/windows/keep-secure/create-edp-policy-using-sccm.md index 89d44090dc..f6a55e19a2 100644 --- a/windows/keep-secure/create-edp-policy-using-sccm.md +++ b/windows/keep-secure/create-edp-policy-using-sccm.md @@ -43,13 +43,12 @@ After you’ve installed and set up System Center Configuration Manager for your 1. Open the System Center Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node. - ![system center configuration manager, configuration items screen](images/edp-sccm-addpolicy.png) + ![System Center Configuration Manager, Configuration Items screen](images/edp-sccm-addpolicy.png) -2. Click the **Create Configuration Item** button. +2. Click the **Create Configuration Item** button.

+The **Create Configuration Item Wizard** starts. - The **Create Configuration Item Wizard** starts. - - ![create configuration item wizard, defining the configuration item and choosing the configuration type](images/edp-sccm-generalscreen.png) + ![Create Configuration Item wizard, where you will define the configuration item and choose the configuration type](images/edp-sccm-generalscreen.png) 3. On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes. diff --git a/windows/whats-new/edp-whats-new-overview.md b/windows/whats-new/edp-whats-new-overview.md index a90d1a2c65..36c34d0cea 100644 --- a/windows/whats-new/edp-whats-new-overview.md +++ b/windows/whats-new/edp-whats-new-overview.md @@ -67,27 +67,27 @@ Using EDP you can control the set of apps that are made "protected apps", or app As a note, your existing line-of-business apps don’t have to change to be included as protected apps. You simply have to include them in your list. -## Deciding your level of data access -EDP lets you decide to block, allow overrides, or silently audit your employee's data sharing actions. Blocking the action stops it immediately, while allowing overrides let the employee know there's a problem, but lets the employee continue to share the info, and silent just logs the action without stopping it, letting you start to see patterns of inappropriate sharing so you can take educative action. - -## Helping prevent accidental data disclosure to public spaces -EDP helps protect your enterprise data from being shared to public spaces, like the public cloud, accidentally. For example, if an employee stores content in the **Documents** folder, which is automatically synched with OneDrive (an app on your Protected Apps list), then the document is encrypted locally and not synched it to the user’s personal cloud. Likewise, if other synching apps, like Dropbox™, aren’t on the Protected Apps list, they also won’t be able to sync encrypted files to the user’s personal cloud. - -## Helping prevent accidental data disclosure to other devices -EDP helps protect your enterprise data from leaking to other devices while transferring or moving between them. For example, if an employee puts corporate data on a USB key that also includes personal data, the corporate data remains encrypted even though the personal information remains open. Additionally, the encryption continues when the employee copies the encrypted content back to another corporate-managed device. - -## Great employee experiences +### Great employee experiences EDP can offer a great user experience by not requiring employees to switch between apps to protect corporate data. For example, while checking work emails in Microsoft Outlook, an employee gets a personal message. Instead of having to leave Outlook, both the work and personal messages appear on the screen, side-by-side. -### Using protected apps +#### Using protected apps Protected apps are allowed to access your enterprise data and will react differently with other non-protected or personal apps. For example, if your EDP-protection mode is set to block, your protected apps will let the employee copy and paste information between other protected apps, but not with personal apps. Imagine an HR person wants to copy a job description from a protected app to an internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that it couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website and it works without a problem. -### Copying or downloading enterprise data +#### Copying or downloading enterprise data Downloading content from a location like SharePoint or a network file share, or an enterprise web location, such as Office365.com automatically determines that the content is enterprise data and is encrypted as such, while it’s stored locally. The same applies to copying enterprise data to something like a USB drive. Because the content is already marked as enterprise data locally, the encryption is persisted on the new device. -### Changing the EDP protection +#### Changing the EDP protection Employees can change enterprise data protected documents back to personal if the document is wrongly marked as enterprise. However, this requires the employee to take an action and is audited and logged for you to review +### Deciding your level of data access +EDP lets you decide to block, allow overrides, or silently audit your employee's data sharing actions. Blocking the action stops it immediately, while allowing overrides let the employee know there's a problem, but lets the employee continue to share the info, and silent just logs the action without stopping it, letting you start to see patterns of inappropriate sharing so you can take educative action. + +### Helping prevent accidental data disclosure to public spaces +EDP helps protect your enterprise data from being shared to public spaces, like the public cloud, accidentally. For example, if an employee stores content in the **Documents** folder, which is automatically synched with OneDrive (an app on your Protected Apps list), then the document is encrypted locally and not synched it to the user’s personal cloud. Likewise, if other synching apps, like Dropbox™, aren’t on the Protected Apps list, they also won’t be able to sync encrypted files to the user’s personal cloud. + +### Helping prevent accidental data disclosure to other devices +EDP helps protect your enterprise data from leaking to other devices while transferring or moving between them. For example, if an employee puts corporate data on a USB key that also includes personal data, the corporate data remains encrypted even though the personal information remains open. Additionally, the encryption continues when the employee copies the encrypted content back to another corporate-managed device. + ## Turn off EDP You can turn off all enterprise data protection and restrictions, reverting to where you were pre-EDP, with no data loss. However, turning off EDP isn't recommended. If you choose to turn it off, you can always turn it back on, but EDP won't retain your decryption and policies info.