Adding 1 new limitation and 1 important note

2025-05-14 06:17:22 +00:00 · 2017-03-16 12:36:32 -07:00 · 2017-03-16 12:36:32 -07:00 · 81db6093f6
commit 81db6093f6
parent 07c9181f76
2 changed files with 23 additions and 1 deletions
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@ -18,6 +18,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |---------------------|------------|
 |[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
 |[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
+|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)]|Added note about Azure RMS and USB drives and added new limitation about folder redirection.|


 ## January 2017
--- a/windows/keep-secure/limitations-with-wip.md
+++ b/windows/keep-secure/limitations-with-wip.md
@ -27,7 +27,7 @@ This table provides info about the most common problems you might encounter whil
    <tr>
        <td>Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.</td>
        <td><strong>If you’re using Azure RMS:</strong> Authenticated users can open enterprise data on USB drives, on computers running the latest build from the Windows Insider Program.<p><strong>If you’re not using Azure RMS:</strong> Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.</td>
-        <td>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.</td>
+        <td>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.<p><strong>Important</strong><br>If you're running WIP with Azure Rights Management (Azure RMS), you can open any enterprise data copied to a USB drive on computers running Windows 10, version 1703 and later. For more info about how to set up WIP with Azure RMS, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/create-wip-policy-using-intune).</td>
    </tr>
    <tr>
        <td>Direct Access is incompatible with WIP.</td>
@ -79,6 +79,27 @@ This table provides info about the most common problems you might encounter whil
        <td>Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP.</td>
        <td>We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.<p>For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).</td>
    </tr>
+    <tr>
+        <td>WIP isn’t turned on if any of the following folders have the <strong>MakeFolderAvailableOfflineDisabled</strong> option set to <strong>False</strong>:
+            <ul>
+                <li>AppDataRoaming</li>
+                <li>Desktop</li>
+                <li>StartMenu</li>
+                <li>Documents</li>
+                <li>Pictures</li>
+                <li>Music</li>
+                <li>Videos</li>
+                <li>Favorites</li>
+                <li>Contacts</li>
+                <li>Downloads</li>
+                <li>Links</li>
+                <li>Searches</li>
+                <li>SavedGames</li>
+            </ul>
+        </td>
+        <td>WIP isn’t turned on for employees in your organization.</td>
+        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. For more info about Work Folders and Offline Files see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/).
+    </tr>
 </table>

 >[!NOTE]