From ab8f97b74784e6bd0b62961e639b07fbfffb1fa2 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 11 May 2016 08:30:15 -0700 Subject: [PATCH 1/7] Updating based on tech reviews --- .../protect-enterprise-data-using-edp.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md index 132514c566..96b22f4c6d 100644 --- a/windows/keep-secure/protect-enterprise-data-using-edp.md +++ b/windows/keep-secure/protect-enterprise-data-using-edp.md @@ -19,7 +19,7 @@ author: eross-msft With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. -Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside EDP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. +Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management, can help to extend protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. ## Prerequisites You’ll need this software to run EDP in your enterprise: @@ -37,23 +37,23 @@ EDP helps address your everyday challenges in the enterprise. Including: - Helping to maintain the ownership and control of your enterprise data. -- Managing apps that aren’t enterprise aware. +- Help control apps that aren’t enterprise aware. ### EDP-protection modes You can set EDP to 1 of 4 protection and management modes: |Mode|Description| |----|-----------| -|Block |EDP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.| +|Block |EDP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.| |Override |EDP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). | -|Silent |EDP runs silently, logging inappropriate data sharing, without blocking anything.| +|Silent |EDP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or EDP-protected data, are still blocked.| |Off |EDP is turned off and doesn't help to protect or audit your data.

After you turn off EDP, an attempt is made to decrypt any closed EDP-tagged files on the locally attached drives. |

**Note**
For more info about setting your EDP-protection modes, see either [Create an enterprise data protection (EDP) policy using Intune](create-edp-policy-using-intune.md) or [Create and deploy an enterprise data protection (EDP) policy using Configuration Manager](create-edp-policy-using-sccm.md), depending on your management solution. ## Why use EDP? -EDP gives you a new way to manage data security for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune). +EDP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune). -- **Change the way you think about data security.** As an enterprise admin, you need to maintain the security and confidentiality of your enterprise data. EDP helps make sure that your enterprise data is protected on employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data. +- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. EDP helps make sure that your enterprise data is protected on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data. - **Manage your enterprise documents, apps, and encryption modes.** @@ -61,10 +61,10 @@ EDP gives you a new way to manage data security for apps and documents, along wi - **Using protected apps.** Managed apps (apps that you've included on the **Protected Apps** list in your EDP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if EDP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem. - - **Managed apps and restrictions.** With EDP you can control which apps can access and use your enterprise data. After adding an app to your **Protected App** list, the app is trusted with enterprise data. All apps not on this list are potentially blocked from accessing your enterprise data, depending on your EDP management-mode.

+ - **Managed apps and restrictions.** With EDP you can control which apps can access and use your enterprise data. After adding an app to your **Protected App** list, the app is trusted with enterprise data. All apps that aren’t on this list are potentially blocked from accessing your enterprise network resources and your EDP-protected data.

You don’t have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in the **Protected App** list. - - **Deciding your level of data access.** EDP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without stopping it; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your **Protected App** list. + - **Deciding your level of data access.** EDP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your **Protected App** list. - **Continuous data encryption.** EDP helps protect enterprise data when it leaves a device. For example, when an employee saves to public cloud storage, or synchronizes with another device.

Apps such as Microsoft Word work with EDP to continue your data encryption across locations and services. These apps are being referred to as, *enterprise aware*. For example, if an employee opens EDP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies EDP to the new document, maintaining the encryption. From 68b2425e4a4e896bcc4ca9c97c904f4006352416 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 11 May 2016 09:06:36 -0700 Subject: [PATCH 2/7] Updated based on tech review --- windows/keep-secure/protect-enterprise-data-using-edp.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md index 96b22f4c6d..f75a7a1faa 100644 --- a/windows/keep-secure/protect-enterprise-data-using-edp.md +++ b/windows/keep-secure/protect-enterprise-data-using-edp.md @@ -71,7 +71,7 @@ EDP gives you a new way to manage data policy enforcement for apps and documents - **Helping prevent accidental data disclosure to public spaces.** EDP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your **Protected App** list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your **Protected Apps** list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the cloud, while maintaining the encryption. - - **Helping prevent accidental data disclosure to other devices.** EDP helps prevent enterprise data from leaking when it's copied or transferred to other devices. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. + - **Helping prevent accidental data disclosure to other devices.** EDP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. - **Remove access to enterprise data from enterprise-protected devices.** EDP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.

**Note**
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device. @@ -83,7 +83,6 @@ Use the following table to identify the scenarios that require Azure Rights Mana |EDP scenario |Without Azure Rights Management |Workaround | |-------------|--------------------------------|-----------| |Saving enterprise data to USB drives |Data in the new location remains encrypted, but becomes inaccessible on other devices or for other users. For example, the file won't open or the file opens, but doesn't contain readable text. |Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.

We strongly recommend educating employees about how to limit or eliminate the need for this decryption. | -|Sharing enterprise data through email attachments |The attachment is sent unprotected. |Store documents on enterprise cloud or network sites, and share links. | |Synchronizing data to other services or public cloud storage |Synchronized files aren't protected on additional services or as part of public cloud storage. |Stop the app from synchronizing or don't add the app to your **Protected App** list.

For more info about adding apps to the **Protected App** list, see either the [Create an enterprise data protection (EDP) policy using Intune](create-edp-policy-using-intune.md) or the [Create and deploy an enterprise data protection (EDP) policy using Configuration Manager](create-edp-policy-using-sccm.md) topic, depending on your management solution. ## Next steps From 76beeb2c364824ddb6e768d09f736886583f43f6 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 11 May 2016 09:52:31 -0700 Subject: [PATCH 3/7] Updated changed topics topic --- windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 6b506dbfd5..8bcf425315 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md |----------------------|-------------| | [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. | | [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview | +|[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Updated info based on changes to the features and functionality.| ## April 2016 From 00171b6ec839dfd96d78b0e0c03541871014b4c1 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 11 May 2016 13:11:59 -0700 Subject: [PATCH 4/7] Updated based on tech review --- .../add-apps-to-protected-list-using-custom-uri.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md index 4936bb7028..3f9700cfb4 100644 --- a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md +++ b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md @@ -1,6 +1,6 @@ --- title: Add multiple apps to your enterprise data protection (EDP) Protected Apps list (Windows 10) -description: Add multiple apps to your enterprise data protection (EDP) Protected Apps list at the same time, by using the Microsoft Intune Custom URI functionality and the AppLocker Group Policy. +description: Add multiple apps to your enterprise data protection (EDP) Protected Apps list at the same time, by using the Microsoft Intune Custom URI functionality and the AppLocker. ms.assetid: b50db35d-a2a9-4b78-a95d-a1b066e66880 keywords: ["EDP", "Enterprise Data Protection", "protected apps", "protected app list"] ms.prod: W10 @@ -17,7 +17,7 @@ author: eross-msft [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -Add multiple apps to your enterprise data protection (EDP) **Protected Apps** list at the same time, by using the Microsoft Intune Custom URI functionality and the AppLocker Group Policy. For more info about how to create a custom URI using Intune, see [Windows 10 custom policy settings in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=691330). +Add multiple apps to your enterprise data protection (EDP) **Protected Apps** list at the same time, by using the Microsoft Intune Custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, see [Windows 10 custom policy settings in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=691330). **Important**   Results can be unpredictable if you configure your policy using both the UI and the Custom URI method together. We recommend using a single method for each policy. @@ -26,7 +26,7 @@ If you only want to add one app at a time, you can follow the instructions in th **To add Universal Windows Platform (UWP) apps** -1. Go to the AppLocker Group Policy UI by opening a command line window and running secpol.msc. The local security policy MMC snap-in opens showing the **Security Settings**. +1. Go to the AppLocker UI by opening a command line window and running secpol.msc. The local security policy MMC snap-in opens showing the **Security Settings**. 2. Double-click **Application Control Policies**, double-click **AppLocker**, right-click **Packaged app Rules**, and then click **Automatically Generate Rules**.

The **Automatically Generate Packaged app Rules** wizard opens, letting you create EDP-protected app polices for all of the installed apps on the device or for packaged apps within a specific folder. @@ -69,7 +69,7 @@ After saving the policy, you’ll need to deploy it to your employee’s devices **To add Classic Windows applications** -1. Go to the AppLocker Group Policy UI by opening a command line window and running secpol.msc. The local security policy MMC snap-in opens showing the **Security Settings**. +1. Go to the AppLocker UI by opening a command line window and running secpol.msc. The local security policy MMC snap-in opens showing the **Security Settings**. 2. Double-click **Application Control Policies**, double-click **AppLocker**, right-click **Executable Rules**, and then click **Automatically Generate Rules**.

The **Automatically Generate Executable Rules** wizard opens, letting you create EDP-protected app polices by analyzing the files within a specific folder. From 88a4475080a0015760320a5dd8e84de2b9512ebb Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 11 May 2016 13:46:30 -0700 Subject: [PATCH 5/7] Updating based on tech review --- .../keep-secure/create-edp-policy-using-intune.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/windows/keep-secure/create-edp-policy-using-intune.md b/windows/keep-secure/create-edp-policy-using-intune.md index 71d19b6949..e2dab16028 100644 --- a/windows/keep-secure/create-edp-policy-using-intune.md +++ b/windows/keep-secure/create-edp-policy-using-intune.md @@ -18,21 +18,6 @@ author: eross-msft Microsoft Intune helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network. -## In this topic: -- [Add an EDP policy](#add-an-edp-policy) - -- [Add individual apps to your Protected App list](#add-individual-apps-to-your-protected-app-list) - -- [Exempt apps from EDP restrictions](#exempt-apps-from-EDP-restrictions) - -- [Manage the EDP protection level for your enterprise data](#manage-the-edp-protection-level-for-your-enterprise-data) - -- [Define your enterprise-managed identity domains](#define-your-enterprise-managed-identity-domains) - -- [Choose where apps can access enterprise data](#choose-where-apps-can-access-enterprise-data) - -- [Choose your optional EDP-related settings](#choose-your-optional-EDP-related-settings) - ## Add an EDP policy After you’ve installed and set up Intune for your organization, you must create an EDP-specific policy. From 62983c00b3725586c8aff5f0e76fc31c274d815f Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 17 May 2016 09:23:24 -0700 Subject: [PATCH 6/7] Updated based on tech review --- windows/keep-secure/protect-enterprise-data-using-edp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md index f75a7a1faa..ee71fc6383 100644 --- a/windows/keep-secure/protect-enterprise-data-using-edp.md +++ b/windows/keep-secure/protect-enterprise-data-using-edp.md @@ -19,7 +19,7 @@ author: eross-msft With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. -Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management, can help to extend protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. +Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. ## Prerequisites You’ll need this software to run EDP in your enterprise: @@ -37,7 +37,7 @@ EDP helps address your everyday challenges in the enterprise. Including: - Helping to maintain the ownership and control of your enterprise data. -- Help control apps that aren’t enterprise aware. +- Helping control the network and data access and data sharing for apps that aren’t enterprise aware. ### EDP-protection modes You can set EDP to 1 of 4 protection and management modes: @@ -61,7 +61,7 @@ EDP gives you a new way to manage data policy enforcement for apps and documents - **Using protected apps.** Managed apps (apps that you've included on the **Protected Apps** list in your EDP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if EDP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem. - - **Managed apps and restrictions.** With EDP you can control which apps can access and use your enterprise data. After adding an app to your **Protected App** list, the app is trusted with enterprise data. All apps that aren’t on this list are potentially blocked from accessing your enterprise network resources and your EDP-protected data.

+ - **Managed apps and restrictions.** With EDP you can control which apps can access and use your enterprise data. After adding an app to your **Protected App** list, the app is trusted with enterprise data. All apps that aren’t on this list are blocked from accessing your enterprise network resources and your EDP-protected data.

You don’t have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in the **Protected App** list. - **Deciding your level of data access.** EDP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your **Protected App** list. From ea6cbf4213db5a83485bfdeb0321b211fc9bf4b9 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 17 May 2016 09:52:31 -0700 Subject: [PATCH 7/7] Updated based on tech review --- windows/keep-secure/protect-enterprise-data-using-edp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md index ee71fc6383..d647af4367 100644 --- a/windows/keep-secure/protect-enterprise-data-using-edp.md +++ b/windows/keep-secure/protect-enterprise-data-using-edp.md @@ -66,12 +66,12 @@ EDP gives you a new way to manage data policy enforcement for apps and documents - **Deciding your level of data access.** EDP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your **Protected App** list. - - **Continuous data encryption.** EDP helps protect enterprise data when it leaves a device. For example, when an employee saves to public cloud storage, or synchronizes with another device.

- Apps such as Microsoft Word work with EDP to continue your data encryption across locations and services. These apps are being referred to as, *enterprise aware*. For example, if an employee opens EDP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies EDP to the new document, maintaining the encryption. + - **Continuous data encryption.** EDP helps protect enterprise data on local files and on removable media.

+ Apps such as Microsoft Word work with EDP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens EDP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies EDP to the new document. - **Helping prevent accidental data disclosure to public spaces.** EDP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your **Protected App** list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your **Protected Apps** list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the cloud, while maintaining the encryption. - - **Helping prevent accidental data disclosure to other devices.** EDP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. + - **Helping prevent accidental data disclosure to removable media.** EDP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t. - **Remove access to enterprise data from enterprise-protected devices.** EDP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.

**Note**
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.