From 76540109fad62eaf2afc4bf52908f70a673dc88a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 5 Sep 2018 10:09:11 -0700 Subject: [PATCH 01/32] first draft outline --- .../how-wip-works-mip.md | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 windows/security/information-protection/windows-information-protection/how-wip-works-mip.md diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md new file mode 100644 index 0000000000..1dbba7a772 --- /dev/null +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md @@ -0,0 +1,43 @@ +--- +title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) (Windows 10) +description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. +ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f +keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +author: justinha +ms.localizationpriority: medium +ms.date: 08/27/2018 +--- + +# How Windows Information Protection works with Microsoft Information Protection + +Microsoft provides different information protection technologies that work together as an integrated solution to help enterprises: + +- Discover corporate data on endpoint devices +- Classify and label information based on its content and context +- Protect corporate data from leaving to non-business environments +- Enable audit reports of user intercations with corporate data on endpoint devices + +This topic explains howWindows Information Protection works with other Microsoft information protection technologies. + +## What is Microsoft Information Protection? + +- [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use. + +- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. + +- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps. + + +## Default behaviors for a MIP label + +- When the label is configured with WIP=WORK, the device enforces WORK protection for documents with the MIP label +- When the label is configured with WIP=PERSONAL, the device enforces PERSONAL protection for documents with the MIP label +- When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): + - If the document is downloaded from a work site, the device enforces WORK protection + - If the document is downloaded from a personal site, the device enforces PERSONAL protection + + From 68d030f41f3c643671a994fadf139796f2ca8e59 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 5 Sep 2018 10:28:13 -0700 Subject: [PATCH 02/32] added use cases --- .../how-wip-works-mip.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md index 1dbba7a772..e4d34699e1 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md @@ -41,3 +41,20 @@ This topic explains howWindows Information Protection works with other Microsoft - If the document is downloaded from a personal site, the device enforces PERSONAL protection +## User downloads a Confidential Office or PDF document from a work site + +## User downloads a Confidential PTXT file from a work site + +## User downloads a Confidential Office or PDF document from a personal site + +## User downloads a non-business Office or PDF document from a work site + +## User reclassifies document by using a MIP-enlightened application + +## User changes WIP protection on a document without changing the MIP label + + + + + + From ec87cc77931b992ae58307aa79972a9f7dbae923 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 5 Sep 2018 12:27:06 -0700 Subject: [PATCH 03/32] edits --- .../windows-information-protection/how-wip-works-mip.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md index e4d34699e1..69b139ce32 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md @@ -34,11 +34,11 @@ This topic explains howWindows Information Protection works with other Microsoft ## Default behaviors for a MIP label -- When the label is configured with WIP=WORK, the device enforces WORK protection for documents with the MIP label -- When the label is configured with WIP=PERSONAL, the device enforces PERSONAL protection for documents with the MIP label +- When the label is configured with WIP=Work, the device enforces Work protection for documents with the MIP label +- When the label is configured with WIP=Personal, the device enforces Personal protection for documents with the MIP label - When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): - - If the document is downloaded from a work site, the device enforces WORK protection - - If the document is downloaded from a personal site, the device enforces PERSONAL protection + - If the document is downloaded from a work site, the device enforces Work protection + - If the document is downloaded from a personal site, the device enforces Personal protection ## User downloads a Confidential Office or PDF document from a work site From 19bf188aedb38ad1b99fa6b3405c8643b2ef8c0d Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 6 Sep 2018 16:11:18 -0700 Subject: [PATCH 04/32] edits fom Derek --- .../how-wip-works-mip.md | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md index 69b139ce32..e8dee9885a 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md @@ -12,16 +12,16 @@ ms.localizationpriority: medium ms.date: 08/27/2018 --- -# How Windows Information Protection works with Microsoft Information Protection +# How Windows Information Protection works with Microsoft Information Protection labels -Microsoft provides different information protection technologies that work together as an integrated solution to help enterprises: +Microsoft Information Protection technologies work together as an integrated solution to help enterprises: - Discover corporate data on endpoint devices - Classify and label information based on its content and context -- Protect corporate data from leaving to non-business environments -- Enable audit reports of user intercations with corporate data on endpoint devices +- Protect corporate data from unintentionally leaving to non-business environments +- Enable audit reports of user interactions with corporate data on endpoint devices -This topic explains howWindows Information Protection works with other Microsoft information protection technologies. +This topic explains how Windows Information Protection works with the other Microsoft Information Protection technologies. ## What is Microsoft Information Protection? @@ -35,23 +35,22 @@ This topic explains howWindows Information Protection works with other Microsoft ## Default behaviors for a MIP label - When the label is configured with WIP=Work, the device enforces Work protection for documents with the MIP label -- When the label is configured with WIP=Personal, the device enforces Personal protection for documents with the MIP label - When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): - If the document is downloaded from a work site, the device enforces Work protection - - If the document is downloaded from a personal site, the device enforces Personal protection + - If the document is downloaded from a personal site, no work protection is applied -## User downloads a Confidential Office or PDF document from a work site +## User downloads any document from a work site -## User downloads a Confidential PTXT file from a work site +## User downloads a Confidential Office or PDF document from a personal site (find out if this include PTXT) -## User downloads a Confidential Office or PDF document from a personal site +## Prerequisites + +WDATP +Windows 10 version 1809 +Label configuration (via SCC in Office 365) +WIP policy -## User downloads a non-business Office or PDF document from a work site - -## User reclassifies document by using a MIP-enlightened application - -## User changes WIP protection on a document without changing the MIP label From 32fdec193cfc1d8216eba34cc4fa5e347b9a3aed Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 11 Sep 2018 17:21:26 -0700 Subject: [PATCH 05/32] added MIP topic --- ...s-mip.md => how-wip-works-with-mip-labels.md} | 9 +++++---- .../images/sensitivity-labels.png | Bin 0 -> 4429 bytes 2 files changed, 5 insertions(+), 4 deletions(-) rename windows/security/information-protection/windows-information-protection/{how-wip-works-mip.md => how-wip-works-with-mip-labels.md} (92%) create mode 100644 windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md similarity index 92% rename from windows/security/information-protection/windows-information-protection/how-wip-works-mip.md rename to windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md index e8dee9885a..1bba091ee4 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-mip.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md @@ -39,6 +39,7 @@ This topic explains how Windows Information Protection works with the other Micr - If the document is downloaded from a work site, the device enforces Work protection - If the document is downloaded from a personal site, no work protection is applied +![Sensitivity labels](images/sensitivity-labels.png) ## User downloads any document from a work site @@ -46,10 +47,10 @@ This topic explains how Windows Information Protection works with the other Micr ## Prerequisites -WDATP -Windows 10 version 1809 -Label configuration (via SCC in Office 365) -WIP policy +- Windows Defender Advanced Threat Protection (WDATP) +- Windows 10 version 1809 +- Label configuration (via SCC in Office 365) +- Windows Information Protection policy diff --git a/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png b/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png new file mode 100644 index 0000000000000000000000000000000000000000..5a497b20ca109002db993a74c541793c25ac3de1 GIT binary patch literal 4429 zcmZ{o2T&Bvw#OHixRQe+L6M+1t5JSYZ$dgj!2e)c^v4 z#-G)%QV^e=Z)lJ-oLz`K3^bG>mHq5XXAKg2B^@OQ^9eGdqPrv3aN z>T)fyg+S*G2oV5f(I8_ZrLa_1e5d#N77M(E&Miw(o89PfxWTP#-#f0}F0N~bIlHei6Ht52 zzJGoYzW)}={aw++DF4ig<-E|dC`ju8t&&vjx6jH%LSv(}OGIQT`1h{5sSW7#x0_XX z_tDXjO+I*M_o0SD%Xri7r;OF&7cQ4AcMhVdW&3Ao5n0EF3%mBMzjzAz8eGCd(zwOS zxs43 z&@^s3Pc;{o`!-h-^WLJv$(WSO1T-=g;aL}JoOyxcc|5u4>5kS{9me{jX-ds`M|J-P z-!kYD|9Q~(<@4WfX*KnXrIn$ucMSmZh{yQK4QsfGl_|#V=+BbB+_(euw+SOL+Wak= zB(#!ZB{_*>hluigl#16b)`Ro3hz{GD<+_K5{QjP`fo~t_P;`5>_0m&dxXSOTdykRx z@RhT_CWqRaCo`+a@nc7yYtVl0yR`k3sndnmvx4Jd zG9IokE(x?xY7Pvf=g{wxiGS`GL>mXo=5%o0mek;mThk4O%WWLOO&v?;=UdpPj&25F zKMp^Y^5l--E)AZtaXIW%_x4;Ftw_6Rbj!4^Jhb9^&S_G%R(&D=} zx=8P5&~bp5^~$nY{9W_rb{}bzIAx**Tu$qHch4vWE!Ok3=kaELmH*0-^DC~4oKvTMu9Pwvi)ZY<3#4Yvor*(7D1_R1Kn^isaq= zgh>@QG+d*u?A|6cv3gmK`{0nZq*6L+N^^v*jj&(X<7|)#Hk)sU*z*H$RYr4+HBW$A zQR*^q7|Dbr^gri7`d7s${HR{DZ`Qq^M~Q=tzyQ+zwCTvJK|iS?QX8}|7)*)Mm+K|V zA46hI7UEBO>GB2P4{yCzP;_Bu+KOY7REA<6eXG<7 zZ~)+wR6k2eY8=nxVE+C%6@?f(@!S)&d#Q3m;f~w$OK|J{z++nLo$wagn=*LR+~+*eyehgNFP6gSfmeun=3Dp-nI@OExVE<7aJe^ov`+=} zL(lKL&cUrix#7U~VWPbVG)*r3M~de=o&<%!5)E=2RZynU75W1iXL1|Ne=>|~Cfdsi zej;=u>qmXtD(f?c`&7ei<*|fu%y<^`*GQpzMj98oy0(&CCpiy^F9gz^Hsz5l9>q5l7!;EmPgg4!JRqO>sB^F6?Xnxq z)YMBoa0R@PnsKC^>_E-+Ny<5@QY#dh# z8V*OS3BWw9@G^l)Qg z;PIjG@tVGJpP0;535yact|I3`3odg!zrcsb{e1jw(zb7k8p6X42G_ZzW-~v;$EXfF z3Q8n}PGxP$5YA*;P)3{?7qQGezFu5URXUp%I zvnV%2$;}UTz-BXVrI-d)=iX!Jb%|C|i0DWaeXVu#3nz(hJVpZk#=RqXn2_(Aa_x6RopTWPTeo<~ zqkLI9NS-&g?TH+=g%^+>{g8?+xDwPV$G)w2?GqBnivdp#YDHGFbNi9|;8ylKt!!F0 zVI+MuR`VV=7j9O2%G*~k58``W3=S}}x-baR5bfU42keRr@Sq~EwF@iWvouv?b4Fww zsp!VlJ1<)~Q^iW5t_%ON8BbxxIU&M}EV4k5{^AiK7COiOmr7JDdMFN2QRu?ImM+!pqiJq7&&$(fb`+bdm=uSI)V^r8SVt^9 zZekRF-5u7uX7Jmh)MbSeq8?LeA_{l!rDQzcnY8(v%VMsN5431`T^m!X{f4QV6yw#i z1z7E6p!50)DeCXf?ZB16O4oMRK9K}p@J%I36*LAxv2jbq55AueUUS!eZQCSXUsVNg z!?9l_3%@W`P`O!Rjiqab=m&*c%1lx@t#8m2i{2xbR`duNq7d=$ygd=2z5B&#u-=X? zls$}s{oT{ZK&~S}ko#*=d#IS>O0ym#tDnrPDyq&r_TWPpAISmM8i@m3vqpaSPP1kz zadBT#818v1G%nVA0cbz83cY?E6sUV=xCMcbHM=Rx!iK;gmweDV;0<{J0TF{F6`=PR z9xJ+6_&jCTxEvhIlgewY71qabEg|cTL^MmsV$mylI5Iir;Fmo&lqMViuU-8O{4oZZ zHo>Z|i_?9Jc=@INLAF)z2U{RbTwF98Gh4O;f$UCG>!VDH!A;u#OlA_kU{crs*PwS` zYzEj!>iu#g5N_54ra#3@KEMBymg4)Bx%f!u6xnSMMECKP43T8>Kjzqy4WR=obnh7f zM0;i7rk!G_cvfT@5U;NGo1s?NKpu@aFl_dgOmMY#$}j-ZE|LbOhN{kptSmX*0)JY%fb1Jyc7{=j2eA-XVOyV1GrwshD_ObYD)BtpbGXK#D=W z%4k~1NIAG%DIob^WSl3HPd~qa5;T#ym&imouq(;@$Mtj7^#le$_e}#F+83P;MyKj; z6XAPkA(}0w{HmU6#xJWskK1njkQk^t`S#4x!0Sy~+8T(0z(P#u)4}RO)JZLvlu%^7vmbkcEz9jpa6F5Tqq;<` zWZj&SFTq1QQa6HncHxwl1OY&v-hk7>xsWANkkTM@f;6r{VzrOfYGAF58HBx+gq^rJ z=r@cB*Lo>m_o9%LH2};kpDkUga6;i^eF%dJaG>h%lp{4W)4`$lC7UDyo_b{)D-50n z+9f)`+@rg+65S~|J$=Z`&@5lWxaE6byFw=DF5y0Xl+a}dN zSL&iPRU|f1`kO>q%sucf!cmmO!xU~aSE2@F7jMX#9X$fvSBLN3NY*f?rsQqbw@yh! zB#l)8SlG}Dj$x*WY*|IH;G|aI`DTWTWOSFd<5qaEAO&^CSkl07kX?y)9$h~Y%h=1z zTh;`QMIz2<-Xz60&DCT2a{JzbkT-F@GgP&2fHTsy39#SB~!V(1QUG=%C!r)Pey ztAW=-sHmt06<%ZPzP!Nvbq)4mNgU|v`_jZpM&VvP-86^6B%Pm9Rqz&etZq$RRD7!G zpuo8RVOe{#sIN*^P*eH!>A2IoM;iw(X;JgBIreF*ebZk)ba1tOPwe!so2()#Q3a&L zpUB9_NH~wV{h8Mxe1m?_{>z6ceg6x^F6OZlesDd-SzPv+Vp>y2w+e+QBLN)qP1K-5 zF~)n0J>WoKyi9=3-@5k2<1-orPb`73Px2HW5u_~JLzqW#`m+Cr24hCkptZw+ z%`_wE0;Yf$Er^AnCgO+^5DW}F>WCuCsx3UN7YKPFR0jIAp44rL1jF#jIt3~9MZVQo zvNu5$BCLv)7f|tv=j%eWy8SNaIS5mqM>Z7~{$hn4z`Pf5U~v{v+rTp#nrjZ_c>ahL z$p2T`G~NQ?>{88S7dxpVRR Date: Wed, 12 Sep 2018 12:31:28 -0700 Subject: [PATCH 06/32] added edits from Derek --- .../how-wip-works-with-mip-labels.md | 38 +++++++++++++----- .../images/sensitivity-labels.png | Bin 4429 -> 2837 bytes 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md index 1bba091ee4..2a448df493 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 08/27/2018 --- -# How Windows Information Protection works with Microsoft Information Protection labels +# How Windows Information Protection works with other Microsoft Information Protection technologies Microsoft Information Protection technologies work together as an integrated solution to help enterprises: @@ -32,25 +32,45 @@ This topic explains how Windows Information Protection works with the other Micr - [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps. -## Default behaviors for a MIP label +## Default behaviors for a label -- When the label is configured with WIP=Work, the device enforces Work protection for documents with the MIP label +Enterprises can create and manage labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a label, you can specify that endpoint protection should apply to content with that label. + +- When the label is configured for content that includes business data, the device enforces work protection for documents with the label - When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): - - If the document is downloaded from a work site, the device enforces Work protection + - If the document is downloaded from a work site, the device enforces work protection - If the document is downloaded from a personal site, no work protection is applied +For more information about labels, see [Overview of labels](https://docs.microsoft.com/office365/securitycompliance/labels). + +## User downloads or creates a document from a work site + +If a lable is configured so that endpoint protection will apply to content with that label, then when a user downloads or creates a new document with that label, that document will be protected by WIP. + ![Sensitivity labels](images/sensitivity-labels.png) -## User downloads any document from a work site + -## User downloads a Confidential Office or PDF document from a personal site (find out if this include PTXT) +Windows Defender ATP scans for any file that gets modified or created. If the file has a label, then the corresponding WIP protection gets applied. That can happen when you download a file or create a new file. For example: + +1. A user can create a file on a Mac device and label it as Condidential. +2. Send it via Gmail to another user on a Windows 10 device. +3. When the user opens the file on the Windows 10 device, WIP policy gets applied and the file is protected. + +The file does not need to have any other work context beyond the label. + +## User downloads a confidential Office or PDF document from a personal site + + ## Prerequisites -- Windows Defender Advanced Threat Protection (WDATP) +- Windows Defender Advanced Threat Protection (WDATP) scans content for a label and applies corresponding WIP protection - Windows 10 version 1809 -- Label configuration (via SCC in Office 365) -- Windows Information Protection policy +- Labels need to be configured in the Office 365 Security & Compliance Center +- Windows Information Protection policy need to be applied to endpoint devices diff --git a/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png b/windows/security/information-protection/windows-information-protection/images/sensitivity-labels.png index 5a497b20ca109002db993a74c541793c25ac3de1..89a133bcbe195417fc07c1e86eff7bc47e33c4d2 100644 GIT binary patch literal 2837 zcmZvec{CJk7r@5|Goz$Qi;T>~WC^or8KDIskzFAq%h0p*>r8LqI$6=Q?}0G=fXZrz(PE8)IKj`d9gP)ungo%xCzzxTu}Cn+obG51iC* z^MSSbWT^=rTBVCQb77xD+Skdu+Y5-Vju4p&0dU42HXpmicFQ1H5IY|s}BOOqjCte zsmp2o6U>Qj)d|1YVYuP92?GeF8P`M!KO2OGA{3(-vV|6#{DzRz`sOrPIkW&q>1QW_ ze9+I0(3zuZ2Iky{ffJt-u<)q-{QULxb%FiIr!B=POq@26)?pv78_lMBvSvi;F}wDO z$g~MlyTxMF^-Rf1#SwMqB|4m4d+UGvSZhy?x@Mi~{k5;Lab|UAePyU>t){SgjnqHN-S93wEe6yHZrsYQmt}ApC>j}l4VbLtR(2nXU$xDLyj@3;3#Pp8;YHnnl+P$9Zue-)lzj6vrx2{hObNGKD zov6)z^2-|uHBZf%AD`04d)0;1necI$t0|g6i>+OQ)-zMlQ>J=1+2BTyn^`j*R#rYqa_uog$`5}okidw- zat->Cq52d7?q!O0K z+k1L??4PP>X@z`i;ya5+DJxrSkbp?hLhOscoo~G?CCPj!2RYjL*G2;S*`Qble%@<^8nNsZxh-2#OJ2%`JxVuLjsOB3Wxn z!1D&K+v6!3*BhjwTxA5D+xfy~O%^tN``ISCRS_SWDFG$2$lt z4)wp0ixSe;Oi(A9zthW7^_G5%o_l`4*1wZN@>q$1TA36esf772Xq%keCr_VxdwG#D z&Fs|Eg>+~UqR1E?jsr>oUEV6#*wIxxzQc9l31RaJeaTJ{UQ(Y*_5@>vElj~5*4@aL z@jzeIb7qhlym$=&N1r3AU>>Qj`ZIPoo49+*2=8?j(I27x3!}inrNi2@IcbQ+k1>9D4pZ0Kg zPP}sJ97Gd$Ue+YNNqn0-?FIn~Cgx^{pZ&zE;b38U28)Z9J|E3-c;DcFLHoPOmg%4n43d)BeibFOBIDj1w+|j{;a6q^*%Yk_Qut*ifA5GJL-d(QbTiWKjh_r$nLZZ% zo^`yEtk znUQXX(G_+(OvI{w$*0}UBggY1DJpgE87C_I@t#k^N?`4f1RP0k%1-NcuKbmE;>~9> zUO9KDfqoCkFFVY?k*JS(W4pn;p(Tg#`VMn9fldBSCxwNQJ@1Pr>L8=?6g3(WyKjq@ z!FtJmza8WLl$sWqabg?|WOa&s6lu*$Ufr7=DG%iNoOeE%-X$KxEiHxCC2KpPCp_R%jpJ zUR!<6eKQTSAyE#Ebqg#J>12P7p&k(>bT>!-$y0|dyEdQ{&-IkqPfG*Xa$fwIQ>mxO zf_l`8iOlX0fRt3?8Sy`Tk#~ONhVR)B1v8hw%~yCwSG*Z@<8QtAL`@CIbrk_Kdg(&! z;E{6CoqZ?jY!wX(9>VPG%CFDNwG@`_u|Wzxi>x_P+v08}mCxS|)plq$61pYuO*WQQ zIp*$;dZdV8;Ql(Lk5Ao<`<2*6<*Hh6!bn##J-c2%bCo0XJo83(|ChUa+6Uy)u(V8@Zpj|k9n(XvVKc(1 zI)jvtvRsB~Im$Yq*7xl}w^iZZKd_>MTOj7??3Si+;o3g3h@*@^&2~kN7VN7+;?EKF z3wLNRF4H`7Y+G=Jy12L)C?#T=KNgz2!loVl7yrCBM?3AnHx~hcM`?n*4Y%v+0trqS z^!?I^i3w-h&qv9E;yZJCt~>viZ3t8XTqdS8V*Fxy9W3U5_Wr|M)?f=E*6f5q#0%I! zL5A_7n3U{mm|+<41vZWNFDw2~Sgsy*Au5^QKAwwodH1dVt9=m(gYZ#DP+SV^%+ry> tl(qgtf*Hl53pf%N4aZQ%=`AfgJlUDIt`j_UlDH@fFw`^FE!TD+{Rg@wOZ)%; literal 4429 zcmZ{o2T&Bvw#OHixRQe+L6M+1t5JSYZ$dgj!2e)c^v4 z#-G)%QV^e=Z)lJ-oLz`K3^bG>mHq5XXAKg2B^@OQ^9eGdqPrv3aN z>T)fyg+S*G2oV5f(I8_ZrLa_1e5d#N77M(E&Miw(o89PfxWTP#-#f0}F0N~bIlHei6Ht52 zzJGoYzW)}={aw++DF4ig<-E|dC`ju8t&&vjx6jH%LSv(}OGIQT`1h{5sSW7#x0_XX z_tDXjO+I*M_o0SD%Xri7r;OF&7cQ4AcMhVdW&3Ao5n0EF3%mBMzjzAz8eGCd(zwOS zxs43 z&@^s3Pc;{o`!-h-^WLJv$(WSO1T-=g;aL}JoOyxcc|5u4>5kS{9me{jX-ds`M|J-P z-!kYD|9Q~(<@4WfX*KnXrIn$ucMSmZh{yQK4QsfGl_|#V=+BbB+_(euw+SOL+Wak= zB(#!ZB{_*>hluigl#16b)`Ro3hz{GD<+_K5{QjP`fo~t_P;`5>_0m&dxXSOTdykRx z@RhT_CWqRaCo`+a@nc7yYtVl0yR`k3sndnmvx4Jd zG9IokE(x?xY7Pvf=g{wxiGS`GL>mXo=5%o0mek;mThk4O%WWLOO&v?;=UdpPj&25F zKMp^Y^5l--E)AZtaXIW%_x4;Ftw_6Rbj!4^Jhb9^&S_G%R(&D=} zx=8P5&~bp5^~$nY{9W_rb{}bzIAx**Tu$qHch4vWE!Ok3=kaELmH*0-^DC~4oKvTMu9Pwvi)ZY<3#4Yvor*(7D1_R1Kn^isaq= zgh>@QG+d*u?A|6cv3gmK`{0nZq*6L+N^^v*jj&(X<7|)#Hk)sU*z*H$RYr4+HBW$A zQR*^q7|Dbr^gri7`d7s${HR{DZ`Qq^M~Q=tzyQ+zwCTvJK|iS?QX8}|7)*)Mm+K|V zA46hI7UEBO>GB2P4{yCzP;_Bu+KOY7REA<6eXG<7 zZ~)+wR6k2eY8=nxVE+C%6@?f(@!S)&d#Q3m;f~w$OK|J{z++nLo$wagn=*LR+~+*eyehgNFP6gSfmeun=3Dp-nI@OExVE<7aJe^ov`+=} zL(lKL&cUrix#7U~VWPbVG)*r3M~de=o&<%!5)E=2RZynU75W1iXL1|Ne=>|~Cfdsi zej;=u>qmXtD(f?c`&7ei<*|fu%y<^`*GQpzMj98oy0(&CCpiy^F9gz^Hsz5l9>q5l7!;EmPgg4!JRqO>sB^F6?Xnxq z)YMBoa0R@PnsKC^>_E-+Ny<5@QY#dh# z8V*OS3BWw9@G^l)Qg z;PIjG@tVGJpP0;535yact|I3`3odg!zrcsb{e1jw(zb7k8p6X42G_ZzW-~v;$EXfF z3Q8n}PGxP$5YA*;P)3{?7qQGezFu5URXUp%I zvnV%2$;}UTz-BXVrI-d)=iX!Jb%|C|i0DWaeXVu#3nz(hJVpZk#=RqXn2_(Aa_x6RopTWPTeo<~ zqkLI9NS-&g?TH+=g%^+>{g8?+xDwPV$G)w2?GqBnivdp#YDHGFbNi9|;8ylKt!!F0 zVI+MuR`VV=7j9O2%G*~k58``W3=S}}x-baR5bfU42keRr@Sq~EwF@iWvouv?b4Fww zsp!VlJ1<)~Q^iW5t_%ON8BbxxIU&M}EV4k5{^AiK7COiOmr7JDdMFN2QRu?ImM+!pqiJq7&&$(fb`+bdm=uSI)V^r8SVt^9 zZekRF-5u7uX7Jmh)MbSeq8?LeA_{l!rDQzcnY8(v%VMsN5431`T^m!X{f4QV6yw#i z1z7E6p!50)DeCXf?ZB16O4oMRK9K}p@J%I36*LAxv2jbq55AueUUS!eZQCSXUsVNg z!?9l_3%@W`P`O!Rjiqab=m&*c%1lx@t#8m2i{2xbR`duNq7d=$ygd=2z5B&#u-=X? zls$}s{oT{ZK&~S}ko#*=d#IS>O0ym#tDnrPDyq&r_TWPpAISmM8i@m3vqpaSPP1kz zadBT#818v1G%nVA0cbz83cY?E6sUV=xCMcbHM=Rx!iK;gmweDV;0<{J0TF{F6`=PR z9xJ+6_&jCTxEvhIlgewY71qabEg|cTL^MmsV$mylI5Iir;Fmo&lqMViuU-8O{4oZZ zHo>Z|i_?9Jc=@INLAF)z2U{RbTwF98Gh4O;f$UCG>!VDH!A;u#OlA_kU{crs*PwS` zYzEj!>iu#g5N_54ra#3@KEMBymg4)Bx%f!u6xnSMMECKP43T8>Kjzqy4WR=obnh7f zM0;i7rk!G_cvfT@5U;NGo1s?NKpu@aFl_dgOmMY#$}j-ZE|LbOhN{kptSmX*0)JY%fb1Jyc7{=j2eA-XVOyV1GrwshD_ObYD)BtpbGXK#D=W z%4k~1NIAG%DIob^WSl3HPd~qa5;T#ym&imouq(;@$Mtj7^#le$_e}#F+83P;MyKj; z6XAPkA(}0w{HmU6#xJWskK1njkQk^t`S#4x!0Sy~+8T(0z(P#u)4}RO)JZLvlu%^7vmbkcEz9jpa6F5Tqq;<` zWZj&SFTq1QQa6HncHxwl1OY&v-hk7>xsWANkkTM@f;6r{VzrOfYGAF58HBx+gq^rJ z=r@cB*Lo>m_o9%LH2};kpDkUga6;i^eF%dJaG>h%lp{4W)4`$lC7UDyo_b{)D-50n z+9f)`+@rg+65S~|J$=Z`&@5lWxaE6byFw=DF5y0Xl+a}dN zSL&iPRU|f1`kO>q%sucf!cmmO!xU~aSE2@F7jMX#9X$fvSBLN3NY*f?rsQqbw@yh! zB#l)8SlG}Dj$x*WY*|IH;G|aI`DTWTWOSFd<5qaEAO&^CSkl07kX?y)9$h~Y%h=1z zTh;`QMIz2<-Xz60&DCT2a{JzbkT-F@GgP&2fHTsy39#SB~!V(1QUG=%C!r)Pey ztAW=-sHmt06<%ZPzP!Nvbq)4mNgU|v`_jZpM&VvP-86^6B%Pm9Rqz&etZq$RRD7!G zpuo8RVOe{#sIN*^P*eH!>A2IoM;iw(X;JgBIreF*ebZk)ba1tOPwe!so2()#Q3a&L zpUB9_NH~wV{h8Mxe1m?_{>z6ceg6x^F6OZlesDd-SzPv+Vp>y2w+e+QBLN)qP1K-5 zF~)n0J>WoKyi9=3-@5k2<1-orPb`73Px2HW5u_~JLzqW#`m+Cr24hCkptZw+ z%`_wE0;Yf$Er^AnCgO+^5DW}F>WCuCsx3UN7YKPFR0jIAp44rL1jF#jIt3~9MZVQo zvNu5$BCLv)7f|tv=j%eWy8SNaIS5mqM>Z7~{$hn4z`Pf5U~v{v+rTp#nrjZ_c>ahL z$p2T`G~NQ?>{88S7dxpVRR Date: Wed, 12 Sep 2018 12:54:36 -0700 Subject: [PATCH 07/32] edits --- .../how-wip-works-with-mip-labels.md | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md index 2a448df493..1f3876c3af 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md @@ -27,10 +27,11 @@ This topic explains how Windows Information Protection works with the other Micr - [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use. -- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. - - [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps. +- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. + + ![Sensitivity labels](images/sensitivity-labels.png) ## Default behaviors for a label @@ -43,25 +44,32 @@ Enterprises can create and manage labels on the **Labels** page in the Office 36 For more information about labels, see [Overview of labels](https://docs.microsoft.com/office365/securitycompliance/labels). +The foll + ## User downloads or creates a document from a work site +If WIP policy is deployed, any document that is created or downloaded from a work site will have WIP protection, regradless of whether the document has a label. + If a lable is configured so that endpoint protection will apply to content with that label, then when a user downloads or creates a new document with that label, that document will be protected by WIP. -![Sensitivity labels](images/sensitivity-labels.png) -Windows Defender ATP scans for any file that gets modified or created. If the file has a label, then the corresponding WIP protection gets applied. That can happen when you download a file or create a new file. For example: - -1. A user can create a file on a Mac device and label it as Condidential. -2. Send it via Gmail to another user on a Windows 10 device. -3. When the user opens the file on the Windows 10 device, WIP policy gets applied and the file is protected. - -The file does not need to have any other work context beyond the label. ## User downloads a confidential Office or PDF document from a personal site +Windows Defender ATP scans for any file that gets modified or created. +If the file has a label, then the corresponding WIP protection gets applied. +That can happen when you download a file or create a new file. +For example: + +1. A user creates a file on a Mac device and labels it as Condidential. +2. The user sends it via Gmail to another user on a Windows 10 device. +3. When the other user opens the file on the Windows 10 device, WIP policy gets applied and the file is protected. + +The file does not need to have any other work context beyond the label. + From 2466fb2f7b872f14f0eab8f5961a09ad050a7ad6 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Sep 2018 13:04:28 -0700 Subject: [PATCH 08/32] edits --- .../how-wip-works-with-mip-labels.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md index 1f3876c3af..3b0883631b 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md @@ -33,9 +33,13 @@ This topic explains how Windows Information Protection works with the other Micr ![Sensitivity labels](images/sensitivity-labels.png) + + ## Default behaviors for a label Enterprises can create and manage labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a label, you can specify that endpoint protection should apply to content with that label. + - When the label is configured for content that includes business data, the device enforces work protection for documents with the label - When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): @@ -44,18 +48,11 @@ Enterprises can create and manage labels on the **Labels** page in the Office 36 For more information about labels, see [Overview of labels](https://docs.microsoft.com/office365/securitycompliance/labels). -The foll ## User downloads or creates a document from a work site If WIP policy is deployed, any document that is created or downloaded from a work site will have WIP protection, regradless of whether the document has a label. - -If a lable is configured so that endpoint protection will apply to content with that label, then when a user downloads or creates a new document with that label, that document will be protected by WIP. - - - - +If the document is an Office or PDF file with a label, then WIP protection is applied. ## User downloads a confidential Office or PDF document from a personal site @@ -64,7 +61,7 @@ If the file has a label, then the corresponding WIP protection gets applied. That can happen when you download a file or create a new file. For example: -1. A user creates a file on a Mac device and labels it as Condidential. +1. A user creates a file on a Mac device and labels it as Confidential. 2. The user sends it via Gmail to another user on a Windows 10 device. 3. When the other user opens the file on the Windows 10 device, WIP policy gets applied and the file is protected. From ff94599a2a7a63b6ba32ba18eedc748b93f1510b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Sep 2018 14:03:11 -0700 Subject: [PATCH 09/32] edits --- .../how-wip-works-with-mip-labels.md | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md index 3b0883631b..62fba65ae5 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md @@ -52,30 +52,31 @@ For more information about labels, see [Overview of labels](https://docs.microso ## User downloads or creates a document from a work site If WIP policy is deployed, any document that is created or downloaded from a work site will have WIP protection, regradless of whether the document has a label. -If the document is an Office or PDF file with a label, then WIP protection is applied. +If the document has a label, which includes Office and PDF files, then WIP protection is applied. ## User downloads a confidential Office or PDF document from a personal site -Windows Defender ATP scans for any file that gets modified or created. -If the file has a label, then the corresponding WIP protection gets applied. -That can happen when you download a file or create a new file. +Windows Defender ATP scans for any file that gets modified or created, including files that were downloaded from or created on a personal site. +If the file has a label, then the corresponding WIP protection gets applied, even though the file was created or downloaded from a personal site. + For example: -1. A user creates a file on a Mac device and labels it as Confidential. -2. The user sends it via Gmail to another user on a Windows 10 device. -3. When the other user opens the file on the Windows 10 device, WIP policy gets applied and the file is protected. +1. Sara creates a PDF file on a Mac device and labels it as Confidential. +2. She emails the PDF from her Gmail account to Laura, who is using a Windows 10 device. +3. When Laura opens the PDF file, WIP policy gets applied and the file is protected. -The file does not need to have any other work context beyond the label. +The PDF file doesn't need any other work context beyond the label. ## Prerequisites -- Windows Defender Advanced Threat Protection (WDATP) scans content for a label and applies corresponding WIP protection +WIP +- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - Windows 10 version 1809 -- Labels need to be configured in the Office 365 Security & Compliance Center -- Windows Information Protection policy need to be applied to endpoint devices +- [Labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center +- [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) policy need to be applied to endpoint devices From b3f5f2ab4e62f329aa0f96949d6c7f7b16940c5b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Sep 2018 14:15:25 -0700 Subject: [PATCH 10/32] renamed file --- .../security/information-protection/TOC.md | 45 ++++++++++--------- ...labels.md => how-wip-works-with-labels.md} | 0 2 files changed, 23 insertions(+), 22 deletions(-) rename windows/security/information-protection/windows-information-protection/{how-wip-works-with-mip-labels.md => how-wip-works-with-labels.md} (100%) diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md index b9c98da745..af50d568ee 100644 --- a/windows/security/information-protection/TOC.md +++ b/windows/security/information-protection/TOC.md @@ -31,28 +31,29 @@ ## [Encrypted Hard Drive](encrypted-hard-drive.md) ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md) -### [Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md) -#### [Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) -##### [Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md) -##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md) -#### [Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md) -##### [Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md) -##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md) -#### [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-mam-intune-azure.md) -### [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](windows-information-protection\overview-create-wip-policy-sccm.md) -#### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md) -### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md) -### [Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](windows-information-protection\wip-app-enterprise-context.md) -### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) -### [Testing scenarios for Windows Information Protection (WIP)](windows-information-protection\testing-scenarios-for-wip.md) -### [Limitations while using Windows Information Protection (WIP)](windows-information-protection\limitations-with-wip.md) -### [How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) -### [General guidance and best practices for Windows Information Protection (WIP)](windows-information-protection\guidance-and-best-practices-wip.md) -#### [Enlightened apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md) -#### [Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](windows-information-protection\app-behavior-with-wip.md) -#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](windows-information-protection\recommended-network-definitions-for-wip.md) -#### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md) -### [Fine-tune Windows Information Protection (WIP) with WIP Learning](windows-information-protection\wip-learning.md) +### [Create a WIP policy using Microsoft Intune](windows-information-protection\overview-create-wip-policy.md) +#### [Create a WIP policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) +##### [Deploy your WIP policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md) +##### [Associate and deploy a VPN policy for WIP using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md) +#### [Create a WIP policy with MDM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md) +##### [Deploy your WIP policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md) +##### [Associate and deploy a VPN policy for WIP using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md) +#### [Create a WIP policy with MAM using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-mam-intune-azure.md) +### [Create a WIP policy using System Center Configuration Manager](windows-information-protection\overview-create-wip-policy-sccm.md) +#### [Create and deploy a WIP policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md) +### [Create and verify an EFS Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md) +### [Determine the Enterprise Context of an app running in WIP](windows-information-protection\wip-app-enterprise-context.md) +### [Mandatory tasks and settings required to turn on WIP](windows-information-protection\mandatory-settings-for-wip.md) +### [Testing scenarios for WIP](windows-information-protection\testing-scenarios-for-wip.md) +### [Limitations while using WIP](windows-information-protection\limitations-with-wip.md) +### [How to collect WIP audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) +### [General guidance and best practices for WIP](windows-information-protection\guidance-and-best-practices-wip.md) +#### [Enlightened apps for use with WIP](windows-information-protection\enlightened-microsoft-apps-and-wip.md) +#### [Unenlightened and enlightened app behavior while using WI)](windows-information-protection\app-behavior-with-wip.md) +#### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md) +#### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md) +### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md) +### [How WIP works with labels](windows-information-protection\how-wip-works-with-labels.md) ## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md similarity index 100% rename from windows/security/information-protection/windows-information-protection/how-wip-works-with-mip-labels.md rename to windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md From c9c5520d9492a1eb140b948c3b7400ff4165565b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Sep 2018 14:46:11 -0700 Subject: [PATCH 11/32] edits --- .../how-wip-works-with-labels.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 62fba65ae5..930c86389d 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.localizationpriority: medium -ms.date: 08/27/2018 +ms.date: 09/12/2018 --- # How Windows Information Protection works with other Microsoft Information Protection technologies @@ -21,7 +21,7 @@ Microsoft Information Protection technologies work together as an integrated sol - Protect corporate data from unintentionally leaving to non-business environments - Enable audit reports of user interactions with corporate data on endpoint devices -This topic explains how Windows Information Protection works with the other Microsoft Information Protection technologies. +This topic explains how Windows Information Protection works with lables. ## What is Microsoft Information Protection? From 85ec0ce34f1fbc3d2a6729c63014b19db2470dfb Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Sep 2018 15:11:13 -0700 Subject: [PATCH 12/32] edits --- .../how-wip-works-with-labels.md | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 930c86389d..d7192df162 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -21,7 +21,7 @@ Microsoft Information Protection technologies work together as an integrated sol - Protect corporate data from unintentionally leaving to non-business environments - Enable audit reports of user interactions with corporate data on endpoint devices -This topic explains how Windows Information Protection works with lables. +This topic explains how Windows Information Protection with other Microsoft Information Protection technologies to protect files that have a label. ## What is Microsoft Information Protection? @@ -29,16 +29,14 @@ This topic explains how Windows Information Protection works with lables. - [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps. -- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. +- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. End users can choose and apply labels from a bar that appears below the ribbon in Office apps: ![Sensitivity labels](images/sensitivity-labels.png) - - ## Default behaviors for a label Enterprises can create and manage labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a label, you can specify that endpoint protection should apply to content with that label. - - When the label is configured for content that includes business data, the device enforces work protection for documents with the label @@ -48,13 +46,17 @@ Enterprises can create and manage labels on the **Labels** page in the Office 36 For more information about labels, see [Overview of labels](https://docs.microsoft.com/office365/securitycompliance/labels). +## Use cases -## User downloads or creates a document from a work site + + +### User downloads or creates a document from a work site If WIP policy is deployed, any document that is created or downloaded from a work site will have WIP protection, regradless of whether the document has a label. -If the document has a label, which includes Office and PDF files, then WIP protection is applied. -## User downloads a confidential Office or PDF document from a personal site +If the document has a label, which includes Office and PDF files, then WIP protection is applied according to the label. + +### User downloads a confidential Office or PDF document from a personal site Windows Defender ATP scans for any file that gets modified or created, including files that were downloaded from or created on a personal site. If the file has a label, then the corresponding WIP protection gets applied, even though the file was created or downloaded from a personal site. @@ -62,8 +64,8 @@ If the file has a label, then the corresponding WIP protection gets applied, eve For example: 1. Sara creates a PDF file on a Mac device and labels it as Confidential. -2. She emails the PDF from her Gmail account to Laura, who is using a Windows 10 device. -3. When Laura opens the PDF file, WIP policy gets applied and the file is protected. +2. She emails the PDF from her Gmail account to Laura. +3. Laura opens the PDF file on her Windows 10 device; WIP policy gets applied and the file is protected. The PDF file doesn't need any other work context beyond the label. From 7b72d8d55fc927b26099dc170c87323b6d4c3efb Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 12 Sep 2018 15:12:38 -0700 Subject: [PATCH 13/32] edits --- .../windows-information-protection/how-wip-works-with-labels.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index d7192df162..5b6a2a0620 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -48,7 +48,7 @@ For more information about labels, see [Overview of labels](https://docs.microso ## Use cases - +This sections covers how WIP works with labels in specific use cases. ### User downloads or creates a document from a work site From ca190e5d8678780a12e9ff563986f986a88f5858 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 17 Sep 2018 15:41:37 -0700 Subject: [PATCH 14/32] edit --- .../windows-information-protection/how-wip-works-with-labels.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 5b6a2a0620..b5f57abd28 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -74,7 +74,6 @@ The PDF file doesn't need any other work context beyond the label. ## Prerequisites -WIP - [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - Windows 10 version 1809 - [Labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center From f467602a672626a081b5495b9ea5e525a3843d84 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 19 Sep 2018 14:04:13 -0700 Subject: [PATCH 15/32] edits --- .../how-wip-works-with-labels.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index b5f57abd28..97d367cba3 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -12,7 +12,11 @@ ms.localizationpriority: medium ms.date: 09/12/2018 --- -# How Windows Information Protection works with other Microsoft Information Protection technologies +# How Windows Information Protection protects files that have a label + +**Applies to:** + +- Windows 10, version 1809 Microsoft Information Protection technologies work together as an integrated solution to help enterprises: @@ -21,7 +25,7 @@ Microsoft Information Protection technologies work together as an integrated sol - Protect corporate data from unintentionally leaving to non-business environments - Enable audit reports of user interactions with corporate data on endpoint devices -This topic explains how Windows Information Protection with other Microsoft Information Protection technologies to protect files that have a label. +This topic explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a label. ## What is Microsoft Information Protection? @@ -36,8 +40,7 @@ This topic explains how Windows Information Protection with other Microsoft Info ## Default behaviors for a label Enterprises can create and manage labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a label, you can specify that endpoint protection should apply to content with that label. - + - When the label is configured for content that includes business data, the device enforces work protection for documents with the label - When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): @@ -50,32 +53,29 @@ For more information about labels, see [Overview of labels](https://docs.microso This sections covers how WIP works with labels in specific use cases. -### User downloads or creates a document from a work site +### User downloads from or creates a document on a work site -If WIP policy is deployed, any document that is created or downloaded from a work site will have WIP protection, regradless of whether the document has a label. +If WIP policy is deployed, any document that is downloaded from or created on a work site will have WIP protection, regradless of whether the document has a label. -If the document has a label, which includes Office and PDF files, then WIP protection is applied according to the label. +If the document also has a label, which can be Office or PDF files, then WIP protection is applied according to the label. ### User downloads a confidential Office or PDF document from a personal site Windows Defender ATP scans for any file that gets modified or created, including files that were downloaded from or created on a personal site. -If the file has a label, then the corresponding WIP protection gets applied, even though the file was created or downloaded from a personal site. - +If the file has a label, then the corresponding WIP protection gets applied, even though it came from a personal site. For example: -1. Sara creates a PDF file on a Mac device and labels it as Confidential. +1. Sara creates a PDF file on a Mac device and labels it as **Confidential**. 2. She emails the PDF from her Gmail account to Laura. -3. Laura opens the PDF file on her Windows 10 device; WIP policy gets applied and the file is protected. +3. Laura opens the PDF file on her managed Windows 10 device. +4. WIP policy gets applied and the file is protected. The PDF file doesn't need any other work context beyond the label. - - ## Prerequisites - [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection -- Windows 10 version 1809 +- Windows 10, version 1809 - [Labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center - [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) policy need to be applied to endpoint devices From 6abbf31cc02b1b177e6731a6047629e705aa5eb9 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 19 Sep 2018 14:11:58 -0700 Subject: [PATCH 16/32] edits --- .../how-wip-works-with-labels.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 97d367cba3..0a08cadac8 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -12,7 +12,7 @@ ms.localizationpriority: medium ms.date: 09/12/2018 --- -# How Windows Information Protection protects files that have a label +# How Windows Information Protection protects files with a sensitivity label **Applies to:** @@ -25,7 +25,7 @@ Microsoft Information Protection technologies work together as an integrated sol - Protect corporate data from unintentionally leaving to non-business environments - Enable audit reports of user interactions with corporate data on endpoint devices -This topic explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a label. +This topic explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a sensitivity label. ## What is Microsoft Information Protection? @@ -33,17 +33,17 @@ This topic explains how Windows Information Protection works with other Microsof - [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps. -- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. End users can choose and apply labels from a bar that appears below the ribbon in Office apps: +- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps: ![Sensitivity labels](images/sensitivity-labels.png) -## Default behaviors for a label +## Default behaviors for a sensitivity label -Enterprises can create and manage labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a label, you can specify that endpoint protection should apply to content with that label. +Enterprises can create and manage sensitivity labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a sensitivity label, you can specify that endpoint protection should apply to content with that label. -- When the label is configured for content that includes business data, the device enforces work protection for documents with the label -- When the label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): +- When the sensitivity label is configured for content that includes business data, the device enforces work protection for documents with the label +- When the sensitivity label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): - If the document is downloaded from a work site, the device enforces work protection - If the document is downloaded from a personal site, no work protection is applied @@ -51,26 +51,26 @@ For more information about labels, see [Overview of labels](https://docs.microso ## Use cases -This sections covers how WIP works with labels in specific use cases. +This sections covers how WIP works with sensitivity labels in specific use cases. ### User downloads from or creates a document on a work site -If WIP policy is deployed, any document that is downloaded from or created on a work site will have WIP protection, regradless of whether the document has a label. +If WIP policy is deployed, any document that is downloaded from or created on a work site will have WIP protection, regradless of whether the document has a sensitivity label. -If the document also has a label, which can be Office or PDF files, then WIP protection is applied according to the label. +If the document also has a sensitivity label, which can be Office or PDF files, then WIP protection is applied according to the label. ### User downloads a confidential Office or PDF document from a personal site Windows Defender ATP scans for any file that gets modified or created, including files that were downloaded from or created on a personal site. -If the file has a label, then the corresponding WIP protection gets applied, even though it came from a personal site. +If the file has a sensitivity label, then the corresponding WIP protection gets applied, even though the file came from a personal site. For example: 1. Sara creates a PDF file on a Mac device and labels it as **Confidential**. 2. She emails the PDF from her Gmail account to Laura. -3. Laura opens the PDF file on her managed Windows 10 device. +3. Laura opens the PDF file on her Windows 10 device. 4. WIP policy gets applied and the file is protected. -The PDF file doesn't need any other work context beyond the label. +The PDF file doesn't need any other work context beyond the sensitivity label. ## Prerequisites From 191af3c878d2cebb493016395db5a471bfc6f9f1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 19 Sep 2018 14:21:42 -0700 Subject: [PATCH 17/32] edits --- .../how-wip-works-with-labels.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 0a08cadac8..8264c67538 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.localizationpriority: medium -ms.date: 09/12/2018 +ms.date: 09/19/2018 --- # How Windows Information Protection protects files with a sensitivity label @@ -77,8 +77,9 @@ The PDF file doesn't need any other work context beyond the sensitivity label. - [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - Windows 10, version 1809 - [Labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center -- [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) policy need to be applied to endpoint devices - +- WIP policy needs to be applied to endpoint devices. For more information, see: + - [Create a WIP policy using Intune for Mobile Device Management (MDM)](windows-information-protection/create-wip-policy-using-intune-azure.md) + - [Create a WIP policy using Intune for Mobile Application Management (MAM)](windows-information-protection/create-wip-policy-using-mam-intune-azure.md) From 268546bee3ec93d0d6e92e851edd85a42bc36002 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 19 Sep 2018 14:32:25 -0700 Subject: [PATCH 18/32] edit --- .../windows-information-protection/how-wip-works-with-labels.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 8264c67538..0cbaf70dde 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -76,7 +76,7 @@ The PDF file doesn't need any other work context beyond the sensitivity label. - [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - Windows 10, version 1809 -- [Labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center +- [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center - WIP policy needs to be applied to endpoint devices. For more information, see: - [Create a WIP policy using Intune for Mobile Device Management (MDM)](windows-information-protection/create-wip-policy-using-intune-azure.md) - [Create a WIP policy using Intune for Mobile Application Management (MAM)](windows-information-protection/create-wip-policy-using-mam-intune-azure.md) From da9cb6e103f058585c8a5bf17c63cbcd639fbfbc Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 19 Sep 2018 14:34:35 -0700 Subject: [PATCH 19/32] edits --- .../how-wip-works-with-labels.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 0cbaf70dde..8629abc64a 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -1,8 +1,7 @@ --- -title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) (Windows 10) -description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. -ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f -keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection +title: How Windows Information Protection (WIP) protects files with a sensitivity label (Windows 10) +description: Explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a sensitivity label. +keywords: sensitivity, labels, WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library From 59d1a802c87a4d2122aeffb6b1d452530ebb0105 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 20 Sep 2018 13:06:43 -0700 Subject: [PATCH 20/32] edits to WIP links --- .../how-wip-works-with-labels.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 8629abc64a..f1232c7624 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -76,9 +76,8 @@ The PDF file doesn't need any other work context beyond the sensitivity label. - [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - Windows 10, version 1809 - [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center -- WIP policy needs to be applied to endpoint devices. For more information, see: - - [Create a WIP policy using Intune for Mobile Device Management (MDM)](windows-information-protection/create-wip-policy-using-intune-azure.md) - - [Create a WIP policy using Intune for Mobile Application Management (MAM)](windows-information-protection/create-wip-policy-using-mam-intune-azure.md) +- [WIP policy](windows-information-protection/create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices. + From c8ab78f119108d941e58675bba53f0344822be56 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 20 Sep 2018 13:07:47 -0700 Subject: [PATCH 21/32] edit toc title --- windows/security/information-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/TOC.md b/windows/security/information-protection/TOC.md index d3349eece9..2853e95b50 100644 --- a/windows/security/information-protection/TOC.md +++ b/windows/security/information-protection/TOC.md @@ -52,7 +52,7 @@ #### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP](windows-information-protection\recommended-network-definitions-for-wip.md) #### [Using Outlook Web Access with WIP](windows-information-protection\using-owa-with-wip.md) ### [Fine-tune WIP Learning](windows-information-protection\wip-learning.md) -### [How WIP works with labels](windows-information-protection\how-wip-works-with-labels.md) +### [How WIP works with sensitivity labels](windows-information-protection\how-wip-works-with-labels.md) ## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) From 8b461a9d94286a93bdb1f6d06aa2299a6ed78560 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 20 Sep 2018 14:28:24 -0700 Subject: [PATCH 22/32] edits --- .../how-wip-works-with-labels.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index f1232c7624..1856082660 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -17,6 +17,7 @@ ms.date: 09/19/2018 - Windows 10, version 1809 +This topic explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a sensitivity label. Microsoft Information Protection technologies work together as an integrated solution to help enterprises: - Discover corporate data on endpoint devices @@ -24,19 +25,17 @@ Microsoft Information Protection technologies work together as an integrated sol - Protect corporate data from unintentionally leaving to non-business environments - Enable audit reports of user interactions with corporate data on endpoint devices -This topic explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a sensitivity label. - -## What is Microsoft Information Protection? +Microsoft Information Protection technologies include: - [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use. - [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other Software-as-a-Service (SaaS) apps. -- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise helps an organization to classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps: +- [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps: ![Sensitivity labels](images/sensitivity-labels.png) -## Default behaviors for a sensitivity label +## Default WIP behaviors for a sensitivity label Enterprises can create and manage sensitivity labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a sensitivity label, you can specify that endpoint protection should apply to content with that label. From b39cca7e595ad76c8e6cbb99213e26feb8aac8a0 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 20 Sep 2018 15:33:31 -0700 Subject: [PATCH 23/32] edits --- .../how-wip-works-with-labels.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 1856082660..89d1978dbb 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -37,11 +37,12 @@ Microsoft Information Protection technologies include: ## Default WIP behaviors for a sensitivity label -Enterprises can create and manage sensitivity labels on the **Labels** page in the Office 365 Security & Compliance Center. When you create a sensitivity label, you can specify that endpoint protection should apply to content with that label. +Enterprises can create and manage sensitivity labels on the **Labels** page in the Office 365 Security & Compliance Center. +When you create a sensitivity label, you can specify that endpoint protection should apply to content with that label. +WIP enforces default endpoint protection depending on how the sensitivity label is configured: - -- When the sensitivity label is configured for content that includes business data, the device enforces work protection for documents with the label -- When the sensitivity label is *not configured* with any WIP policy, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): +- When the sensitivity label is configured for endpoint protection of content that includes business data, the device enforces work protection for documents with the label +- When the sensitivity label is *not configured* for endpoint protection, the device reverts to whatever WIP policy has been defined in Intune or System Center Configuration Manager (SCCM): - If the document is downloaded from a work site, the device enforces work protection - If the document is downloaded from a personal site, no work protection is applied From a15dbc6d1d9d820510b22d3f692b92a5aa89d8c4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 20 Sep 2018 15:38:56 -0700 Subject: [PATCH 24/32] edits --- .../how-wip-works-with-labels.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 89d1978dbb..1cc3e7db09 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.localizationpriority: medium -ms.date: 09/19/2018 +ms.date: 09/20/2018 --- # How Windows Information Protection protects files with a sensitivity label @@ -73,8 +73,8 @@ The PDF file doesn't need any other work context beyond the sensitivity label. ## Prerequisites -- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - Windows 10, version 1809 +- [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center - [WIP policy](windows-information-protection/create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices. From 527a6ab58ed06b4e1ce211e9dfd96276ee70d9ab Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 4 Oct 2018 11:38:38 -0700 Subject: [PATCH 25/32] edits from Derek --- .../how-wip-works-with-labels.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 1cc3e7db09..51548b6620 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -1,6 +1,6 @@ --- title: How Windows Information Protection (WIP) protects files with a sensitivity label (Windows 10) -description: Explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a sensitivity label. +description: Explains how Windows Information Protection works with other Microsoft information protection technologies to protect files that have a sensitivity label. keywords: sensitivity, labels, WIP, Windows Information Protection, EDP, Enterprise Data Protection ms.prod: w10 ms.mktglfcycl: explore @@ -17,15 +17,15 @@ ms.date: 09/20/2018 - Windows 10, version 1809 -This topic explains how Windows Information Protection works with other Microsoft Information Protection technologies to protect files that have a sensitivity label. -Microsoft Information Protection technologies work together as an integrated solution to help enterprises: +This topic explains how Windows Information Protection works with other Microsoft information protection technologies to protect files that have a sensitivity label. +Microsoft information protection technologies work together as an integrated solution to help enterprises: - Discover corporate data on endpoint devices - Classify and label information based on its content and context - Protect corporate data from unintentionally leaving to non-business environments - Enable audit reports of user interactions with corporate data on endpoint devices -Microsoft Information Protection technologies include: +Microsoft information protection technologies include: - [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects data at rest on endpoint devices, and manages apps to protect data in use. @@ -54,22 +54,22 @@ This sections covers how WIP works with sensitivity labels in specific use cases ### User downloads from or creates a document on a work site -If WIP policy is deployed, any document that is downloaded from or created on a work site will have WIP protection, regradless of whether the document has a sensitivity label. +If WIP policy is deployed, any document that is downloaded from a work site, or created on a work site, will have WIP protection regradless of whether the document has a sensitivity label. -If the document also has a sensitivity label, which can be Office or PDF files, then WIP protection is applied according to the label. +If the document also has a sensitivity label, which can be Office or PDF files, WIP protection is applied according to the label. ### User downloads a confidential Office or PDF document from a personal site -Windows Defender ATP scans for any file that gets modified or created, including files that were downloaded from or created on a personal site. -If the file has a sensitivity label, then the corresponding WIP protection gets applied, even though the file came from a personal site. +Windows Defender ATP scans for any file that gets modified or created, including files that were created on a personal site. +If the file has a sensitivity label, the corresponding WIP protection gets applied even though the file came from a personal site. For example: -1. Sara creates a PDF file on a Mac device and labels it as **Confidential**. +1. Sara creates a PDF file on a Mac and labels it as **Confidential**. 2. She emails the PDF from her Gmail account to Laura. 3. Laura opens the PDF file on her Windows 10 device. 4. WIP policy gets applied and the file is protected. -The PDF file doesn't need any other work context beyond the sensitivity label. +The PDF file doesn't need any work context beyond the sensitivity label. ## Prerequisites From 23bab2938f7fcbbc868c6e013bb18f9fcef8ee73 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 4 Oct 2018 11:38:59 -0700 Subject: [PATCH 26/32] date --- .../windows-information-protection/how-wip-works-with-labels.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index 51548b6620..a618284d11 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.localizationpriority: medium -ms.date: 09/20/2018 +ms.date: 10/04/2018 --- # How Windows Information Protection protects files with a sensitivity label From 1dc34f6146d3805f438b4d520364b7def7cc4796 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 4 Oct 2018 12:19:57 -0700 Subject: [PATCH 27/32] fix threat analytics link --- ...ics-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md index affe0ea030..ec775da413 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -45,7 +45,7 @@ To access Threat analytics, from the navigation pane select **Dashboards** > **T Click a section of each chart to get a list of the machines in the corresponding mitigation status. ## Related topics -- [Threat analtyics](threat-analytics-windows-defender-advanced-threat-protection.md) +- [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) - [Overview of Secure Score in Windows Defender Security Center](overview-secure-score-windows-defender-advanced-threat-protection.md) - [Configure the security controls in Secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) From 7bd59b6c59c4312355e1d03ef6bea6c3ea31c46e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 4 Oct 2018 12:20:49 -0700 Subject: [PATCH 28/32] update ta link --- ...ics-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md index ec775da413..4320d8ddca 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -45,7 +45,7 @@ To access Threat analytics, from the navigation pane select **Dashboards** > **T Click a section of each chart to get a list of the machines in the corresponding mitigation status. ## Related topics -- [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) +- [Threat analytics](threat-analytics.md) - [Overview of Secure Score in Windows Defender Security Center](overview-secure-score-windows-defender-advanced-threat-protection.md) - [Configure the security controls in Secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) From 24399101e7779c3cdc11c1e235a2e7503f544194 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 4 Oct 2018 19:56:59 +0000 Subject: [PATCH 29/32] Merged PR 11880: update link --- ...ics-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md index affe0ea030..4320d8ddca 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -45,7 +45,7 @@ To access Threat analytics, from the navigation pane select **Dashboards** > **T Click a section of each chart to get a list of the machines in the corresponding mitigation status. ## Related topics -- [Threat analtyics](threat-analytics-windows-defender-advanced-threat-protection.md) +- [Threat analytics](threat-analytics.md) - [Overview of Secure Score in Windows Defender Security Center](overview-secure-score-windows-defender-advanced-threat-protection.md) - [Configure the security controls in Secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) From e5aae2497316c9c499d65c0361e1e86b447821ea Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 4 Oct 2018 14:13:35 -0700 Subject: [PATCH 30/32] add link to blog post --- ...er-endpoints-windows-defender-advanced-threat-protection.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index d31a895006..4c08fdb727 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -35,6 +35,9 @@ The service supports the onboarding of the following servers: - Windows Server, version 1803 - Windows Server 2019 + +For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Windows Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128). + ## Windows Server 2012 R2 and Windows Server 2016 To onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP, you’ll need to: From ee78a54f158d05cb80518b2c7d63b47a24e4d43f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 4 Oct 2018 14:50:11 -0700 Subject: [PATCH 31/32] date --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 4ec7962649..ab9c448aa4 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: dansimp ms.localizationpriority: medium -ms.date: 09/07/2018 +ms.date: 10/04/2018 --- # Threat Protection From a12329b6b1c328a88e3c42c40dd90b44b51f015a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 4 Oct 2018 14:53:07 -0700 Subject: [PATCH 32/32] edits --- .../windows-information-protection/how-wip-works-with-labels.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index a618284d11..d6e203d6de 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -76,7 +76,7 @@ The PDF file doesn't need any work context beyond the sensitivity label. - Windows 10, version 1809 - [Windows Defender Advanced Threat Protection (WDATP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) scans content for a label and applies corresponding WIP protection - [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in the Office 365 Security & Compliance Center -- [WIP policy](windows-information-protection/create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices. +- [WIP policy](create-wip-policy-using-intune-azure.md) needs to be applied to endpoint devices.