From c29938a7716e6eadd8eaf7d9c4894bcccdad4006 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 08:56:02 -0700 Subject: [PATCH 01/11] Adding text --- windows/keep-secure/app-behavior-with-wip.md | 138 +++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 windows/keep-secure/app-behavior-with-wip.md diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md new file mode 100644 index 0000000000..c48ca9689b --- /dev/null +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -0,0 +1,138 @@ +--- +title: Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) (Windows 10) +description: How unenlightened and enlightened apps might behave, based on Windows Information Protection (WIP) networking policies, app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. +keywords: WIP, Enterprise Data Protection, EDP, Windows Information Protection, unenlightened apps, enlightened apps +ms.prod: w10 +ms.mktglfcycl: explore +ms.pagetype: security +ms.sitesec: library +localizationpriority: high +--- + +# Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) +**Applies to:** + +- Windows 10, version 1607 +- Windows 10 Mobile + +Windows Information Protection (WIP) classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data is encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or people will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default. + +To avoid the automatic encryption of data, developers can enlighten apps by adding and compiling code using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that: + +- Don’t use common controls for saving files. +- Don’t use common controls for text boxes. +- Simultaneously work on personal and corporate data (for example, contact apps that display personal and corporate data in a single view or a browser that displays personal and corporate web pages on tabs within a single instance). + +We strongly suggest that the only unenlightened apps you add to your allowed apps list are Line-of-Business (LOB) apps. + +>[!Note] +>For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](https://msdn.microsoft.com/en-us/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center. + +## Unenlightened app behavior +This table includes info about how unenlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
App rule settingNetworking policy configuration
 Name-based policies, without the /*AppCompat*/ stringName-based policies, using the /*AppCompat*/ string or proxy-based policies
Not required. App connects directly using IP address. +
    +
  • App is entirely blocked from both personal and enterprise cloud resources.
    • +
  • No encryption is applied.
    • +
  • App can’t access local Work files.
    • +
+ 		+
    +
  • App can access both personal and enterprise cloud resources. However, you might encounter apps using policies that restrict access to enterprise cloud resources.
    • +
  • No encryption is applied.
    • +
  • App can’t access local Work files.
    • +
+
Not required. App connects using hostname. +
    +
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • +
  • No encryption is applied.
    • +
  • App can’t access local Work files.
    • +
+ 		 
Allow. App connects using IP address or hostnames. +
    +
  • App can access both personal and enterprise cloud resources.
    • +
  • Auto-encryption is applied.
    • +
  • App can access local Work files.
    • +
+ 		 
Exempt. App connects using IP address or hostnames. +
    +
  • App can access both personal and enterprise cloud resources.
    • +
  • No encryption is applied.
    • +
  • App can access local Work files.
    • +
+ 		 
+ +## Elightened app behavior +This table includes info about how enlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. + + + + + + + + + + + + + + + + + + + + + + +
App rule settingNetworking policy configuration
 Name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
Not required. App connects using IP address or hostnames. +
    +
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • +
  • No encryption is applied.
    • +
  • App can't access local Work files.
    • +
+
Allow. App connects using IP address or hostnames. +
    +
  • App can access both personal and enterprise cloud resources.
    • +
  • App protects work data and leaves personal data unprotected.
    • +
  • App can access local Work files.
    • +
+
Exempt. App connects using IP address or hostnames. +
    +
  • App can access both personal and enterprise cloud resources.
    • +
  • App protects work data and leaves personal data unprotected.
    • +
  • App can access local Work files.
    • +
+
From c7d96c95bb8fde3cc50444a6eb51ea40f69403c3 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 09:11:03 -0700 Subject: [PATCH 02/11] Fixing table formatting --- windows/keep-secure/app-behavior-with-wip.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index c48ca9689b..db3e0d5277 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -32,14 +32,14 @@ We strongly suggest that the only unenlightened apps you add to your allowed app This table includes info about how unenlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. - + - - + + @@ -97,13 +97,13 @@ This table includes info about how unenlightened apps might behave, based on you This table includes info about how enlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames.
App rule setting Networking policy configuration
 Name-based policies, without the /*AppCompat*/ stringName-based policies, using the /*AppCompat*/ string or proxy-based policiesName-based policies, without the /*AppCompat*/ stringName-based policies, using the /*AppCompat*/ string or proxy-based policies
Not required. App connects directly using IP address.
- + - + From b74a55c0342a66242696bbca1a9bb75af3f1b7d1 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 09:52:39 -0700 Subject: [PATCH 03/11] Fixing table formatting --- windows/keep-secure/app-behavior-with-wip.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index db3e0d5277..b7c88e2a75 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -38,8 +38,8 @@ This table includes info about how unenlightened apps might behave, based on you - - + + @@ -60,7 +60,7 @@ This table includes info about how unenlightened apps might behave, based on you - - - - + - - + - + - + - - @@ -81,7 +80,7 @@ This table includes info about how unenlightened apps might behave, based on you - - +
App rule setting Networking policy configuration
 Name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policiesName-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
Not required. App connects using IP address or hostnames.
 Name-based policies, without the /*AppCompat*/ stringName-based policies, using the /*AppCompat*/ string or proxy-based policiesName-based policies, without the /*AppCompat*/ stringName-based policies, using the /*AppCompat*/ string or proxy-based policies
Not required. App connects directly using IP address.
Not required. App connects using hostname. +
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
  • No encryption is applied.
    • @@ -71,7 +71,7 @@ This table includes info about how unenlightened apps might behave, based on you
Allow. App connects using IP address or hostnames. +
  • App can access both personal and enterprise cloud resources.
  • Auto-encryption is applied.
    • @@ -82,7 +82,7 @@ This table includes info about how unenlightened apps might behave, based on you
Exempt. App connects using IP address or hostnames. +
  • App can access both personal and enterprise cloud resources.
  • No encryption is applied.
    • @@ -99,12 +99,8 @@ This table includes info about how enlightened apps might behave, based on your - + - - - - - - - + - - + -
    App rule settingNetworking policy configurationNetworking policy configuration for name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
     Name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
    Not required. App connects using IP address or hostnames. From 18b8a558a7b93b234706fcfcb5d3f1b25be594c6 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 10:06:23 -0700 Subject: [PATCH 04/11] Fixing formating problems --- windows/keep-secure/app-behavior-with-wip.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index b7c88e2a75..04fce054f8 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -60,16 +60,15 @@ This table includes info about how unenlightened apps might behave, based on you
    Not required. App connects using hostname. +
    • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • No encryption is applied.
    • App can’t access local Work files.
    		 
    Allow. App connects using IP address or hostnames.
      @@ -78,9 +77,8 @@ This table includes info about how unenlightened apps might behave, based on you
    • App can access local Work files.
    		 
    Exempt. App connects using IP address or hostnames.
      @@ -89,7 +87,6 @@ This table includes info about how unenlightened apps might behave, based on you
    • App can access local Work files.
    		 
    From 27ec04f6ec793f6ddc2c996558f24a53e1d10392 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 10:16:48 -0700 Subject: [PATCH 05/11] Fixing formatting --- windows/keep-secure/app-behavior-with-wip.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index 04fce054f8..4dbf4f380d 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -58,9 +58,9 @@ This table includes info about how unenlightened apps might behave, based on you
Not required. App connects using hostname. +
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
  • No encryption is applied.
    • From 1119b355e17fa9b3b5ed6ce92eed0a041f2c8457 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 10:30:52 -0700 Subject: [PATCH 06/11] Fixing formatting --- windows/keep-secure/app-behavior-with-wip.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index 4dbf4f380d..01dacc9e74 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -58,19 +58,20 @@ This table includes info about how unenlightened apps might behave, based on you
Not required. App connects using hostname. +
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
  • No encryption is applied.
  • App can’t access local Work files.
nbsp;
Allow. App connects using IP address or hostnames. +
  • App can access both personal and enterprise cloud resources.
  • Auto-encryption is applied.
    • From ff01bb1d8ecdd24ddca8aa3fb8dcedf644ab073a Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 10:44:02 -0700 Subject: [PATCH 07/11] Final formatting fix --- windows/keep-secure/app-behavior-with-wip.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index 01dacc9e74..17a4cb5899 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -67,7 +67,6 @@ This table includes info about how unenlightened apps might behave, based on you
  • App can’t access local Work files.
nbsp;
Allow. App connects using IP address or hostnames.
Exempt. App connects using IP address or hostnames. +
  • App can access both personal and enterprise cloud resources.
  • No encryption is applied.
    • From c386ea300df54895d408e256a05126245bc0a90d Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 11:05:43 -0700 Subject: [PATCH 08/11] Final formatting tweaks --- windows/keep-secure/app-behavior-with-wip.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index 17a4cb5899..d590a8bc5e 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -12,8 +12,8 @@ localizationpriority: high # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) **Applies to:** -- Windows 10, version 1607 -- Windows 10 Mobile +- Windows 10, version 1607 +- Windows 10 Mobile Windows Information Protection (WIP) classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data is encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or people will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default. @@ -87,7 +87,7 @@ This table includes info about how unenlightened apps might behave, based on you
  • App can access local Work files.
## Elightened app behavior From f53e58d91f8646b7dcda0686a739a98d142cdb87 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 12 Oct 2016 11:08:42 -0700 Subject: [PATCH 09/11] Fixed typo --- windows/keep-secure/app-behavior-with-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index d590a8bc5e..134bb1bd26 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -90,7 +90,7 @@ This table includes info about how unenlightened apps might behave, based on you -## Elightened app behavior +## Enlightened app behavior This table includes info about how enlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. From 40336e833a9c25c02f616f02920d166549b6e82d Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 13 Oct 2016 12:51:49 -0700 Subject: [PATCH 10/11] Updated for tech review --- windows/keep-secure/app-behavior-with-wip.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/keep-secure/app-behavior-with-wip.md b/windows/keep-secure/app-behavior-with-wip.md index 134bb1bd26..55939649d4 100644 --- a/windows/keep-secure/app-behavior-with-wip.md +++ b/windows/keep-secure/app-behavior-with-wip.md @@ -42,7 +42,7 @@ This table includes info about how unenlightened apps might behave, based on you - + - + - + - + - + - + - +
Name-based policies, using the /*AppCompat*/ string or proxy-based policies
Not required. App connects directly using IP address.Not required. App connects to enterprise cloud resources directly, using an IP address.
  • App is entirely blocked from both personal and enterprise cloud resources.
    • @@ -59,7 +59,7 @@ This table includes info about how unenlightened apps might behave, based on you
Not required. App connects using hostname.Not required. App connects to enterprise cloud resources, using a hostname.
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • @@ -69,7 +69,7 @@ This table includes info about how unenlightened apps might behave, based on you
Allow. App connects using IP address or hostnames.Allow. App connects to enterprise cloud resources, using an IP address or a hostname.
  • App can access both personal and enterprise cloud resources.
    • @@ -79,7 +79,7 @@ This table includes info about how unenlightened apps might behave, based on you
Exempt. App connects using IP address or hostnames.Exempt. App connects to enterprise cloud resources, using an IP address or a hostname.
  • App can access both personal and enterprise cloud resources.
    • @@ -99,7 +99,7 @@ This table includes info about how enlightened apps might behave, based on your
Networking policy configuration for name-based policies, possibly using the /*AppCompat*/ string, or proxy-based policies
Not required. App connects using IP address or hostnames.Not required. App connects to enterprise cloud resources, using an IP address or a hostname.
  • App is blocked from accessing enterprise cloud resources, but can access other network resources.
    • @@ -109,7 +109,7 @@ This table includes info about how enlightened apps might behave, based on your
Allow. App connects using IP address or hostnames.Allow. App connects to enterprise cloud resources, using an IP address or a hostname.
  • App can access both personal and enterprise cloud resources.
    • @@ -119,7 +119,7 @@ This table includes info about how enlightened apps might behave, based on your
Exempt. App connects using IP address or hostnames.Exempt. App connects to enterprise cloud resources, using an IP address or a hostname.
  • App can access both personal and enterprise cloud resources.
    • From 998a3d42ec2d979fabcb4ff675c945c420842b35 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 13 Oct 2016 13:20:43 -0700 Subject: [PATCH 11/11] Updated for new app behavior topic --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index ee3f4325ff..d97828565c 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,7 +16,8 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md | New or changed topic | Description | | --- | --- | -| [VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic | +|[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |New | +|[VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic | ## September 2016