Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **App rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation. +>[!IMPORTANT] +>WIP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.
Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **App rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
#### Add a store app rule to your policy
For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list.
@@ -94,8 +94,8 @@ If you don't know the publisher or product name, you can find them for both desk
1. Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
- >**Note**
- If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
+ >[!NOTE]
+ >If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
@@ -112,8 +112,9 @@ If you don't know the publisher or product name, you can find them for both desk
4. Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
- >**Important**
- The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.
For example:
+ >[!IMPORTANT] + >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`. + >For example:
```json
{
@@ -124,8 +125,8 @@ If you don't know the publisher or product name, you can find them for both desk
**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
1. If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
- >**Note**
- Your PC and phone must be on the same wireless network.
+ >[!NOTE]
+ >Your PC and phone must be on the same wireless network.
2. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
@@ -141,8 +142,9 @@ If you don't know the publisher or product name, you can find them for both desk
8. Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
- >**Important**
- The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.
For example:
+ >[!IMPORTANT] + >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`. + >For example:
```json
{
@@ -369,9 +371,9 @@ After you've added a protection mode to your apps, you'll need to decide where t
There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
->**Important**
-- Every WIP policy should include policy that defines your enterprise network locations.
-- Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations.
+>[!IMPORTANT]
+>Every WIP policy should include policy that defines your enterprise network locations.
+>Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations.
**To define where your protected apps can find and send enterprise data on you network**
@@ -492,13 +494,15 @@ After you've finished configuring your policy, you can review all of your info o
A progress bar appears, showing you progress for your policy. After it's done, click **Close** to return to the **Configuration Items** page.
-
## Deploy the WIP policy
After you’ve created your WIP policy, you'll need to deploy it to your organization's devices. For info about your deployment options, see these topics:
- [Operations and Maintenance for Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=708224)
- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708225)
- [How to Deploy Configuration Baselines in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708226)
+>[!NOTE]
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+
## Related topics
- [System Center Configuration Manager and Endpoint Protection (Version 1606)](https://go.microsoft.com/fwlink/p/?LinkId=717372)
- [TechNet documentation for Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=691623)
diff --git a/windows/keep-secure/deploy-wip-policy-using-intune.md b/windows/keep-secure/deploy-wip-policy-using-intune.md
index 075fba2473..c9977fec21 100644
--- a/windows/keep-secure/deploy-wip-policy-using-intune.md
+++ b/windows/keep-secure/deploy-wip-policy-using-intune.md
@@ -33,6 +33,9 @@ The added people move to the **Selected Groups** list on the right-hand pane.
3. After you've picked all of the employees and groups that should get the policy, click **OK**.
The policy is deployed to the selected users' devices.
+>[!NOTE]
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
+
## Related topics
- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
- [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md)
diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
index f6b1ea7f6e..f2e1b3c91c 100644
--- a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
@@ -78,4 +78,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** onedrive.exe
**App Type:** Desktop app|
|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** notepad.exe
**App Type:** Desktop app |
|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app |
-|Microsoft Remote Desktop |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mstsc.exe
**App Type:** Desktop app |
\ No newline at end of file
+|Microsoft Remote Desktop |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mstsc.exe
**App Type:** Desktop app |
+
+>[!NOTE]
+>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
\ No newline at end of file
diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md
index dc2429d6b3..c95ae45458 100644
--- a/windows/keep-secure/limitations-with-wip.md
+++ b/windows/keep-secure/limitations-with-wip.md
@@ -79,4 +79,7 @@ This table provides info about the most common problems you might encounter whil
For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).