From 56ec734cade0f4b25a3e047b0ac4a45bed5879ed Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 13 Jul 2016 09:24:26 -0700 Subject: [PATCH 1/4] Created new topic for inclusion in the guidance area --- .../keep-secure/mandatory-settings-for-wip.md | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 windows/keep-secure/mandatory-settings-for-wip.md diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md new file mode 100644 index 0000000000..9c265848d2 --- /dev/null +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -0,0 +1,31 @@ +--- +title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) +description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +--- + +# Mandatory tasks and settings required to turn on Windows Information Protection (WIP) +**Applies to:** + +- Windows 10 Insider Preview +- Windows 10 Mobile Preview + +[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] + +This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. + +>**Important**
+All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md), based on the tool you're using in your enterprise. + + +|Task |Description | +|------------------------------------|--------------------------| +|Add at least one app rule in the **App rules** area in your WIP policy. |You must have at least one app rule specified in the **App rules** area of your WIP policy. For more info about where this area is and how to add an app rule, see the **Add individual apps to your Protected App list** section of the policy creation topics.| +|Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the EDP protection level for your enterprise data** section of the policy creation topics.| +|Specify your corporate identity. |You must specify your corporate identity, usually expressed as your primary Internet domain (for example, contoso.com). For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. | +|Specify your Enterprise Network Domain Names. |You must specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics. | +|Specify your Enterprise IPv4 Ranges. |Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. | +|Include your Data Recovery Agent (DRA) certificate. |This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the **Create and verify an Encrypting File System (EFS) DRA certificate for EDP** section of the policy creation topics. | \ No newline at end of file From be179441ece74f8c7868c131255860d7ba79b7a1 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Wed, 13 Jul 2016 09:25:45 -0700 Subject: [PATCH 2/4] Added new topic for mandatory tasks --- windows/keep-secure/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 504f41304c..f478cdc121 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -23,6 +23,7 @@ ##### [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md) #### [Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) ### [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md) +#### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md) #### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md) #### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md) ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) From 42bb28e4dfe877a4c1a96154da4e917136e8da71 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 15 Jul 2016 09:36:48 -0700 Subject: [PATCH 3/4] Updated to include both IPv4 and IPv6 --- windows/keep-secure/mandatory-settings-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md index 9c265848d2..9a23e25d67 100644 --- a/windows/keep-secure/mandatory-settings-for-wip.md +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -27,5 +27,5 @@ All sections provided for more info appear in either the [Create a Windows Infor |Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the EDP protection level for your enterprise data** section of the policy creation topics.| |Specify your corporate identity. |You must specify your corporate identity, usually expressed as your primary Internet domain (for example, contoso.com). For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. | |Specify your Enterprise Network Domain Names. |You must specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics. | -|Specify your Enterprise IPv4 Ranges. |Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. | +|Specify your Enterprise IPv4 or IPv6 Ranges. |Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. | |Include your Data Recovery Agent (DRA) certificate. |This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the **Create and verify an Encrypting File System (EFS) DRA certificate for EDP** section of the policy creation topics. | \ No newline at end of file From fbe41720ed152269e3b4f3db517154804a320063 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 15 Jul 2016 11:22:20 -0700 Subject: [PATCH 4/4] Updated for publish --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 1 + windows/keep-secure/mandatory-settings-for-wip.md | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 8a96eaa113..d43c87c4e9 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md |New or changed topic | Description | |----------------------|-------------| +|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New | |[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New | |[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |New | |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated | diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md index 9a23e25d67..bc0c26537d 100644 --- a/windows/keep-secure/mandatory-settings-for-wip.md +++ b/windows/keep-secure/mandatory-settings-for-wip.md @@ -1,6 +1,7 @@ --- title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10) -description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. +description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP) in your enterprise. +keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Allowed apps list ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -15,7 +16,7 @@ ms.pagetype: security [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP) in your enterprise. +This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection(EDP), in your enterprise. >**Important**
All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md), based on the tool you're using in your enterprise.