deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 11:23:45 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 4203: Merge vs-wipautorecovery to master

Browse Source
This commit is contained in:
Elizabeth Ross
2017-10-31 00:07:30 +00:00
parent c109a626a5
commit c6b70614a3
1 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
View File

@ -126,6 +126,35 @@ If you use a cloud environment in your organization, you may still want to resto
The Windows Credential service automatically recovers the employees previously revoked keys from the <code>Recovery\Input</code> location. All your companys previously revoked files should be accessible to the employee again. The Windows Credential service automatically recovers the employees previously revoked keys from the <code>Recovery\Input</code> location. All your companys previously revoked files should be accessible to the employee again.
## Auto-recovery of encryption keys
Starting with Windows 10, version 1709, WIP includes a data recovery feature that lets your employees auto-recover access to work files if the encryption key is lost and the files are no longer accessible. This typically happens if an employee reimages the operating system partition, removing the WIP key info, or if a device is reported as lost and you mistakenly target the wrong device for unenrollment.
To help make sure employees can always access files, WIP creates an auto-recovery key thats backed up to their Azure Active Directory (Azure AD) identity.
The employee experience is based on sign in with an Azure AD work account. The employee can either:
- Add a work account through the **Windows Settings > Accounts > Access work or school > Connect** menu.
-OR-
- Open **Windows Settings > Accounts > Access work or school > Connect** and choose the **Join this device to Azure Active Directory** link, under **Alternate actions**.
>[!Note]
>To perform an Azure AD Domain Join from the Settings page, the employee must have administrator privileges to the device.
After signing in, the necessary WIP key info is automatically downloaded and employees are able to access the files again.
**To test what the employee sees during the WIP key recovery process**
1. Attempt to open a work file on an unenrolled device.
The **Connect to Work to access work files** box appears.
2. Click **Connect**.
The **Access work or school settings** page appears.
3. Sign-in to Azure AD as the employee and verify that the files now open
## Related topics ## Related topics
- [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/magazine/2007.02.securitywatch.aspx) - [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/magazine/2007.02.securitywatch.aspx)
@ -139,5 +168,4 @@ If you use a cloud environment in your organization, you may still want to resto
>[!Note] >[!Note]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to this article](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).