diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 6a27c63800..fc50cfc48c 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 03/15/2019 +ms.date: 03/25/2019 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune @@ -67,6 +67,9 @@ Before you can create a WIP policy using Intune, you need to configure an MDM or - [Recommended apps](#add-recommended-apps) - [Store apps](#add-store-apps) - [Desktop apps](#add-desktop-apps) + +>[!NOTE] +>An application might return access denied errors after removing it from the list of protected apps. Rather than remove it from the list, uninstall and reinstall the application or exempt it from WIP policy. ### Add recommended apps @@ -397,7 +400,7 @@ To define the network boundaries, click **App policy** > the name of your policy ![Microsoft Intune, Set where your apps can access enterprise data on your network](images/wip-azure-advanced-settings-network.png) -Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**. +Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the options covered in the following subsections, and then click **OK**. ### Cloud resources diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 4af9ce947b..46b7344b5f 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 02/26/2019 +ms.date: 03/25/2019 --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) @@ -38,8 +38,15 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc |Visual Studio Online |contoso.visualstudio.com | |Power BI |contoso.powerbi.com | ->[!NOTE] ->You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both. +You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both. + +For Office 365 endpoints, see [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges). +Office 365 endpoints are updated monthly. +Allow the domains listed in section number 46 Allow Required and add also add the apps. +Note that apps from officeapps.live.com can also store personal data. + +When multiple files are selected from SharePoint Online or OneDrive, the files are aggregated and the URL can change. In this case, add a entry for a second-level domain and use a wildcard such as .svc.ms. + ## Recommended Neutral Resources We recommended adding these URLs if you use the Neutral Resources network setting with Windows Information Protection (WIP).