Windows 10: Windows Information Protection profile settings
Windows 10
: Windows
Information Protection profile settingsWindows 10 : Windows Information Protection profile setting | Description |
---|---|
Windows Information Protection settings | This setting specifies whether Windows Information Protection is enabled and the level of enforcement. When this setting is set to "Off," data is not encrypted and audit logging is turned off. When this setting is set to "Silent," data is encrypted and any attempts to share protected data are logged. When this setting is set to "Override," data is encrypted, the user is prompted when they attempt to share protected data, and any attempts to share protected data are logged. When this setting is set to "Block," data is encrypted, users cannot share protected data, and any attempts to share protected data are logged. Possible values:
The default value is "Off." |
Enterprise protected domain names | This setting specifies the work network domain names that your organization uses for its user identities. You can separate multiple domains with pipes (|). The first domain is used as a string to tag files that are protected by apps that use WIP. For example, example.com|example.net . |
Data recovery certificate file (.der, .cer) | This setting specifies the data recovery certificate file. The file that you specify must be a PEM encoded or DER encoded certificate with a .der or .cer file extension. You use the data recovery certificate file to recover files that were locally protected on a device. For example, if your organization wants to recover data protected by WIP from a device. For information on creating a data recovery certificate, see the Microsoft
Windows Information Protection documentation. |
Remove the Windows Information Protection settings when a device is removed from BlackBerry UEM | This setting specifies whether to revoke WIP settings when a device is deactivated. When WIP settings are revoked, the user can no longer access protected files. |
Show Windows Information Protection overlays on protected files and apps that can create enterprise content | This setting specifies whether an overlay icon is shown on file and app icons to indicate whether a file or app is protected by WIP. |
Work network IP range | This setting specifies the range of IP addresses at work to which an app protected with WIP can share data. Use a dash to denote a range of addresses. Use a comma to separate addresses. |
Work network IP ranges are authoritative | This setting specifies if only the work network IP ranges are accepted as part of the work network. When this setting is enabled, no attempts are made to discover other work networks. By default, the option is not selected. |
Enterprise internal proxy servers | This setting specifies the internal proxy servers that are used when connecting to work network locations. These proxy servers are only used when connecting to the domain listed in the Enterprise cloud resources setting. |
Enterprise cloud resources | This setting specifies the list of enterprise resource domains hosted in the cloud that need to be protected. Data from these resources are considered enterprise data and protected. |
Cloud resources domain | This setting specifies the domain name. |
Paired proxy | This setting specifies a proxy that is paired with a cloud resource. Traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on port 80). A proxy server used for this purpose must also be configured in the Enterprise internal proxy servers field. |
Enterprise proxy servers | This setting specifies the list of internet proxy servers. |
Enterprise proxy servers are authoritative | This setting specifies whether the client should accept the configured list of proxies and not try to detect other enterprise proxies. |
Neutral resources | This setting specifies the domains that can be used for work or personal resources. |
Enterprise network domain names | This setting specifies a comma-separated list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to. For example, example.com,example.net . |
Desktop app payload code | Specify the desktop app keys and values used to configure application launch restrictions on Windows 10 devices. You must use the keys defined by Microsoft for the payload type that you want to configure.To specify the apps, copy the XML code from the AppLocker policy .xml file and paste it in this field. When you copy the text, copy only the elements as shown in the following code sample:
For more information about using AppLocker, see the Microsoft AppLocker documentation. |
Universal Windows Platform app payload code | Specify the Universal Windows Platform app keys and values used to configure WIP on Windows 10 devices. You must use the keys defined by Microsoft for the payload type that you want to configure.To specify the apps, copy the XML code from the AppLocker policy .xml file and paste it in this field. When you copy the text, copy only the elements as shown in the following code sample:
For more information about using AppLocker, see the Microsoft AppLocker documentation. |
Associated VPN profile | This setting specifies the VPN profile that a device uses to connect to a VPN when using an app protected by WIP. This setting is valid only if "Use a VPN profile" is selected for the "Secure connection used with WIP." |
Collect device audit logs | This setting specifies whether to collect device audit logs. |