Set up Windows Information Protection for Windows 10 devices Skip Navigation

Set up
Windows
Information Protection for
Windows 10
devices

You can set up
Windows
Information Protection (WIP) for
Windows 10
devices to do the following:
  • Separate personal and work data on devices.
  • Wipe only work data on devices.
  • Prevent users from sharing work data outside of protected work apps or with people outside of your organization.
  • Protect data even if it is moved to or shared on other devices (for example, with a USB key).
  • Audit user behavior and take appropriate actions to prevent data leaks.
When you set up WIP for devices, you specify the apps that you want to protect. Protected apps are trusted to create and access work files, while unprotected apps can be blocked from accessing work files. You can choose the level of protection for protected apps based on how you want users to behave when they share work data. When WIP is enabled, all data sharing practices are audited. The apps that you specify can be enlightened or unenlightened for enterprise. Enlightened apps can create and access work and personal data. Unenlightened apps can create and access work data only.
  1. In the management console, on the menu bar, click
    Policies and profiles > Protection > Windows Information Protection
    .
  2. Click The Add icon.
  3. Type a name and description for the profile.
  4. Configure the appropriate values for each profile setting. See Windows Information Protection profile settings.
  5. Click
    Add
    .
  • Assign the profile to users and groups.
  • If necessary, rank the profile.