Windows Information Protection (WIP) is a data loss prevention feature for Windows 10 (version 1607 or later) that can automatically apply protective tags for files and data. Thus, allowing end-users to be productive and still keep your organization’s data secure!
What is Windows Information Protection (WIP)?
Windows Information Protection (WIP) is an alternative to traditional data loss prevention approaches that focus on protecting data leakage at the network level. WIP protects against both accidental and intentional leakage of data by automatically encrypting internal data anytime users save a file locally to a protected Windows 10 system. Protecting organizational data is critical - now more than ever before! Lawsuits, legal challenges, and/or a loss of reputation is at stake if an organization is not successful in protecting their data. The ongoing blend of work and home life – especially in a COVID-19 world isn’t making that easier. More and more, we see end-users utilizing their work provided devices for personal tasks and data management. Similarly, end-users will access organizational data on their personal devices, which makes protecting your data tricky. WIP provides peace of mind and helps protect critical data regardless of where it’s accessed from. WIP not only helps protect files on end-users’ devices but can also be used to remotely wipe a device clean if needed via Intune. By selecting the user and device and sending a wipe request, all data that was protected via the WIP policy will become unusable.
View the video below to see a brief overview of Windows Information Protection in use:
How does WIP Work?
WIP builds containers for data, just like mobile device management does for mobile devices. Essentially, WIP treats Windows 10 as a mobile device for data protection. This allows businesses to decide which applications on the PC are for work use and which might be for personal use. Work applications will have protection policies that automatically tags documents saved by those applications as ‘work’ and defines what can be done with the document on that PC.
This automatic tagging allows businesses to prevent data from being copied to personal devices, accessed by an unapproved application, or stored in unapproved locations. WIP additionally protects against the accidental leakage of data via copy-and-paste, drag-and-drop, removable storage (e.g., USB thumb drives), and unauthorized applications (e.g., non-work Cloud storage providers).
Microsoft 365 E3 is required to use this software. Windows 10 E3 includes AppLocker, which is used to help identify the applications that are work and which ones are personal. Intune and/or System Center Configuration Manager (SCCM) are used for the deployment and management of Windows Information Protection policies. This combination of integrated Microsoft software provides a unified and seamless experience for IT departments to take advantage of!
Sensitivity Labels and Classifying Files
For those who have Microsoft 365 E5, Windows Information Protection can be extended to integrate with Azure Information Protection’s data classification system.
Office app users have different types of classifications available.
- Time-sensitive documents that need to be retained for a specified period
- Documents that need to be permanently deleted once they reach a certain age
- Competitive research that needs to be retained and then permanently deleted
- Employment documents that need to be marked as a record so they can’t be edited or deleted
These sensitivity labels allow users to mark documents, so the right actions are enforced or limited for sensitive files. Administrators may set automatic classifications/policies based on specific types of sensitive information present in files, specific keywords, etc. This is crucial because the automation means organizations don’t have to train every user on how to classify content correctly – it can be done automatically based on classification policies you implement, and it integrates seamlessly with the encryption built into Windows Information Protection.
Benefits of WIP
WIP is a feature that is built into Windows 10 Enterprise E3, is managed through the Cloud (Intune or SCCM), and allows for agentless-managed computers. This means company devices can be easily managed and controlled through security guidelines set up from the cloud by their IT department. WIP is better than traditional data loss prevention strategies, while data no longer has to flow through a gateway to be caught in a Software as a Service application. In today’s mobile and work-from-home world, this is more important than ever before!
Pair WIP with other Microsoft products to provide an integrated and comprehensive security strategy for your organization! WIP is also a companion product to BitLocker which provides device protection by helping mitigate unauthorized data access through an enhanced file and system protection. Azure Information Protection continues to protect documents that are shared both internally and externally. View this following graphic for a visualization of these products regarding information protection needs:
How can Interlink Help?
Start a conversation today with Interlink to build out your security roadmap and see how Windows Information Protection fits into your specific environment. Help protect your organization from data leakage and save your end-users time and worry today!
For more information on Cloud Security, check out this blog from our partner at Peters & Associates.
Interested in learning more? View our similar blog: New Microsoft Security and Compliance Licensing Bundle Options.