Windows Information Protection…notes from the field! #MSIgnite

Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps organizations to protect corporate data against potential data leakage.

information-protection-needsThe concept is fairly simple and is actually based on defining two lists:

  • A corporate boundary list, which represents both on-premise & cloud network locations where managed apps can access corporate data;
  • A list of managed (trusted) apps, which are allowed to open, modify & store corporate data within the corporate boundary list.

In this blog we will look at some practical examples which you have to consider for a successful implementation of Windows Information Protection including a top 4 of recommended practices.

Continue reading “Windows Information Protection…notes from the field! #MSIgnite”

Advertisements

Part 2 – Define Privileged Desktop & Universal Applications for Enterprise Data Protection

My very first challenge – which was in my modest opinion the hardest part – with Enterprise Data Protection (EDP) was defining protected applications in a correct way. Many of you including myself were struggling how to define restricted applications.

image

In a serie blog posts I will provide some guidance how EDP works and how to configure protected apps, Configuration Manager and Microsoft Intune.

In this blog I’ll explain how you can retrieve the mandatory information required in order to define protected applications for your Enterprise Data Protection policies.

Continue reading “Part 2 – Define Privileged Desktop & Universal Applications for Enterprise Data Protection”

Blog series: Protect your Company Data using Enterprise Data Protection (EDP)

Recently I had the chance during a technical Friday jam session to play around with Enterprise Data Protection (EDP) with some other geeks .

EDP

In short Enterprise data protection (EDP) helps to protect against potential data loss without interfering end-user experience. EDP also helps to protect enterprise apps & data against accidental data loss on enterprise-owned devices, including personal devices that end-users bring to work without requiring changes to your environment or other apps.

Although EDP is introduced with Windows 10 release, the underlying technologies are common known. EDP is primary relying on Encrypted File System (EFS) and AppLocker. In a serie blog posts I will provid some guidance how EDP works and how to configure protected apps, Configuration Manager and Microsoft Intune.

Note!

Enterprise data protection is currently being tested with a number of enterprise customers, and will become available to Windows Insiders soon.

Stay tuned!

Part 1 – Introduction: Windows 10 Enterprise Data Protection – Under the hood…

UPDATE: Enterprise Data Protection is available again from Windows 10 Version 1511 rs1 builds if you want to test Enterprise Data Protection!

UPDATE: Stay on Windows 10 Version 1511 th2 build 10576 if you want to test Enterprise Data Protection!

In this blog I’ll cover a brand new Windows 10 feature, Enterprise Data Protection (EDP). The Microsoft Intune product team recently announced EDP policies as part of the Intune October service update. With this update you’re able to create and deploy configuration policies for Windows 10 enterprise data protection (EDP) settings, such as the list of apps that should be protected by EDP, enterprise network locations, protection level, and encryption using the new Windows 10 Enterprise data protection template.

Win10_CheckIn_Partner_ Training_20150807

In a series blog posts I will provide some guidance how EDP works and how to configure protected apps, Configuration Manager and Microsoft Intune.

In this blog I’ll show you how to configure and apply EDP to your Windows 10 devices. Including some experiences from the field.

Continue reading “Part 1 – Introduction: Windows 10 Enterprise Data Protection – Under the hood…”

The Enterprise Mobility Suite Portal Survival Guide

survival-guide I’m more than happy being your tour guide for today and walkthrough the various portals that the Microsoft Enterprise Mobility Suite (EMS) houses. For those who are involved with EMS, this might be a handy overview of all current available portals. I often heard  that it is not always clear which portal you need and where you can find it. In this blog I’ll do my best to cover all the portals including their purpose.

Continue reading “The Enterprise Mobility Suite Portal Survival Guide”

ICYMI: 50 Enterprise Mobility tips you should consider!

iot

Last weekend Rob Tiffany announced a fun but just as usefully 50 enterprise mobility tips twitter live stream. If you’re doubting how to address Enterprise Mobility in your company, these 50 pointers should give you a good start to feel comfortable and start embrace Enterprise Mobility.

I’ve tried hard to create my favorite top 5 Enterprise Mobility tips – but I didn’t make it…

Continue reading “ICYMI: 50 Enterprise Mobility tips you should consider!”

Assign EMS licenses based on Local Active Directory Group Membership

 

 

As all roads lead to Rome there are many ways to assign Enterprise Mobility Suite (EMS) licenses to end-users. This can be a manual process or automated by using PowerShell. Both options have in common that you must be a global administrator of your Azure subscription to assign these licenses.

The majority of the available public resources and publications describes the (manual) process bassed on per user- or group assignment through the Azure Management Portal. Downside of assigning EMS licenses through the Azure Management Portal or by PowerShell is that you must be a member of the global administrator user role. A right you want to keep to a limited number of accounts, further these accounts are often not responsible for such tasks as assigning licenses.

Continue reading “Assign EMS licenses based on Local Active Directory Group Membership”