Windows 10: Windows Information Protection
profile settings
Windows 10
: Windows
Information Protection
profile settingsWindows 10 :
Windows Information
Protection profile setting |
Description |
|---|---|
Windows
Information Protection settings |
This setting specifies whether Windows
Information Protection is enabled and the level of enforcement. When this setting is set to
"Off," data is not encrypted and audit logging is turned off. When this setting is set to
"Silent," data is encrypted and any attempts to share protected data are logged. When this
setting is set to "Override," data is encrypted, the user is prompted when they attempt to
share protected data, and any attempts to share protected data are logged. When this
setting is set to "Block," data is encrypted, users cannot share protected data, and any
attempts to share protected data are logged. Possible values:
The default value is "Off." |
Enterprise protected domain names |
This setting specifies the work network domain names that your
organization uses for its user identities. You can separate multiple domains with pipes
(|). The first domain is used as a string to tag files that are protected by apps that use
WIP. For example, example.com|example.net . |
Data recovery certificate file (.der, .cer) |
This setting specifies the data recovery certificate file. The file that you specify must
be a PEM encoded or DER encoded certificate with a .der or .cer file extension. You use the data recovery certificate file to recover files that were
locally protected on a device. For example, if your organization wants to recover data
protected by WIP from a device. For information on creating a data recovery certificate, see the Microsoft
Windows
Information Protection documentation. |
Remove the Windows Information Protection
settings when a device is removed from BlackBerry UEM |
This setting specifies whether to revoke WIP settings when a device is
deactivated. When WIP settings are revoked, the user can no longer access protected
files. |
Show Windows Information Protection
overlays on protected files and apps that can create enterprise content |
This setting specifies whether an overlay icon is shown on file and app
icons to indicate whether a file or app is protected by WIP. |
Work network IP range |
This setting specifies the range of IP addresses at work to which an app
protected with WIP can share data. Use a dash to denote a range of addresses. Use a comma to separate addresses. |
Work network IP ranges are authoritative |
This setting specifies if only the work network IP ranges are accepted
as part of the work network. When this setting is enabled, no attempts are made to discover
other work networks. By default, the option is not selected. |
Enterprise internal proxy servers |
This setting specifies the internal proxy servers that are used when connecting to work
network locations. These proxy servers are only used when connecting to the domain listed
in the Enterprise cloud resources setting. |
Enterprise cloud resources |
This setting specifies the list of enterprise resource domains hosted in
the cloud that need to be protected. Data from these resources are considered enterprise
data and protected. |
Cloud resources domain |
This setting specifies the domain name. |
Paired proxy |
This setting specifies a proxy that is paired with a cloud resource. Traffic to the cloud
resource will be routed through the enterprise network via the denoted proxy server (on
port 80). A proxy server used for this purpose must also be configured in the Enterprise internal
proxy servers field. |
Enterprise proxy servers |
This setting specifies the list of internet proxy servers. |
Enterprise proxy servers are authoritative |
This setting specifies whether the client should accept the configured
list of proxies and not try to detect other enterprise proxies. |
Neutral resources |
This setting specifies the domains that
can be used for work or personal resources. |
Enterprise network domain names |
This setting specifies a comma-separated list of domains that comprise the boundaries of
the enterprise. Data from one of these domains that is sent to a device will be considered
enterprise data and protected. These locations will be considered a safe destination for
enterprise data to be shared to. For example, example.com,example.net . |
Desktop app payload code |
Specify the desktop app keys and values used to configure application
launch restrictions on Windows 10 devices. You must use the keys defined by Microsoft for the payload type
that you want to configure.To specify the apps, copy the XML code from the AppLocker policy .xml file and paste it
in this field. When you copy the text, copy only the elements as shown in the following
code sample:
For more information about using AppLocker, see administer-applocker. |
Universal Windows Platform app payload
code |
Specify the Universal Windows
Platform app keys and values used to configure WIP on Windows 10 devices. You must use
the keys defined by Microsoft for the payload type that you want to configure.To specify the apps, copy the XML code from the AppLocker policy .xml file and paste it
in this field. When you copy the text, copy only the elements as shown in the following
code sample:
For more information about using AppLocker, see administer-applocker. |
Associated VPN profile |
This setting specifies the VPN profile that a device uses to connect to a VPN when using
an app protected by WIP. This setting is valid only if "Use a VPN profile" is selected for the
"Secure connection used with WIP." |
Collect device audit logs |
This setting specifies whether to collect device audit logs. |