When we talk about the Modern Workplace, employee experience comes first.
But there’s another aspect – of the utmost importance and not to be overlooked by any organization – and that’s enterprise data protection. Here’s an overview of how to protect your company’s data.
Overview of corporate data protection
Every organization strives to protect its data as best it can.
Sometimes protection can be so restrictive as to hamper the workplace experience, causing employee dissatisfaction, while at other times it can be too light, leaving many security loopholes.
This is why IT and security administrators have to make tough decisions to strike a balance between these two extremes, as it has a direct impact on an employee’s work experience. Microsoft, a leading provider of public cloud services, offers several data protection solutions for businesses, each with its own domain or focus (with some overlap in a few cases), namely:
- M365 Information Protection (DLP) – helps identify sensitive information in Microsoft 365 (Exchange, SharePoint, Teams), prevent sharing, monitor and protect sensitive data in desktop versions of Office applications.
- Azure Information Protection(AIP, formerly Azure RMS) – helps classify and protect data by applying labels.
Protection is applied directly to content, and moves with the content as it moves between storage locations. - Windows Information Protection (WIP) – helps protect your company’s local data at rest on terminals, and manages applications to protect local data in use.
- Microsoft Cloud App Security – a CASB (Cloud Access Security Broker) solution for discovering (on site or in the cloud) and monitoring data in Microsoft or third-party SaaS (Software-as-a-Service) applications.
To simplify its offerings, Microsoft has grouped all the above solutions under the unified umbrella of Microsoft Information Protection (MIP) – a comprehensive, unified solution for protecting sensitive corporate data throughout its entire lifecycle – inside and out. 
Here, we won’t go into detail about all the different solutions that make up MIP, but instead focus on one of its components – Windows Information Protection (WIP) and how it helps to control data in your Windows environment.
Introduction to Windows data protection in the enterprise
The WIP mainly helps to separate or segregate data, identifying and marking corporate data from the user’s personal data residing locally on the device.
Data marked as corporate data is subject to protection.
It also makes it possible to manage applications on the device that work with this data, to prevent accidental data leaks.
It is an evolution of Enterprise Data Protection (EDP – WIP’s predecessor), but not a complete DLP solution in itself. WIP is not impenetrable security, as a user with a good knowledge of the Windows registry can easily revert to the EDP state to stop protection.
However, given its design, WIP was never intended to be impenetrable.
It was always designed as a mechanism to prevent accidental data leaks. WIP has been available with Windows 10 since version 1607 (Business Editions – Pro and Enterprise SKU), works in the background and doesn’t interfere with the user’s work habits – unless the user is trying to mix work and personal context.
For example, WIP allows users to freely copy content between business applications and documents, but will not allow corporate data to be copied to an application working with personal data, unless otherwise specified in IT policy.
You’ll need eitherIntune (or any MDM solution) or its SCCM counterpart to manage and deploy the WIP policy on Windows terminals.
WIP can operate in both Mobile Device Management (MDM) and non-MDM (Mobile Applications Management, MAM only) scenarios – data protection is targeted at the user identity, not the device.
If data protection is a concern for your SME, we’re here to help and guide you towards the best solutions.
To find out more about this subject and benefit from more technical details, we invite you to consult this article in English, from which we have drawn inspiration here.
