Windows Information Protection

• Windows Information Protection may help organizations with data loss prevention.
• Only Windows 10 devices are protected.
• The feature requires Intune or Configuration Manager.
• Severe limitations on when and where the feature can protect data restrict its usefulness for data loss prevention.

Windows Information Protection (formerly Enterprise Data Protection), a feature of recent versions of Windows 10, may help an organization control the unauthorized dissemination of proprietary or confidential information, a task often called data loss prevention (DLP). Such protection of data is becoming more difficult with the rise of hosted services, employees working outside the office environment, and increased use of personal devices. But the limitations of Windows Information Protection could restrict its usefulness to helping organizations selectively wipe corporate data from Windows 10 devices that are lost or no longer needed.

Windows Information Protection

Organizations have a fiduciary duty to protect data about their business methods and processes, and privacy regulations mean organizations must commonly protect both employee and customer data. Successful data loss prevention solutions require an organization to establish three foundational policies: defining what makes data confidential and proprietary, delineating which employees need access to such data to perform their jobs, and determining how long data must be retained. Defining these policies is largely a thought exercise that involves the drafting, approval, and dissemination of written data management policies.