Forum Discussion

markthomas's avatar
markthomas
Copper Contributor
Nov 14, 2019

WIP support

What is the status of Windows Information Protection (WIP) support in Edge?  Will all WIP features be supported prior to GA?

  • markthomas 

    Edge (Chromium based) support for WIP is under development and hence available behind a feature flag (edge://flags/#edge-dataprotection)

     

    Make sure you apply this WIP Enterprise AppLocker policy before you start. 

     

    As of now the following WIP integration functionalities are available to pilot:
    • File protection on the device when downloaded from a work location
    • Audit / Block / Override enforcement for File Uploads
    • Briefcase visual indicator available on the address bar when browsing work locations
    • Browsing to work locations from other profiles automatically redirects to the Work Profile (associated with the Azure AD Identity)
    • IE Mode supports full WIP integration

    Coming soon:
    • Audit / Block / Override enforcement for Clipboard actions
    • Audit / Block / Override enforcement for Drag & Drop actions

     

  • markthomas 

    Edge (Chromium based) support for WIP is under development and hence available behind a feature flag (edge://flags/#edge-dataprotection)

     

    Make sure you apply this WIP Enterprise AppLocker policy before you start. 

     

    As of now the following WIP integration functionalities are available to pilot:
    • File protection on the device when downloaded from a work location
    • Audit / Block / Override enforcement for File Uploads
    • Briefcase visual indicator available on the address bar when browsing work locations
    • Browsing to work locations from other profiles automatically redirects to the Work Profile (associated with the Azure AD Identity)
    • IE Mode supports full WIP integration

    Coming soon:
    • Audit / Block / Override enforcement for Clipboard actions
    • Audit / Block / Override enforcement for Drag & Drop actions

     

    • markthomas's avatar
      markthomas
      Copper Contributor

      Arunesh_Chandra Thanks for the info.  I had already added Edge to the WIP policy but not using the applocker XML.  I have just switched over to that now.

       

      Is there any way to enable the feature flags by policy?  We would like to start piloting and it would be nice to be able to set that flag automatically rather than have the users do it themselves.

       

      Thanks

      Mark.

    • Georg Brandner's avatar
      Georg Brandner
      Brass Contributor

      Hi Arunesh_Chandra 

       

      The WIP doesn't seem to work for us. After installing Edge (Chromium "beta") yesterday, I was able to fully access our WIP protected SharePoint site, without needing to add anything to the Intune App Protection settings. However, when downloading a file from a document library in the protected SharePoint site, it downloaded as "personal" file ownership, which is obviously concerning. 

       

      I then added both the App Locker XML files, as per your post and I can see that Edge (Chromium) is showing as "enlightened, permissive" under the Enterprise Context in the Task Manager. However, it didn't make a difference in terms of protecting downloaded files from protected sites and it also doesn't show the briefcase icon in the browser.

       

      Just to mention, the (old) Edge browser correctly shows the briefcase of the mentioned SharePoint site, as well protects the file when downloaded. Any other browser e.g. Chrome, would access the site in monitor mode and be prevented from downloading the file in the first place.

       

      Any suggestions on what I could be doing wrong or when this will be resolved? I'm using Edge (Chromium) Version 79.0.309.18 (Official build) beta (64-bit).

       

      Thanks,

       

      Georg

      • Naren-'s avatar
        Naren-
        Icon for Microsoft rankMicrosoft
        Can you please confirm that you have ENABLED the WIP flag i.e. by navigating to edge://flags/#edge-dataprotection in the Edge (Chromium) browser?
    • Georg Brandner's avatar
      Georg Brandner
      Brass Contributor

      Arunesh_Chandra 

       

      I've just installed the "stable" version of the new Edge on a user's Windows 10 device (using Intune) and noticed that it now doesn't, by default, have WIP enabled. I was able to just download a file from a WIP protected SharePoint site and it saved it under Downloads as "personal". 

       

      I would have expected that the new Edge would also have had this enabled by default. Now Microsoft is rolling out  the new browser and the data isn't protected? 

       

      Would appreciate if you could advise.

       

      Thanks,

       

      Georg 

      • Philip Büchler's avatar
        Philip Büchler
        Brass Contributor

        Georg Brandner With the help of the PowerShell script of Jose Castillo Soriano , and the canary version I was able to have it behave the way I would expect (setting the flag and respecting WIP config): 

         

         

  • Are there any news regarding WIP in the new Edge? I haven't found WIP in the admx template in Intune. Do I have to set the flag through cmd-options?

    • Jose Castillo Soriano's avatar
      Jose Castillo Soriano
      Brass Contributor

      Philip Büchler 

      I created a ps1 script to add the flag to the "Local State" file.

       

      #Iniciamos Edge para crear el perfil
      #We started Edge to create the profile
      & "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      
      #Matar proceso Edge
      #Kill Edge process
      taskkill /im msedge.exe* /f
      
      #Vamos hasta el perfil de Edge
      #Let's go to Edge's profile
      cd "$env:LOCALAPPDATA/Microsoft/Edge/User Data"
      
      #Buscamos y reemplazamos para añadir el flag de WIP
      #Search and replace to add the WIP flag
      (Get-Content 'Local State').replace('"last_redirect_origin":""', '"enabled_labs_experiments":["edge-dataprotection@1"],"last_redirect_origin":""') | Set-Content 'Local State'

       

Resources