Forum Discussion
WIP support
- Nov 14, 2019
Edge (Chromium based) support for WIP is under development and hence available behind a feature flag (edge://flags/#edge-dataprotection)
Make sure you apply this WIP Enterprise AppLocker policy before you start.
As of now the following WIP integration functionalities are available to pilot:
• File protection on the device when downloaded from a work location
• Audit / Block / Override enforcement for File Uploads
• Briefcase visual indicator available on the address bar when browsing work locations
• Browsing to work locations from other profiles automatically redirects to the Work Profile (associated with the Azure AD Identity)
• IE Mode supports full WIP integration
Coming soon:
• Audit / Block / Override enforcement for Clipboard actions
• Audit / Block / Override enforcement for Drag & Drop actions
The WIP doesn't seem to work for us. After installing Edge (Chromium "beta") yesterday, I was able to fully access our WIP protected SharePoint site, without needing to add anything to the Intune App Protection settings. However, when downloading a file from a document library in the protected SharePoint site, it downloaded as "personal" file ownership, which is obviously concerning.
I then added both the App Locker XML files, as per your post and I can see that Edge (Chromium) is showing as "enlightened, permissive" under the Enterprise Context in the Task Manager. However, it didn't make a difference in terms of protecting downloaded files from protected sites and it also doesn't show the briefcase icon in the browser.
Just to mention, the (old) Edge browser correctly shows the briefcase of the mentioned SharePoint site, as well protects the file when downloaded. Any other browser e.g. Chrome, would access the site in monitor mode and be prevented from downloading the file in the first place.
Any suggestions on what I could be doing wrong or when this will be resolved? I'm using Edge (Chromium) Version 79.0.309.18 (Official build) beta (64-bit).
Thanks,
Georg
- Georg BrandnerNov 18, 2019Brass Contributor
Thanks. I hadn't. It seems to work now.
I'm guessing this will be enabled by default once in GA and that users won't be able to simply disable? Would otherwise defeat the purpose of enforcing WIP a bit.
Is there a way to use Intune to change the setting at this moment in time, i.e. if I have any users downloading the beta that the WIP would be enabled? Thanks