Forum Discussion
markthomas
Nov 14, 2019Copper Contributor
WIP support
What is the status of Windows Information Protection (WIP) support in Edge? Will all WIP features be supported prior to GA?
- Nov 14, 2019
Edge (Chromium based) support for WIP is under development and hence available behind a feature flag (edge://flags/#edge-dataprotection)
Make sure you apply this WIP Enterprise AppLocker policy before you start.
As of now the following WIP integration functionalities are available to pilot:
• File protection on the device when downloaded from a work location
• Audit / Block / Override enforcement for File Uploads
• Briefcase visual indicator available on the address bar when browsing work locations
• Browsing to work locations from other profiles automatically redirects to the Work Profile (associated with the Azure AD Identity)
• IE Mode supports full WIP integration
Coming soon:
• Audit / Block / Override enforcement for Clipboard actions
• Audit / Block / Override enforcement for Drag & Drop actions
Georg Brandner
Jan 24, 2020Brass Contributor
I've just installed the "stable" version of the new Edge on a user's Windows 10 device (using Intune) and noticed that it now doesn't, by default, have WIP enabled. I was able to just download a file from a WIP protected SharePoint site and it saved it under Downloads as "personal".
I would have expected that the new Edge would also have had this enabled by default. Now Microsoft is rolling out the new browser and the data isn't protected?
Would appreciate if you could advise.
Thanks,
Georg
Philip Büchler
Jan 27, 2020Brass Contributor
Georg Brandner With the help of the PowerShell script of Jose Castillo Soriano , and the canary version I was able to have it behave the way I would expect (setting the flag and respecting WIP config):
- Georg BrandnerJan 28, 2020Brass Contributor
Thanks Philip. The problem is that we also have Windows 10 devices that are Workplace joined (not AAD) and PowerShell scripts don't work for those when using the Intune PowerShell option. The only workaround that I know for some of this is to create MSI files and change the Registry that way.
What I find shocking is that WIP works out of the box enabled with the old Edge but seemingly not for the new Edge. There should not even be an option for the user to disable this. It should be on by default, same as the old Edge. And if not, then they should at least have an administrative template setting in Intune to manage this. I now have users can download the new Edge browser and bypass WIP. Microsoft should not be releasing half-finished products as "stable". Enough of a rant.
Not sure if anyone knows of another way to force WIP to be enabled for the new Edge for standalone Intune with workplace and AAD joined Win 10 devices?
Thanks!
- Philip BüchlerJan 29, 2020Brass ContributorCompletely with you. I just try to check workarounds for eventual pilots, so we have an idea what other issues might come up in our org.
The stable version doesn't even respect WIP when the flag is activated and the briefcase symbol confirms the policy. Not to mention the possibility for users to simply turn of the flag, reclassify content and turn it back on.
I sometimes get the feeling, that WIP is not a very broadly used feature. There is such little documentation or blog/twitter hype around it.- lightupdifireJan 29, 2020Brass ContributorAgree with you guys, the #edge-dataprotection should be enabled or at least we should be able to control it for AAD registered or AAD joined devices.