Forum Discussion
Is it possible restrict save files only to OneDrive through Windows Information Protection?
Dears, We have implemented Windows Information Protection through Intune App protection policy on Windows 10 Operating System and are able to block cut/copy paste data from Work apps to personal ...
Hi Rudy,
Thanks for your support. It is one of the requirements of the business. They want to keep the data only on Onedrive. We tried copying the work file to another device and we are able to copy and open the work file from another tenant user account.
Also, I have read the following important point from the below URL "While WIP can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data." Does it mean WIP cannot be used to block copying/restrict files to local hard disks and USB?
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip
Thanks for your support. It is one of the requirements of the business. They want to keep the data only on Onedrive. We tried copying the work file to another device and we are able to copy and open the work file from another tenant user account.
Also, I have read the following important point from the below URL "While WIP can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data." Does it mean WIP cannot be used to block copying/restrict files to local hard disks and USB?
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip
Wip is not meant to "block" data copy to USB but encrypting the org data.
When a document is marked as corporate and you try to copy to an USB media you will be prompted if everything is configured correctly.. If you didn't configured the allow override the "copy as personal" is not available
Are you sure the document you opened in another tenant is a wip protected file? I am not a fanboy of wip but I can't imagine a encrypted wip document is able to be opened by a non authorized user
And there are more options available to block USB media
O Removable Storage, Where Art Thou? - Intune Device Control (call4cloud.nl)
- Thanks, Rudy. I have attached the hard disk to another PC and the files didn't open "User does not have access privileges"
- Also, able to recover the files using EFSDRA Certificate.
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate- But that's a good thing right? because it's a build in feature in cause you need to recover some files ? And just like MS is telling is protect that certificate! 🙂