Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Windows Information Protection (WIP) on domain joined devices (on-premise AD)

Occasional Contributor

Has anyone tried in successfully deploying Intune Windows Information Protection on Domain joined Windows 10 PCs? What I meant of domain joined is the presence of an on-premise Windows Active Directory.


I get the fact the Windows Information Protection works seamlessly on BYOD devices (Workgroup PCs). But I cannot get this to work on devices within the domain. Can somebody lead me to articles on how to specifically do this?

4 Replies

Hi Christopher,

I am not aware of any customers who have deployed WIP. Here are the document links you requested.

I would love to hear more about your experience! It seems like WIP has its place perhaps in Healthcare, Financial Services, and perhaps DoD or other secure infrastructures. Outside of that its hard for me to picture a place for WIP because it seems to restrict the collaboration capabilities of B2B sharing. Seems like Azure Information Protection is more flexible to me.

Hi Joe,

Thanks for replying. Yes, that article was my guide in creating the WIP policies. As I was saying, it works if the device is under workgroup and I could see the briefcase encryption overlay icon on the files. However, I seemingly couldn't get this to work on domain joined devices even if they are already Intune MDM installed. 


Are there log files that I could check to dig deeper?

Hi @Christopher DelaTorre

Unfortunately I`m not able to help you. But I`m wondering, are non-managed devices forced to use WIP? A while ago I have been playing with WIP, but as an example Windows 7 devices were still able to access data and not forced to use WIP. Have you been able to block those devices?

Thank you!