First published on TECHNET on Sep 04, 2015
Offline Files is a feature in Windows that we have been improving upon since Windows XP. Many of our customers, especially large organizations, depend on Offline Files to provide access to the user data on Windows clients. Work Folders is a new solution we introduced in Windows 8.1 and is also available for Windows 10, Windows 7, Android, iPad and iPhone. After discussing both solutions with some customers, I see the need to have more in depth comparison between them, and this blog post will be focused on that.
Why Offline Files?
Home folders and My Documents make it easier for an administrator to back up user files and manage user accounts by collecting many or all of a user's files in one location, but users must be connected to the corporate network in order to access those data. For mobile users, online connections are not always possible, the need to access files while the device is not connected to the network became a priority. Offline files was introduced to serve that need. It intercepts the API call to access the files on the file server, and get the data in the local device cache.
Why not Offline Files?
Most issues I’ve heard from the customers are result of the data stored in a hidden cache. The user view of the content is hosted on a file server, the cache is only used when the device is not connected to the corporate network. There is no easy way of figuring what’s in the cache, where is the cache pointing to, extracting data in the cache, permission changes etc. In addition, user may see different content depending on the device is online/offline. The list grows. Took these lessons, Work Folders stores the files in the local folder path, this made the user experience much simpler, as the file can be viewed/accessed just like any other local files.
Why Work Folders?
In addition to the “no more hidden cache” difference, we observed the trend with proliferation of devices in the consumer world, and anticipate an increasing demand to access the user data on file servers on those unmanaged devices which are not connected to the corporate network. With the goal to provide consistent user experience across different devices to access user data from anywhere, here are 3 main advantages Work Folders provides:
Access data over the internet. No more VPN or direct access to the corpnet for data access.
Access from non-Windows devices. In addition to Windows releases, Work Folders is also enabled for Android, iPAD and iPhone.
Simple, local file access experience for users. No more hidden caches. Files under the Work Folders path are truly local files. The sync engine will keep the files in sync with the file server.
Data security with Work Folders
When we presented the Work Folders at the TechEd a couple of years ago, we demoed a number of scenarios to show Work Folders security features, as well as how Work Folders can integrate with other file server solutions such as FCI/RMS encryption to protect the data. You can find the video
. In this blog post, I’ll high light the security features we designed in Work Folders.
Data protection (encryption and wipe)
Data leakage has always been a concern for the Enterprise customers, to better protect the data on unmanaged devices, we provided the option for the admins to encrypt the data on the user device through a policy configuration on the server. The encryption key is tied with an Enterprise ID, and it is different from the encryption key if user wants to use EFS for data encryption on the same device. This separation allows admin to issue wipe to a device, which will only revoke the enterprise key, and leaving personal encrypted data intact.
Device password enforcement
Usually, password policy is enforced through group policy (GP), and GP can’t reach to those unmanaged devices, we provided a basic password policy to admins who want to ensure the devices are protected with password if they want to use the device for data access.
Encryption on the wire with https
With Work Folders, data transfer can happen on the corpnet or over the internet. To ensure data security, data will be encrypted on the wire using SSL. This adds additional file server managements, such as publishing the sync server URL for client to connect; adding web server certificate to have secure transfer.
Folder Redirection (FR) or not?
Folder Redirection is a feature allowing the content under the special folders (e.g. Documents, Desktop) to be stored on a file server. Offline Files is mostly used in combination with Folder Redirection to allow user or application offline access to data under the special folders.
When we were designing Work Folders, we deliberately moved away from the special folders, and introduced a standalone folder “Work Folders” which can be access on Windows as well as non-Windows devices. No matter what type of device the user is using, he/she can simply put all work related stuff under this folder, and it will simply get synced across to any other device which has Work Folders configured.
Early customer feedback has been mixed. I have seen customers:
Who are introducing Work Folders in parallel with FR and Offline Files, and Work Folders will sync a different set of files, and no need to integrate with FR
Who are thinking of replacing Offline Files with Work Folders and want to redirect the content of the special folders into Work Folders. If you want to replace Offline Files with Work Folders, perform the steps documented in the Offline Files to Work Folders migration
The world is changing, people want to get access to their data anytime anywhere. Has this change come to you yet? If so, perform the steps documented in the Offline Files to Work Folders migration