First published on TECHNET on Aug 29, 2016
I’m Jeff Patterson, Program Manager for Work Folders and Offline Files.
Windows 10, version 1607 will be available to Enterprise customers soon so I wanted to cover support for Windows Information Protection (a.k.a. Enterprise Data Protection) when using Work Folders or Offline Files.
Windows Information Protection Overview
Windows Information Protection (WIP) is a new security feature introduced in Windows 10, version 1607 to protect against data leaks.
Benefits of WIP
Separation between personal and corporate data, without requiring employees to switch environments or apps
Additional data protection for existing line-of-business apps without a need to update the apps
Ability to wipe corporate data from devices while leaving personal data alone
Use of audit reports for tracking issues and remedial actions
Integration with your existing management system (Microsoft Intune, System Center Configuration Manager 2016, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company
For additional information on Windows Information Protection, please reference our TechNet
Work Folders support for Windows Information Protection
Work Folders was updated in Windows 10 to support Windows Information Protection.
If a WIP policy is applied to a Windows 10 device, all user data stored in the Work Folders directory will be encrypted using the same key and Enterprise ID that is used by Windows Information Protection.
Note: The user data is only encrypted on the Windows 10 device. When the user data is synced to the Work Folders server, it’s not encrypted on the server. To encrypt the user data on the Work Folders server, you need to use RMS encryption.
Offline Files and Windows Information Protection
Offline Files (a.k.a. Client Side Caching) is an older file sync solution and was not updated to support Windows Information Protection. This means any user data stored on a network share that’s cached locally on the Windows 10 device using Offline Files is not protected by Windows Information Protection.
If you’re currently using Offline Files, our recommendation is to migrate to a modern file sync solution such as
OneDrive for Business
which supports Windows Information Protection.
If you decide to use Offline Files with Windows Information Protection, you need to be aware of the following issue if you try to open cached files while working offline: