Protect Enterprise Data

Protect your data with Microsoft Intune

Enterprise mobility is widely used nowadays. Many employees now has a smartphone, tablet or both. It is common to find on these devices to enterprise data but also of personal data. The risk of disclosure of professional data is more important. Windows 10 offers an interesting feature EDP (Enterprise Data Protection). You can use EDP for this scenarios :

  • Encryption of the data on personal and professional device.
  • Remote wipe of business data on managed computers (personal data are not affected).
  • Possible selection of applications that can access enterprise data.
  • No interaction required by the user to switch between a personal application and an enterprise application.

Enterprise Data Protection

Several publishers of MDM offers of created containers to protect business data. With Windows 10 EDP provides the same functionality. It helps protect the data on a mobile device but can also be coupled with an RMS infrastructure.
Benefits of the EDP functionality

  • Protection against leakage of business data
  • Separation of the personal data and those of the company, without user interaction.
  • Protection of data for business applications.
  • Possibility to clear devices business data while retaining personal data.
  • Rapports of audit for the monitoring of problems and corrective actions.
  • Integration to MDM (Microsoft Intune, System Center Configuration Manager (version 1511 or later).
  • Protection using RMS (Right Management Service).
  • Possibility to manage Office universal applications on Windows 10 for devices protecting the company’s data.

Create Enterprise Data Protection Policy

If you want to create an Enterprise Data Protection Policy it is necessary to have an infrastructure SCCM (Version 1511 or later) or Microsoft Intune in SAAS mode.I used my platform in SAAS mode to create the policy. We are going to do first the creation of the strategy. Expand the node strategy and policy configuration and click add.

Access to COnfiguration policy for protecting

A wizard launches, expand Windows, and then click Enterprise Data Protection. Click create a new policy.

Create Enterprise Data Protection policy

Enter the name you want for the strategy.

Enter the name of the policy protect data

It is now possible to add the desired applications. All of these applications will have access to the company’s data. So data cannot be copied to an application not present in this strategy.
Two types of applications can be added:

  • Universal application
  • Desktop applications (Windows Classic application)

Select Application that you want protect

Click on Add.

Choose the policy that you want protect

Universal application
In the window, it is necessary to enter the name of the Publisher as well as the name of the product. You can use the Get-AppxPackage | Out-GridView PowerShell command to have the information of universal application. You can use the get-appxpackage PowerShell command to have the information of universal application. The name column to configure the Product Name field. The Publisher column allows it to configure the Publisher Name field.

For applications like Desktop application, the necessary information can be recovered by running the command :

Get-AppLockerFileInformation -Directory “C:\Program Files (x86)\Microsoft Office\root\Office16\” -Recurse -FileType exe | fl

Get appx package for protect

Get appx package 2 for protect

Subsequently, it is necessary to indicate the mode of management of the applications. Several choices are available.

  • Block : Prevents the company data present in applications that are configured to be copied into another application.
  • Override : The user is warned when trying to move data outside of configured applications.
  • Silent: The user is free to move data outside of configured applications. Travel logged in the audit log.
  • Off: The user is free to move data outside of configured applications. Not logged in the audit log.

Configure the action for protected data

Specify the domain name to use, and then click Add. Specify the network location type

Enter the description of you protec enterprise data policy

Configure the desired settings, and then click Save policy.

Configure the policy protect data that you want

It is now necessary to deploy the policy.
https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-edp

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.