Apps - App protection policies
Create policy - Windows 10
Name - Windows Information Protection Policy - Windows 10 with enrollment
Description - This WIP policy is assigned to corporate Windows 10 devices and users
Enrollment state - With enrollment
Targeted apps - Protected apps - Add
Recommended Apps -
Select - Name (This will select all recommended apps)
Select - OK
Select - Next -
Select the mode you would like to apply
Hover over the information icon to see an explanation of the options
As I would like to test the 'Allow overrides' option, select - Allows Overrides.
Next
Advanced settings -
If you don't select and create a network boundary, nothing happens.
Under Network boundaries - select - Add
Boundary type - Cloud resources
Name - Cloud resources
Value - update the text below with the tenant name -
(copy to notepad and use find - replace)
(make sure there are no new lines and use the pipe character to separate entries)
Replace <tenant> with your tenant name -
<tenant>.sharepoint.com|<tenant>-my.sharepoint.com|<tenant>-files.sharepoint.com|tasks.office.com|protection.office.com|meet.lync.com|teams.microsoft.com|outlook.office365.com|outlook.office.com|attachments.office.net
Updated details
intuneadmin.sharepoint.com|intuneadmin-my.sharepoint.com|intuneadmin-files.sharepoint.com|tasks.office.com|protection.office.com|meet.lync.com|teams.microsoft.com|outlook.office365.com|outlook.office.com|attachments.office.net
Update the Add network boundary sections
Update other options as needed.
I choose Yes to - Show the enterprise data protection icon -
Click - Next
Assignments -
Add groups - 
Browse and select the groups you want the policy assigned to.
As this is targeting Windows 10, only select Windows 10 users and devices.
I am targeting my Autopilot devices, Windows 10 Corporate device category group, Shared Devices, Windows 10 Corporate users, and all users with MFA.
Click - Select - to apply
Assignments will update
Next
Review and create.
Review the options - click create
=====================================================================
End user testing
Testing - Link (full explanation)
OneDrive is protected as Corporate owned files
New column shows File Ownership
Files in OneDrive have no option to change File Ownership
Copying the file to another file location gives you the option to change File Ownership
Here the file has been copied to C:\Files
I can select - Personal - to change the file ownership
Open the file via WordPad
Warning as it is a non-corporate app - needs Microsoft Word which is a corporate app
Trying to email the document from OneDrive via Gmail
Warning as it is not allowed - Use Outlook
=======================================================================
About the author -
Terry Munro is an IT specialist based in Brisbane, Australia.
He draws upon over 20 years experience designing and delivering technical solutions to a variety of enterprise clients in the private, Government and Education sectors, to revolutionise client businesses through collaboration and getting the most value from a variety of cloud solutions.
He is passionate about learning new technologies and is a firm believer in sharing knowledge to provide a better experience for all.
You can connect with Terry on LinkedIn - https://www.linkedin.com/in/terry-munro/
No comments:
Post a Comment