What is Windows Information Protection?

Windows Information Protection (WIP) allows you to protect your company’s data, even on laptops that can be taken out of the office and on employee’s personal devices. There are 3 levels of protection with increasing restrictiveness.

On the least restrictive level, your company data is encrypted on the user’s PC or laptop and can be wiped when the user leaves the company or their laptop is lost/stolen/no longer used (note – this only wipes files that are owned by the company and personal documents will be left on the machine).

At the most restrictive level, company data can only be opened in apps that are protected by WIP and cannot be copied off the machine or put into personal emails.

WIP allows for a distinction between Personal and Company files. Work files are indicated by a briefcase symbol on the file's icon.

3-1-1

Level 1 (Silent Mode)

This is the least restrictive of the WIP protection modes.

  • Company data is encrypted on the machine and can be wiped remotely.
  • Company data can be edited in any app on the PC/laptop.
  • There are no restrictions on moving data on USB sticks or copying file contents into a personal file (this is tracked in logs on the machine however).
  • Files can be marked as Personal/Work files by the user (see below). Protected company files show the Briefcase symbol on the icon.

3-2

Level 2 (Allow Override)

This is the medium level of WIP protection modes.

  • Company data is encrypted on the machine and can be wiped remotely.
  • Users will see a warning when opening company data in an app that is not protected but can acknowledge the warning and proceed.
  • Users can copy data to USB sticks or copy the file contents into a personal file but will see a warning. They can acknowledge the warning and proceed by marking the file as personal (see below).
  • Files can be marked as Personal/Work files by the user.

3-3

Level 3 (Block)

This is the most restrictive level of the WIP protection modes.

  • Company data is encrypted on the machine and can be wiped remotely.
  • Users can not open company data in an app that is not protected.
  • Users can not copy data to USB sticks or copy the files contents into a personal file (see screenshot below).
  • Personal files can be marked as Work files to protect them but not the other way around

3-4

Protected Apps

On personal devices, only the following Microsoft apps can be protected by WIP. On company-owned devices, it is possible to protect data in other Line of Business applications but please discuss this with your 365 Specialist if required.

  • Microsoft Edge
  • Internet Explorer 11
  • Microsoft Office (Word, Excel, PowerPoint, etc)
  • Microsoft Teams
  • OneDrive
  • Notepad
  • Microsoft Paint
  • Microsoft Photos
  • Microsoft Remote Desktop

3-5-1

Wiping Data

When a user disconnects their company Microsoft 365 account from their personal device or their account is archived when they leave, they automatically lose access to any company files on the device. The files will still be present on the device and can be removed by the user but they will be unable to open them.

Company files which are no longer accessible will show a padlock symbol in place of the briefcase. Any files marked as Personal will remain accessible.

A remote wipe can also be initiated by GRS Technology Solutions in the case of a laptop being lost or stolen.

3-6