Deploying & managing Windows Information Protection (WIP)

Deploying & managing Windows Information Protection (WIP)
11/19/2018 4:24 AM BRK2074 Deploying & managing Windows Information Protection (WIP) Derek Adam Senior Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Wonka Understanding the Enterprise customer: IT Administrator WillyV
Build 2015 11/19/2018 4:24 AM 87% of senior managers admit to regularly uploading work files to a personal or cloud account.1 58% accidentally sent sensitive information to the wrong person1 $240 average per record cost of a data breach across all industries2 Respect the stewardship you (might) give Don’t reveal company secrets Respect boundaries of access and use terms Want things locked up in your domain Makes rules to try to keep it that way WillyV Wonka Understanding the Enterprise customer: IT Administrator Source: Stroz Friedberg, “On The Pulse: Information Security In American Business,” HIPPA Secure Now, “A look at the cost of healthcare data breaches,” Art Gross, March 30, 2012 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Build 2015 11/19/2018 4:24 AM Want access from personal devices Prefer as little management as possible We all make mistakes People Like You and Me Understanding the Enterprise customer: Information Worker © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Australian Immigration Dept. Data Leak
Microsoft Ignite 2016 11/19/2018 4:24 AM Australian Immigration Dept. Data Leak “An employee of the department had inadvertently disclosed the passport numbers, visa details and other personal identifiers of the world leaders attending the G20 summit in Brisbane after an was mistakenly sent to an organizer of the Asian Cup football tournament because of an autocomplete function” Personal details of world leaders accidentally revealed by G20 organizers Paul Ferrell Guardian March 15, 2015 Source: Personal details of world leaders accidentally revealed by G20 organizers © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

US Government Services Administration Breach
11/19/2018 US Government Services Administration Breach “Due to authorizations enabled by GSA 18F staff, over 100 GSA Google Drives were reportedly accessible by users both inside and outside of GSA during a five month period, potentially exposing sensitive content such as personally identifiable information and contractor proprietary information.” Over 100 Google Drives used by the agency were publicly accessible for five months. Dan Goodwin Ars Technica May 17, 2016 Source: At the cost of security everywhere, Google dorking is still a thing, © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

A risk you need to prioritize
11/19/2018 A risk you need to prioritize TODAY, THE RISK OF DATA FALLING IN THE WRONG HANDS IS GREATER THAN EVER. QUITE OFTEN THE RISK IS NOT AN EXTERNAL THREAT IT COMES FROM WITHIN. THE REALITY IS A MAJORITY OF DATA LEAKS HAPPEN ACCIDENTALLY. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

11/19/2018 ? ? ? ? ? ? ???% …focus on data leak prevention for personal devices, but ignore the issue on corporate owned devices where the risks are the same or worse. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Why we need Windows Information Protection
11/19/2018 4:24 AM Why we need Windows Information Protection You must give personal devices more access… Why … Compete: More productivity - users work on personal devices Why … “I said so.” Boss demands access, and others follow. …so need to manage work on personal. (People use work devices for personal, too.) Line between work and personal is increasingly blurred. Want to lower the risk of accidental leak. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Your information protection needs
11/19/2018 Data Leakage Your information protection needs DEVICE PROTECTION DATA SEPARATION LEAK PROTECTION SHARING PROTECTION DEVICE PROTECTION BitLocker enhancements in Windows 8.1 InstantGo 3rd party adoption Protect system and data when device is lost or stolen Containment Data separation DATA SEPARATION Prevent unauthorized users and apps from accessing and leaking data LEAK PROTECTION Protect data when shared with others, or shared outside of organizational devices and control SHARING PROTECTION © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Data Leakage Your information protection needs DEVICE PROTECTION
11/19/2018 Data Leakage Your information protection needs DEVICE PROTECTION DATA SEPARATION LEAK PROTECTION SHARING PROTECTION DEVICE PROTECTION BitLocker enhancements in Windows 8.1 InstantGo 3rd party adoption DATA SEPARATION LEAK PROTECTION SHARING PROTECTION Azure Rights Management Office 365 BitLocker Windows Information Protection © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Windows information protection
11/19/2018 Windows information protection Integrated protection against accidental data leaks Protects data at rest locally and on removable storage. Common experience across all Windows 10 devices with copy and paste protection. Corporate vs personal data identifiable wherever it rests on the device and can be wiped. Ships in the Windows 10 Anniversary Update Prevents unauthorized apps from accessing business data and users from leaking data via copy and paste protection. Seamless integration into the platform, No mode switching and use any app. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

Business/Personal Build 2015 11/19/2018 4:24 AM One experience
Skype for Business Outlook Facebook One experience HR Quick View OneDrive WhatsApp Expense Reporting Word Dropbox Dynamics CRM Photos Weather © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Data exchange is blocked or audited
Build 2015 11/19/2018 4:24 AM Business/Personal Business Apps & Data (Managed) Skype for Business Outlook Facebook Personal Apps & Data (Unmanaged) One experience Data is isolated Data is encrypted at rest Organization holds keys MDM managed Block/audit data exchange APIs for ISVs Office and OneDrive HR Quick View OneDrive WhatsApp Expense Reporting Word Candy Crush Dynamics CRM Photos Weather Data exchange is blocked or audited © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protection across Data Flows
11/19/2018 4:24 AM Protection across Data Flows © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

WINDOWS INFORMATION Protection Lifecycle
11/19/2018 WINDOWS INFORMATION Protection Lifecycle Enrollment Data Wipe Policy and keys provisioned to device Data coming from corporate network location automatically protected by WIP Data Ingress App can automatically protect data or users can define data as personal or corporate Data Egress Data Genesis & Use Protection can be maintained anywhere on the device or when data moves to removable storage. Azure Information Services can be used maintain protection in B2B scenarios. Selectively wipe corporate data on demand or when device is unenrolled © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

WIP and AIP / Azure RMS 11/19/2018 4:24 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

WIP & Azure RMS – v1607: Side by side
11/19/2018 WIP & Azure RMS – v1607: Side by side WIP Basic, context-aware protection User action not needed for protection Clipboard, etc., is seamless Work Work Protected sharing via corp servers Azure RMS Granular, app-level, policy-based protection Requires user action Side-by-side technologies, different keys, complementary scenarios © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

WIP & Azure RMS – v1703: USB roaming
11/19/2018 WIP & Azure RMS – v1703: USB roaming What you get WIP uses Azure RMS key on removable storage Auth to Azure RMS, opens on any v1703 PC Tenant-wide user access by default Can adjust access with RMS templates What you need Configure WIP to use Azure RMS (E3 subscription) Creators Update (v1703) client © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Vision: WIP & AIP, Better together
11/19/2018 Vision: WIP & AIP, Better together In the future, AIP should benefit WIP & vice versa Ideas: File classification could apply WIP protection WIP could help trigger AIP sharing scenarios More data would get protected automatically © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What else is new since 1607? 11/19/2018 4:24 AM

WIP Learning (1703) Detects unknown apps accessing work
11/19/2018 WIP Learning (1703) Detects unknown apps accessing work Intune stores learning data for two weeks OMS stores app learning data up to a year Works in all enforcement levels Gives deployment confidence Know when rules are complete Can stay up to date with changes © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

WIP and MAM (1703) MAM is about limiting policy scope
11/19/2018 WIP and MAM (1703) MAM is about limiting policy scope Does not turn on device-wide policies Intune term for MAM is “without enrollment” WIP is “app management” part of MAM Only enlightened* apps can be managed Requires AAD integration Home/Pro/Enterprise, PC and Phone See: BRK Manage and protect Office 365 mobile apps with Microsoft Intune © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Automatic Recovery (1709) If you revoke the wrong device …
11/19/2018 Automatic Recovery (1709) If you revoke the wrong device … …User just re-enrolls to restore access PC backs up key to AAD user account © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Office, Intune, and SCCM Official WIP support in Office 365 ProPlus
11/19/2018 Office, Intune, and SCCM Official WIP support in Office 365 ProPlus Current and Deferred Channel Intune enhancements MAM “without enrollment” support One click to allow all recommended apps Auto-populates SharePoint sites to cloud resources SCCM 1706 enables WIP USB roaming © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo - Intune Derek Adam 11/19/2018 4:24 AM

SCCM configuration is similar to Intune
11/19/2018 4:24 AM SCCM configuration is similar to Intune © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Information Protection
Build 2014 11/19/2018 Windows Information Protection App Rule – (Need at least one) Primary Enterprise ID Domain Network – Intranet domain names & IP addresses Enforcement level – Anything except “Off” Data Recovery Certificate Key Policies © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

App Rules Allow : Recommended for enlightened apps
11/19/2018 App Rules Allow : Recommended for enlightened apps Use first party enlightened apps LOB apps that ONLY touch work data are okay Exempt : For app compat WIP does not apply – app might leak, but works For unenlightened work+personal apps Deny : An exclusion rule in either Safety measure, if desired to avoid accidental inclusion E.g. Known bad apps, unenlightened work+personal apps © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enforcement Modes Hide Overrides Allow Overrides Silent Off
11/19/2018 Enforcement Modes Hide Overrides For the most restrictive environments Allow Overrides Likely right for most deployments Good for testing Silent Encrypts for selective wipe – Monitoring, not enforcement You can learn and roll out gently Off Will cause decryption pass across disk © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Corporate Identity Domain(s) used by user accounts
11/19/2018 Corporate Identity Domain(s) used by user accounts Apps use to recognize work accounts First entry is the primary enterprise identity (EID) Intune pre-populates from tenant ID Used throughout the system (Shell, file system, process tokens, clipboard) Subsequent entries map to (owned by) primary Intune sets via “Protected domains” in Network perimeter … but is NOT a network setting Include work address domains, AAD account domains © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Network / LAN Enterprise IPv4 / IPv6 Range (EIPR)
11/19/2018 Network / LAN Enterprise IPv4 / IPv6 Range (EIPR) IP address ranges that appear within the intranet Pro tip: Use list from VPN routes Can include private IP address ranges Enterprise Network Domain Names (ENDN) Intranet domains (e.g. intranet.contoso.com) AD Sites & Services can help here On-prem enterprise sites match both EIPR & ENDN E.g. Private IP address ranges bound to non-work domains are personal © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Data Recovery Agent For recovering data from revoked BYOD
11/19/2018 Data Recovery Agent For recovering data from revoked BYOD Where to get it Re-use EFS Data Recovery Agent (DRA) cert, when avail Use corp PKI to manage EFS DRA cert, if possible Cipher.exe can create one Pro Tip: Test revoke & recovery before rollout © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Fine Tuning Policies Tweak other policies after basics are working
11/19/2018 Fine Tuning Policies Tweak other policies after basics are working Cloud resources Recommend: OneDrive for Business, SPO Recommend: Include “/*AppCompat*/” unless very locked down Proxy Servers Proxy Servers indicate public Internet (i.e. personal) Trick: Can use to exclude an internal site from intranet Internal Proxy Servers indicate enterprise-owned cloud Most of you should skip using this Only needed for Forced Tunnel cloud resources Requires some server configuration © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Optional Policies Enterprise IP Addresses Are Authoritative (Boolean)
11/19/2018 Optional Policies Enterprise IP Addresses Are Authoritative (Boolean) TRUE means only use configured list to determine enterprise FALSE (default) will include link local, and (for DJ machines) ADS&S info Enterprise Proxy Servers Are Authoritative (Boolean) TRUE means only use configured list FALSE (default) will also auto-detect work proxies local to your site Neutral Sites Intended for authentication sites Can be used for both work or personal; context carried from last redirect Include Microsoft logon sites (e.g. login.microsoftonline.com) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Real life lesson: Deploy in Rings
11/19/2018 4:24 AM Real life lesson: Deploy in Rings Deploy changes in expanding “rings” Test Pilots – Usually within IT Canaries – Representatives for each group Subsequent Rings – Add users in waves Lets you experiment with different policy Build confidence with Silent mode Gentle change, no blocks in v1703+ Learn and tune, as necessary © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo – WIP Learning Derek Adam 11/19/2018 4:24 AM

Finish your ride in a success elevator together!
11/19/2018 4:24 AM With mutual trust… Finish your ride in a success elevator together! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session
Tech Ready 15 11/19/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Deploying & managing Windows Information Protection (WIP)

Similar presentations

Presentation on theme: "Deploying & managing Windows Information Protection (WIP)"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Deploying & managing Windows Information Protection (WIP)

Similar presentations

Presentation on theme: "Deploying & managing Windows Information Protection (WIP)"— Presentation transcript:

Similar presentations

About project

Feedback