Enterprise Data Protection in Windows 10

Companies are encouraging a single device for both organizational and personal use. It could be Bring your Own Device (BYOD), or the companies providing devices for both personal and enterprise use. Between the two, users of these devices will tend to store both enterprise data and personal data on same device. Besides this, there are company apps, company approved apps, as well as personal apps that the user might download for his or her own use and entertainment.

Under such circumstances, it becomes essential that enterprises manage their data and apps securely without spoiling the user experience for the employees. Too many security restrictions, preventing users from downloading apps for personal use, may turn off the employee. Windows 10 offers a way that keeps both admins and employees happy. This article checks out Enterprise Data Protection in Windows 10.

Enterprise Data Protection (EDP) in Windows 10

This is the name for the module that protects enterprise data against unintended or malicious use. The first thing here is proper encryption, so that even if the data is leaked or compromised, the data remains safe as others cannot decode it. The EDP module identifies enterprise and personal apps and lets the employees use them both at the same time without messing up.

Enterprise Data Protection Windows 10

The EDP module allows for simultaneous display of both personal as well enterprise apps on the same screen. Eg. the Outlook app for checking personal mail as well as company mail. This is just one example. The enterprise data protection in Windows 10 can do much more:

  1. Identification and separate handling of enterprise and personal data
  2. Data protection for existing enterprise apps without having to update the apps every now and then;
  3. Remote wiping of corporate data without affecting personal data
  4. Audit reports of app usage and tracking purposes for a range of issues – including data leakage
  5. EDP integrates with your existing system to save to time and effort on providing user access rights and other functions.

The only pre-requisite to use EDP in Windows 10 is that you should be having Windows Intune, System Center 2012 Configuration Manager, OR your own company-wide Mobile Device Management (MDM) solution.

How can EDP help in Windows 10

You may have got an idea of what enterprise data protection does in Windows 10.

I am listing some important highlights of the module:

  1. Encrypt enterprise owned data on devices being used by employees – be it BYOD or company provided devices
  2. Remotely wipe off corporate data without affecting the employees’ personal data so that employees don’t get to complain
  3. Designate apps as privileged so that only those apps can access enterprise data even though the device carries many other employee-owned apps; this also means that employees’ private apps will be denied access to enterprise data so that it is safe
  4. Users or employees need not switch between organizational credentials and personal credentials to work on devices; they can simultaneously use both enterprise and personal apps

Employee experience will be enhanced, as they will not have to switch between enterprise and personal logins. If a personal document is marked as corporate, due to an error, the employee can initiate a process to claim it back (using the Audit method).

Corporate data is protected even on employee-owned devices. If an employee marks a new document as being work related, it is automatically protected as enterprise data. When employees leave the organization or move to another department, you can remotely wipe off all the traces of corporate data on his or her device – without affecting their personal data. This makes sure that they cannot misuse enterprise data.

Moreover, copying enterprise data on to other devices, makes encrypts it, so that even if it falls into wrong hands, the data stays protected. This can prevent accidental or deliberate leak of enterprise data.

You can mark apps as enterprise related. That way, only the apps marked will get access to corporate data according to the user policies. Personal apps will never be able to look into the enterprise data, keeping it secure always.

Finally – there is always the option to turn off enterprise data protection in Windows 10, though it is not recommended. If you do so, then when you turn it back again, you’ll have to configure the policies and decryption again. The data however, won’t be affected as it stays encrypted even if the EDP is turned off and hence would be safe.

EDP offers 4 levels of protection: Block, Override, Audit and Off. It also supports per-file encryption on SD cards along with the device encryption policy. You can read more about this new feature on TechNet.

Now take a loot at how Device Management will work in Windows 10.

Posted by on , in Category Windows with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.