The protection of sensitive data must always be an important aspect of any operating system, and that is something that Microsoft knows very well. The company has done a remarkable job with Windows 10 to address most security issues. Windows Information Protection is a big part of it. It should be noted that this protection suite contains elements such as Windows Information Protection, Azure Information Protection and Microsoft Cloud App Security.
Here's the thing, Windows Information Protection, also called WIP, is well-equipped to protect automatically classified files via the sensitive information types feature. It uses Windows Defender ATP fully, but keep in mind that the latest enhancements are only available in Windows 10 1903 and later.
Configure WIP
Before we move on, we'd like to talk about configuring Windows Information Protection. It's pretty easy and straight to the point, so let's get things started for your enjoyment.
OK, the first thing the user has to do is to visit gérer.microsoft.com via their web browser and log in with a Windows Intune administrative account. After that, the user should see a navigation pane on the left and select the option that says Strategies.
- To connect to microsoft.comand make sure you do it with your Windows Intune administrative account.
- In the left pane, select the option labeled Policies.
- In the window, users should see Add Policy. Please click on it to advance.
- People should now see a dialog box called Create a new policy, then expand Windows, then make sure to select Windows Protection Information.
- Finally, click Create and deploy a custom policy.
- Then click Create Policy.
- Make sure you enter a name for the policy
- Enter the description and specify the rules of application if it suits you.
This is where the WIP configuration is. As you can see, the task is easy enough, especially for those who are familiar with a computer.
Protect sensitivity tags with Endpoint Data Loss Prevention
In terms of sensitivity tag management, this can be done with relative ease in the Microsoft 365 Compliance Center.
For those who did not know, Windows Defender is able to extract a file to check if it has been contaminated by a virus or malware. It can also check if a file contains sensitive information such as credit card numbers or other important data types.
The types of sensitive information by default include credit card numbers, phone numbers, driver's license numbers, and so on. However, what is interesting here is the ability for users to define custom sensitive information types if they wish.
Windows Information Protection
Whenever the user creates or modifies a file on a Windows 10 endpoint, the content is quickly extracted and evaluated by Windows Defender ATP. It will then check the files for any type of sensitive information defined.
Now, if the files match, Windows Defender ATP then applies data loss prevention on the endpoints.
It should be noted that Windows Defender ATP is integrated with Microsoft Azure Information Protection, a feature designed primarily for data discovery. It can also report newly discovered sensitive data types.
For those who wish to see the types of sensitive information, we advise you to check under Classifications via compliance with Microsoft Office 365. Do not forget that all types of sensitive information by default have Microsoft as a publisher. As for custom types, they will be associated with the renter's name.
I hope this helps you.