Last week, I published a blog article walking through some of my favorite updates from the Intune Updates page. Turns out many of those functions (except for ISE integration) rolled last night!

Let’s take a look at some of them

Enhanced Windows 10 enterprise data policy configuration experience

As the release of Windows 10 Redstone nears and Enterprise Data Protection (EDP) goes live, Microsoft is making changes to its EDP policies in Intune. It now looks like there are now methods to add apps via File Hash or Path, instead of just Publisher rules amongst some other minor changes as well.

We can see that the overall experience has changed slightly for configuring EDP in the portal.

Most noticeably, we see that Microsoft warns us when I open a pre-existing EDP policy that it will wipe the existing app rules. In this case I have a policy dedicated for UWA apps and only had Excel, OneNote, PowerPoint & Word, so not a big deal.

062916_1652_NewIntuneEn1.png

We can see that there’s a slight change to the layout from before (used to just have Publisher and Product Name), now we’re creating rules to align here.

062916_1652_NewIntuneEn2.png

Let’s see some of the changes/options in the wizard below

062916_1652_NewIntuneEn3.png

062916_1652_NewIntuneEn4.png

062916_1652_NewIntuneEn5.png

Important

EDP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, EDP-unaware apps might not respect the corporate network boundary and will encrypt all files they create or modify, meaning that they could encrypt personal data and cause data loss during the revocation process. Care must be taken to get a support statement from the software provider that their app is safe with EDP before adding it to your Protected App list.

So, just like I mentioned in my earlier blog post, we’ll still need the Publisher and Product Name, which you can either get from the Windows Store for Business site or run the following PowerShell command on a machine with your UWA installed:

Get-AppxPackage | select name, publisher

NOTE: For Windows Classic apps, you can get the required information with the following command:

Get-AppLockerFileInformation -Path “<path of exe>”

I also published a list from my machine in my last blog!

Let’s start filling out our app details for the UWA apps

062916_1652_NewIntuneEn6.png

Now we have our apps loaded!

062916_1652_NewIntuneEn7.png

Confirm your EDP restrictions

062916_1652_NewIntuneEn8.png

Now check your configuration for identity and locations.

For further details on proper configuration, see this Microsoft Docs page

062916_1652_NewIntuneEn9.png

You can see some new Additional Settings here as well, note that some of the RMS integration that was here prior is now gone. Specifically we see some UI options to configure for displaying the EDP overlay and Personal/Work ownership settings (which didn’t exist before.

062916_1652_NewIntuneEn10.png

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>