Last week, I published a blog article walking through some of my favorite updates from the Intune Updates page. Turns out many of those functions (except for ISE integration) rolled last night!
Let’s take a look at some of them
Enhanced Windows 10 enterprise data policy configuration experience
As the release of Windows 10 Redstone nears and Enterprise Data Protection (EDP) goes live, Microsoft is making changes to its EDP policies in Intune. It now looks like there are now methods to add apps via File Hash or Path, instead of just Publisher rules amongst some other minor changes as well.
We can see that the overall experience has changed slightly for configuring EDP in the portal.
Most noticeably, we see that Microsoft warns us when I open a pre-existing EDP policy that it will wipe the existing app rules. In this case I have a policy dedicated for UWA apps and only had Excel, OneNote, PowerPoint & Word, so not a big deal.
We can see that there’s a slight change to the layout from before (used to just have Publisher and Product Name), now we’re creating rules to align here.
Let’s see some of the changes/options in the wizard below
EDP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, EDP-unaware apps might not respect the corporate network boundary and will encrypt all files they create or modify, meaning that they could encrypt personal data and cause data loss during the revocation process. Care must be taken to get a support statement from the software provider that their app is safe with EDP before adding it to your Protected App list.
So, just like I mentioned in my earlier blog post, we’ll still need the Publisher and Product Name, which you can either get from the Windows Store for Business site or run the following PowerShell command on a machine with your UWA installed:
Get-AppxPackage | select name, publisher
NOTE: For Windows Classic apps, you can get the required information with the following command:
Get-AppLockerFileInformation -Path “<path of exe>”
I also published a list from my machine in my last blog!
Let’s start filling out our app details for the UWA apps
Now we have our apps loaded!
Confirm your EDP restrictions
Now check your configuration for identity and locations.
For further details on proper configuration, see this Microsoft Docs page
You can see some new Additional Settings here as well, note that some of the RMS integration that was here prior is now gone. Specifically we see some UI options to configure for displaying the EDP overlay and Personal/Work ownership settings (which didn’t exist before.