Work Folders and Offline Files support for Windows Information Protection

Hi all,

I’m Jeff Patterson, Program Manager for Work Folders and Offline Files.

Windows 10, version 1607 will be available to Enterprise customers soon so I wanted to cover support for Windows Information Protection (a.k.a. Enterprise Data Protection) when using Work Folders or Offline Files.

Windows Information Protection Overview

Windows Information Protection (WIP) is a new security feature introduced in Windows 10, version 1607 to protect against data leaks.

Benefits of WIP

  • Separation between personal and corporate data, without requiring employees to switch environments or apps
  • Additional data protection for existing line-of-business apps without a need to update the apps
  • Ability to wipe corporate data from devices while leaving personal data alone
  • Use of audit reports for tracking issues and remedial actions
  • Integration with your existing management system (Microsoft Intune, System Center Configuration Manager 2016, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company

For additional information on Windows Information Protection, please reference our TechNet documentation.

Work Folders support for Windows Information Protection

Work Folders was updated in Windows 10 to support Windows Information Protection.

If a WIP policy is applied to a Windows 10 device, all user data stored in the Work Folders directory will be encrypted using the same key and Enterprise ID that is used by Windows Information Protection.

Note: The user data is only encrypted on the Windows 10 device. When the user data is synced to the Work Folders server, it’s not encrypted on the server. To encrypt the user data on the Work Folders server, you need to use RMS encryption.

Offline Files and Windows Information Protection

Offline Files (a.k.a. Client Side Caching) is an older file sync solution and was not updated to support Windows Information Protection. This means any user data stored on a network share that’s cached locally on the Windows 10 device using Offline Files is not protected by Windows Information Protection.

If you’re currently using Offline Files, our recommendation is to migrate to a modern file sync solution such as Work Folders or OneDrive for Business which supports Windows Information Protection.

If you decide to use Offline Files with Windows Information Protection, you need to be aware of the following issue if you try to open cached files while working offline:

Can’t open files offline when you use Offline Files and Windows Information Protection
https://support.microsoft.com/en-us/kb/3187045

Conclusion

Offline Files does not support Windows Information Protection, you should use a modern file sync solution such as Work Folders or OneDrive for Business that supports WIP.