Windows Information Protection (WIP) & Its Replacement

Microsoft Windows Information Protection (WIP) helps protect your enterprise data by preventing it from potential data leakages. It is an effective tool to manage and control the data security. However, Microsoft has announced that it is depreciating WIP starting July 2022 and will only continue to work on the specific versions of Windows 10 and Windows 11.

Considering this, it's preferred to opt for the alternative solutions of Microsoft Purview Information Protection (MPIP) and Microsoft Purview Data Loss Prevention for the protection of the enterprise data.

This article covers the details of WIP and the tools that can deliver the functionalities of WIP.

Part 1 : What is Windows Information Protection (WIP)?

Considering the significance of data security in an organization, it's necessary to have data protection policies against potential data leakages and attacks. WIP (previously known as Enterprise Data Protection, EDP) also does the same. It allows you to protect the organization's data, while also ensuring that the employees' experience isn't compromised.

To understand the functionality of Microsoft WIP, here are some of the ways it works to help enhance your organization's processes:

Protect your organization from potential enterprise data leaks on employee-owned and enterprise-owned devices.
Brings the control and ownership of your organization's data in your hands.
Control the data access and data sharing mechanisms opted by the applications that aren't enterprise aware.

Following are some of the simple ways to achieve the above-mentioned scenarios:

Encrypt all the data residing on employee devices, whether they are company-owned or employee-owned.
Define and control the application usage by allowing the data access to only the protected apps and restricting its access to the non-protected ones.
Remotely control the devices by wiping the enterprise data from the employee devices.

To utilize WIP in your organization, it must have a Windows 10 operating system, with version 1607 or later.

Additionally, you can create and deploy your enterprise Windows Information Protection policy. This policy helps define the following:

List of protected apps such as the ones you allow access to enterprise data.
Define the WIP protection level considering the sensitivity of organization data.
Outline the usage of enterprise data over the network.

Part 2 : Which Windows OS Versions still Support WIP?

Although Microsoft is depreciating the WIP starting July 2022, it still works on certain Windows versions. The supported versions include:

Windows 10 for version 1607 or later.
Windows 11.

To make the WIP work on the above-mentioned operating systems, a management solution is also required. This can be Microsoft Intune, Microsoft Configuration Manager, or third-party MDM solutions.

Part 3 : Replacement of Windows Information Protection

Considering the discontinuation of Microsoft WIP, the following are two replacement tools:

1Microsoft Purview Information Protection (MPIP)

This tool was previously known as Microsoft Information Protection and helps protect sensitive data. To do so, the tool allows you to discover important data across the environment, classify it to identify sensitive data and protect this data by applying flexible encryption mechanisms.

You can identify your data via the capabilities of sensitive information type, trainable classifiers, and data classification. Afterward, you can apply the relevant protection mechanisms to it, for example, message encryption, double key encryption, rights management connector, and such. Lastly, you can also prevent data loss using the capabilities of Microsoft Purview Data Loss Prevention, Endpoint Data Loss Prevention, and more.

2Microsoft Purview Data Loss Prevention (Microsoft Purview DLP)

Microsoft Purview Data Loss Prevention is a cloud-native solution that gives you control over your data by detecting sensitive information across different platforms and the endpoint. You can create and manage data protection policies from a single space of the Microsoft Purview compliance portal.

Using the capabilities of Machine Learning and Data Loss Protection, the tool provides Context-Aware Detection, Dynamic Controls, and Automated Mitigation. Lastly, you can identify the risky users and assign them a risk level to help execute insider risk management.

In addition to these two tools, you can also utilize a Windows Mobile Device Management (MDM) solution to enforce security policies and protect the enterprise data.

Part 4 : Comparison: WIP vs MPIP vs Microsoft Purview DLP

The following table covers the difference between WIP, MPIP, and Microsoft Purview DLP in terms of scope, protection level, encryption, and capability:

	WIP	MPIP	Microsoft Purview DLP
Scope	WIP protects the potential data leakage on personal or company-owned devices.	MPIP protects sensitive data during its transit and storage by helping discover and classify it.	It is a cloud-native solution that helps protect sensitive data across Microsoft applications and the endpoint.
Protection Level	WIP has three protection levels that can be enforced on the devices: - Silent mode which encrypts and audits the data. - Override mode which encrypts, prompts, and audits the data. - Block mode which encrypts, blocks, and audits the data.	Using MPIP, you can enable the following capabilities to protect the data: - Sensitivity labels - Azure Information Protection unified labeling client - Double Key Encryption - Information protection scanner - Microsoft Defender for Cloud Apps - Microsoft Purview Data Map - Microsoft Information Protection SDK - Message Encryption - Service encryption with Customer Key - SharePoint Information Rights Management (IRM) - Rights Management connector	With MS Purview DLP, you can utilize the following protection controls: - Context-aware detection - Dynamic Controls - Automated Mitigation - Insider Risk Management
Encryption	WIP allows data encryption at rest, such as on removable media and local files.	MPIP allows the mechanisms of double key encryption, message encryption, and service encryption with customer key.	It allows the encryption and protection of data where it resides and in transit.
Capability	Provides the capability to prevent unintentional data leakages.	Provides the capability to manage and protect your data across on-premises, SaaS, and multi-cloud platforms.	Provides data loss prevention capabilities across applications, services, and endpoints.

How to Turn off Windows Information Protection?

To disable the WIP capabilities, the simplest method is to unassign the existing WIP policy, which removes the protection files from the respective devices.

Another method is to set the policy status to off. This can be achieved via the following steps. Note, the steps are written considering the disabling of WIP from Microsoft Intune:

Navigate to the Microsoft Intune admin center.
From the sidebar, select Apps and then App protection policies.
From the available policies, select the policy.
Click on the Properties.
Under the Required Settings, select the Off for Windows Information Protection mode.
Navigate to the Review and Save.
Click on Save to complete the process.

Part 5 : Benefits of Windows Information Protection

Following are some of the significant benefits of WIP:

Protect the enterprise data on the personal and company-owned devices of the employees.
Keep track of the issues and take respective actions via the audit reports.
Ability to integrate with Microsoft Intune, Microsoft Configuration Manager, or a third-party MDM solution utilized by an organization.
Protect the line-of-business applications without requiring to manually update the apps now and then.

Bringing it all together, WIP is a great choice for data protection and prevention of data leakages. However, considering the announcement of its depreciation, the organizations can opt for Microsoft Purview Information Protection and Microsoft Purview Data Loss Protection as the latter two tools tend to also cover all the functionalities offered by the WIP.