Microsoft quietly has made its Enterprise Data Protection capability -- one of the top Windows 10 security features Microsoft has has been touting since 2014 -- available for testing by Windows Insiders.
Enterprise Data Protection (EDP), which provides file-level encryption for business data and apps in the name of data separation and leak prevention, was made available to Windows Insiders as of Build 14295.
EDP allows businesses to restrict which apps can be used by/for work. For Windows Phones, EDP will toss an encryption key when the screen is locked. The feature allows for selective wipe, so that when an employee leaves an organization, only work-related apps and data, and not personal ones, are removed from a user's device.
Microsoft's goal is for EDP to work hand-in-hand with the company's Azure Rights Management service. However, as the EDP technical documentation notes:
"EDP is still in development and is not yet integrated with Azure Rights Management. This means that while you can deploy an EDP-configured policy to a protected device, that protection is restricted to a single user on the device. Additionally, the EDP-protected data must be stored on NTFS, FAT, or ExFAT file systems."