Microsoft broadens test of Windows 10's Enterprise Data Protection feature

Microsoft quietly has made available to Windows Insiders the ability to test the Enterprise Data Protection file-encryption technology it is building into Windows 10.
Written by Mary Jo Foley, Senior Contributing Editor

Microsoft quietly has made its Enterprise Data Protection capability -- one of the top Windows 10 security features Microsoft has has been touting since 2014 -- available for testing by Windows Insiders.


Enterprise Data Protection (EDP), which provides file-level encryption for business data and apps in the name of data separation and leak prevention, was made available to Windows Insiders as of Build 14295.

Microsoft didn't tout the availability of EDP as part of that test build, which went live on March 25, but company officials did note its availability in a recently published company roadmap for Windows 10.

According to the roadmap (under the "In Public Preview" section), EDP will be part of all variants of Windows 10 that run on PCs, tablets, mobile/handheld devices, "industry devices" (embedded) and Surface Hub. Microsoft released updated EDP technical documentation on TechNet last week, and officials discussed building EDP-aware apps during a session at the company's Build 2016 developers conference.

"Enterprise Data Protection is currently available for Windows Insiders to test and will be broadly available later this year," said a company spokesperson when I asked about Microsoft's latest ship target.

(Another source of mine said that EDP is expected to make it into the Windows 10 Anniversary Update, a k a Redstone 1, which will be out around July 2016.)

Though Microsoft originally had hoped to make EDP part of the RTM version of Windows 10 last July, and later, part of the November 2015 update to Windows 10, but that didn't end up happening.

EDP allows businesses to restrict which apps can be used by/for work. For Windows Phones, EDP will toss an encryption key when the screen is locked. The feature allows for selective wipe, so that when an employee leaves an organization, only work-related apps and data, and not personal ones, are removed from a user's device.

Microsoft's goal is for EDP to work hand-in-hand with the company's Azure Rights Management service. However, as the EDP technical documentation notes:

"EDP is still in development and is not yet integrated with Azure Rights Management. This means that while you can deploy an EDP-configured policy to a protected device, that protection is restricted to a single user on the device. Additionally, the EDP-protected data must be stored on NTFS, FAT, or ExFAT file systems."

Microsoft also has published updated information on using its Intune device-management service to create an EDP policy.

Editorial standards