1. Home
  2. How To Encrypt And Protect Business Data On Windows Devices With SureMDM?

How To Encrypt And Protect Business Data On Windows Devices With SureMDM?

KB ID: 42G2004543
Views: 1187
Updated: June 2021

SureMDM can help keep Windows devices (both company-owned and employee-owned) secure by encrypting data, preventing data leakage, and restricting copy-paste functionality, all without disrupting the employee experience.

Note: This feature is only available for Windows Phone, Windows Enterprise, Windows Education and Windows Pro devices.


Steps to encrypt business data on your Windows device

1. Log in to SureMDM Web Console.

2. Click Profiles.

3. Select Windows and click Add.

4. Click Enterprise Data Protection and select Configure.

5. Enter a profile name and click Add to select the enterprise applications.

6. Fill in the Publisher and Package Name fields and click Add.

Your chosen enterprise applications can read, create, and update enterprise data. This will help to protect that app’s corporate data through the enforcement of EDP restrictions.

Note: You may also want to designate exempt applications. Exempt applications can read enterprise data, but can’t modify the data. Please note that when the user exempts applications, they’re allowed to bypass the EDP restrictions and access the corporate data.


7. Under Exempt Applications, click Add to select a supportive application to enable the user to open files under enterprise applications.

8. Fill in the Publisher and Package Name fields and click Add.

9. Under Protected Networks, click Add. In Primary Domain, enter the domain and click Add.

All traffic to the fully-qualified domains appearing in this list will be protected under Protected Networks.

10. From the Application Data Protection Level dropdown list, set the level of protection from the following options:

  • Off: The user is free to transfer data from protected apps to any other location on the device. No actions are logged on the SureMDM console.
  • Silent: The user is free to transfer data from  protected apps to any other location on the device. These actions are logged on the SureMDM console.
  • Allow Overrides: The user receives a caution prompt when attempting to transfer data from a protected to a non-protected app. If the user chooses to override this prompt, the action will be logged on the SureMDM console.
  • Block: Blocks enterprise data from leaving protected apps.

In the screenshot below, the administrator has selected the Allow Overrides option. 

Select Application Data Protection Level

11. On Windows 10 Mobile devices, you can enable the Prevent Corporate Data From Being Accessed By Apps option. Activating this setting prevents apps from accessing when a device is locked. It also restricts access to background applications or lock screen notifications.

12. Click Save to save the combination of settings (known as a profile).

13. Click Home.

14. Select the device(s) to which the profile has to be pushed and click Apply.

15. In the Apply Job/Profile to Device window, select the profile and click Apply.

16. The device will now be secured using the settings you specified for the profile. 

Employees will also no longer be able to copy paste work-related documents outside enterprise applications. It will also protect enterprise data that is saved on local files and on removable media.

For example, if an employee opens encrypted content from a managed application, then edits the content, and then tries to save the edited version with a different name, managed application automatically applies Enterprise Data Protection to the new document.

To explore other Windows BYOD and security features, try SureMDM for free.