Every document in a container
Later this year Microsoft will also add another key security option to Windows 10: Enterprise Data Protection (EDP). This takes the container approach now common on smartphones to protect enterprise files, using policies that automatically store corporate content in encrypted locations, without encryption needing to be turned on manually for each file. But unlike most smartphone container systems, every file goes in its own container, with Windows acting as an access broker.
"Windows 10 is able to differentiate between corporate and personal data, based on where the data comes from," says Hallum. "You'll be able to set locations on the network, and say we consider these to be corporate; this is the corporate mail server, these are the corporate files servers, on these IP address ranges, using these DNS addresses. When content comes from those locations, the network knows where it comes from and we can say let's go ahead and encrypt that at the file level." For files created on the device, you can use policy to specify which apps are personal and which are corporate, and encrypt files from business apps automatically.
This will be a cross-platform solution, so files can be opened on OS X, iOS and Android. That will be easy for Office documents, which will need the 2016 versions of Office including the free Office Mobile apps that come with Windows 10, though you'll need a business subscription to cover them for commercial use. Only the Mac version of Office 2016 is currently out of preview, so the availability of Windows 10 containers will likely come at the same time as the Windows version of Office. Microsoft Intune is the only MDM service that can manage Office applications, but you'll be able to manage EDP containers using a range of MDM services or System Center Configuration Manager to provision keys and policies.
As with the other significant security technologies in Windows 10, this will require investment to make the most of it. But the opportunities for protecting credentials, apps and files with the combination of Windows 10 and Windows Server 2016 offer a level of security that just hasn't been available in previous Windows ecosystems.
Sign up for CIO Asia eNewsletters.