Tuesday, March 21, 2017

Work Folders

Work Folders is another relatively new feature, supported on Windows 10 devices (and earlier versions) as well as mobile devices that connect to Windows Server 2012 R2 or later. With Work Folders enabled, a user can securely sync data to her device from a user folder located in the corporate data center, allowing the user to work with it offline. Files created or modified in the local copy of the folder sync back to the file server in the corporate environment. You can set up Work Folders on a multitude of devices running Windows, iOS, or another supported platform. If you store all your personal work files in the Work Folders location (with as many subfolders as you want to create), they’ll roam with you to all your devices.

If this feature sounds familiar, that’s because it is—at least at a low level. This is a new generation of the client-side caching (CSC) technology that has been part of Windows networks for many years, powering folder redirection and Offline Folders. The difference is that Offline Folders requires that a device be joined to the domain. That excludes any personal devices running consumer versions of Windows. It also doesn’t work with tablets running operating systems other than Windows.

Windows 10 devices do not need to be domain joined for synchronization with personal files stored on the server. Your domain credentials unlock access to Work Folders, maintaining secure offline access to files.

On the server side, you enable Work Folders by installing the feature as part of the File Services role on a server running Windows Server 2012 R2 or later. Doing so installs a new panel where you can define a server file location to be synced with a specific user and then either create a DNS entry or publish a custom URL to reach the shared files.

Setting up Work Folders also enables Individual Rights Management (IRM) and Dynamic Access Control (DAC) for files in the shared location. Using these capabilities, administrators can designate specific documents as company resources, which can then be managed to prevent unauthorized access from the local device.

On the client side, syncing is natively integrated into the file system. To connect to Work Folders, you start in the desktop Control Panel by clicking the Set Up Work Folders option.

That, in turn, leads to a straightforward wizard where you enter either your email address or the URL that the administrator established and then accept the security policies associated with the data files in the Work Folders share, which includes the right to remotely delete them. Some device capabilities, such as encryption of the synced folder and a password-protected screen lock, might be required.

The Work Folders feature is similar in concept to other Microsoft file-related features, specifically OneDrive and OneDrive for Business. What makes it different?

OneDrive is a consumer service intended for storage of personal files. It’s connected to a Microsoft account and can’t be centrally managed or backed up. That makes it unsuitable for enterprise data.

OneDrive for Business provides access to Microsoft SharePoint resources and personal files stored in the Office 365 cloud. It is designed primarily for data collaboration in teams, with strong workflow-related features. It can be securely managed, but its extensive feature set means it’s unnecessarily complex for simple file storage and synchronization between devices.

Work Folders doesn’t have any file-sharing features, but it’s incredibly easy to use. It happens outside the firewall, so it doesn’t require a VPN connection. The administrator can require that Workplace Join be enabled, preventing a potential attacker (or a careless employee) from accessing files using untrusted devices. It doesn’t require the installation of a sync utility, and no additional configuration beyond the initial setup is necessary.

For Windows 10, the Work Folders feature has been enhanced for faster synchronization of changes. (In Windows 8.1, sync operations could be delayed by up to 10 minutes.) Windows 10 version 1511 adds integration with Enterprise Data Protection; using this feature, an administrator can require encryption on the remote device using a key associated with the Enterprise ID and can, in turn, wipe the data remotely using MDM software such as Microsoft Intune.

Source of Information : Microsoft Introducing Windows 10 For IT Professionals

No comments: