Configure Visual Studio as a WIP-exempt app
Windows Information Protection (WIP) helps to protect enterprise data from leaking through apps like email, social media, and the public cloud, which are outside of the enterprise’s control. WIP helps to protect against accidental data leakage on enterprise-owned devices and personal devices, without requiring changes to your environment or other apps.
Enlightened apps for WIP are expected to prevent enterprise data from going to unprotected network locations, and to avoid encrypting personal data. Visual Studio is not an enlightened app, so it doesn't work in WIP-enabled environments unless you exempt it. Follow the steps in this article to enable Visual Studio to function on a WIP-enabled machine.
Configure VS as a WIP-exempt app
You can exempt Visual Studio from WIP restrictions but still allow it to use enterprise data. WIP-exempt apps can connect to enterprise cloud resources using an IP address or a hostname. No encryption is applied, and the app can access local files.
To exempt Visual Studio from WIP, follow the steps to exempt a desktop app.
Create a WIP-exempt AppLocker policy file
Because Visual Studio includes multiple binaries, create a WIP-exempt AppLocker policy file. AppLocker allows you to automatically generate rules for all files within a folder.
Add AppCompat to the Enterprise cloud resource policy
To specify where Visual Studio can access enterprise data on your network, follow these steps to define where your protected apps can find and send enterprise data. To stop Windows from blocking connections to cloud resources through an IP address, make sure to add the /*AppCompat*/ string to the setting.
Related content
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for