To create a configuration item for WIP, follow these steps:
- Open the SCCM console, click the Assets And Compliance node, expand the Overview node, expand the Compliance Settings node, and then expand the Configuration Items node (see Figure 14.3).
FIGURE 14.3 System Center Configuration Manager console

2. Click the Create Configuration Item button. The Create Configuration Item Wizard will start (see Figure 14.4).
FIGURE 14.4 Create Configuration Item Wizard

3. On the General Information page, type a name (required) and a description (optional) for the policy into the Name and Description boxes.
4. In the Specify The Type Of Configuration Item That You Want To Create area, select the option that represents whether you’d like to use SCCM for device management, and then click Next. The options are as follows:
■ Settings For Devices Managed With The Configuration Manager Client: Windows 10
■ Settings For Devices Managed Without The Configuration Manager Client: Windows 8.1 and Windows 10
5. On the Supported Platforms page (see Figure 14.5), click the Windows 10 box, and then click Next.
FIGURE 14.5 Create Configuration Item Wizard – Supported Platforms

6. On the Device Settings page (see Figure 14.6), click Windows Information Protection, and then click Next.
FIGURE 14.6 Create Configuration Item Wizard – Device Settings

7. The Configure Windows Information Protection settings page appears, where you can configure a policy for the company.
When you create a process in SCCM, you can choose the apps that will be granted access to corporate data via WIP. Apps on the list can protect and restrict data from being copied or moved to unapproved apps.
The steps to add app rules are based on the type of rule template that is being applied.
You can add the following:
■ Store app (known as a Universal Windows Platform [UWP] app)
■ Signed Windows desktop app
■ AppLocker policy file
In the following sections, we will be adding Microsoft OneNote, which is a store app, to the App Rules list.