Entitlement Manager for Windows Desktop, or Windows Desktop Enforcer (WDE) allows organizations to prevent wrongful disclosure by using Attribute-Based Access Control (ABAC) to define and enforce Need-to-Know access policies. ABAC policies are used to control access to files anywhere they are accessed from the desktop. WDE enables Zero Trust Architecture (ZTA) on the Windows Desktop, enforcing Least Privileged Access even when the protected device is offline or disconnected from the grid.
WDE runs on desktops/laptops, windows server, windows virtual desktop, and VDI to monitor and control user activities, covering:
- USB devices
- CD/DVD burners
- File system (local and remote shared files)
- Network file access
- Clipboard (copy and paste)
- Application execution
- Web uploads and downloads (including web mail, posts through forms, blogs)
- File transfers (rcp)
It works in the background without needing any user attention and interacts only when a policy applies to help the user follow proper information handling procedures.