# How Microsoft Protects Corporate Data on Employee Devices > A system that lets companies remotely lock or delete specific work data on a phone or computer without wiping the user's personal files. - **Patent:** US 9430664 - **Original title:** Data protection for organizations on computing devices - **Owner:** Microsoft Technology Licensing LLC - **Granted:** 2016 - **Status:** Active - **Times cited:** 10 - **Field:** software, consumer_electronics, telecommunications ## What it does This patent describes a software gatekeeper on a device that manages corporate data security. It provides an API, or a set of rules, that apps use to ask the system to encrypt specific files using a corporate key. If an employee leaves a company or loses their device, the company sends a signal to the device. The system then deletes the specific decryption key for that organization, effectively turning the work files into unreadable digital noise while leaving personal photos and apps untouched. ## What it does NOT cover - Does not cover full-device remote wipes that erase all personal and system data. - Does not cover encryption methods that rely on user-entered passwords rather than managed keys. - Does not cover cloud-based storage security that does not involve local device-level key management. - Does not cover hardware-level security like Trusted Platform Modules (TPM) that exist independently of the OS API. ## The clever bit By managing security at the file and key level rather than the device level, the system enables selective 'corporate amnesia' where only work-related data is destroyed upon command. ## Real-world examples 1. Microsoft Intune 2. Windows Information Protection 3. Enterprise Mobile Management (EMM) suites ## Why it matters This technology is a cornerstone of Bring Your Own Device (BYOD) policies. It allows businesses to enforce security compliance on personal smartphones without infringing on employee privacy, which is essential for modern enterprise mobility management. ## Frequently asked questions ### What does How Microsoft Protects Corporate Data on Employee Devices cover? A system that lets companies remotely lock or delete specific work data on a phone or computer without wiping the user's personal files. ### Who owns patent US 9430664? Microsoft Technology Licensing LLC owns this patent, granted in 2016. ### When does this patent expire? This patent is expected to expire on August 30, 2036, when the invention enters the public domain. ### What is patent US 9430664 cited by? This patent has been cited by 10 later patents that build on its ideas. ### What problem does this patent solve? This technology is a cornerstone of Bring Your Own Device (BYOD) policies. It allows businesses to enforce security compliance on personal smartphones without infringing on employee privacy, which is essential for modern enterprise mobility management. ### What does this patent NOT cover? Does not cover full-device remote wipes that erase all personal and system data. **Full plain-English explainer:** https://patentbrief.org/patent/us/9430664/windows-defender-antivirus **Original patent:** https://patents.google.com/patent/US9430664 --- _Source: PatentBrief — https://patentbrief.org. Patent facts are from public records; the plain-English explanation is PatentBrief's._