question

ChrisHeymans-5441 avatar image
0 Votes"
ChrisHeymans-5441 asked Audi86 commented

MDM on Windows 10: Office 365 installation unenlightened

MDM Enrollment

We are deploying MDM. All users have the same license assigned.

New equipment with Windows 10 Enterprise

Some Devices simply refuse to enroll in MDM and enroll in MAM instead

Devices are Hybrid AD joined. Some of these machines work beautifully and all our apps become enlightened

Every time a work file is opened in Outlook, regardless of type this is received
23017-opens-personal-files-only.png

Exclusion policies make no difference, checking Enterprise context simply lists Personal. On the machines, where the MDM enrollment works the same apps (same version etc.) are listed as enlightened.

Event Viewer is of no help, some of the machines enroll and never list into Endpoint Device Management

...


mem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CiciWu-MSFT avatar image
0 Votes"
CiciWu-MSFT answered Audi86 commented

From your description, it seems those device use the MAM without device enrollment, or MAM-WE to access corporate resources. For such kind of MAM, it allows IT administrators to manage apps using MAM and app protection policies on devices not enrolled with Intune MDM. So when you use app protection policies, please make sure that the office suite apps have been added to Allowed apps blade, and there is no restriction settings to corporate data in Advance settings part.
23166-090801.jpg

Here is a sample for MAM-WE with app protection policy, just for your reference.

https://www.petervanderwoude.nl/post/windows-10-mam-we-and-office-desktop-apps/


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



090801.jpg (39.6 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi

All the app exclusions are in-place.
Other machines same domain, simply do not enlist these exclusions and enroll with MAM (WIP) and does not switch over to MDM (Intune)

Your suggestion does not work

Thanks

0 Votes 0 ·

Would you please double check if the Outlook has added in Targeted apps? From the description, it seems to indicate Outlook app hasn't configured correctly to open corporate resource. Therefore, please make sure that Outlook app has added to Allowed app in Target app. Also, in Windows 10 Enterprise client, locate to Task Manager->Details, make sure the enterprise context of Outlook app belongs to company not personal.
23391-090901.png


0 Votes 0 ·
090901.png (53.0 KiB)

Hi

Yes, it is. We have several hundred people and for most, it works just fine.
There are several people with the issue mentioned and there is no indication of the why.


Thanks

0 Votes 0 ·
Show more comments