Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection

Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?

Are you having issues with Windows Information Protection (WIP, previously known as “Enterprise Data Protection – EDP”) policies which are configured through SCCM ConfigMgr CB 1606 production version?

If so, I was one of you. Here I’m talking about the issue which I faced during the deployment of WIP policy via Windows 10 MDM channel. I will try to explain the issue which I had with WIP CI (for the specific scenario which I tested) :-

Windows Information Protection = WIP

When you open WIP CI and try to check whether everything is ok or not and  just exit out of CI with/without doing any changes, then it will automatically change some values in CI XML and this will intern break the entire CI.

Patch My PC

I’ve embedded a video below which will explain this bug/issue in much more detail. If you are new to WIP/EDP and you wanted to know how to create, deploy and test WIP with Windows 10 then have a look at my previous post and video here.

Good news is that the new rollup update (KB3186654) released by Microsoft most probably fixed this issue. I have done extensive testing with Windows Information Protection (WIP) policies/CIs after installing the new rollup on SCCM CB 1606 server and the results are very promising.

Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection
Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection

I tried creating new WIP CIs, editing the existing WIP CIs, etc…All the scenarios which I tested worked well for me. I tested this with Windows 10 1607 build Build numbers 14393.00 and 14393.82 (via MDM channel). Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?

1E Nomad

EDP WIP CI Known Issue with SCCM CB 1606 before installing Rollup Update KB 3186654

httpv://www.youtube.com/watch?v=embed/TA9aXAHZTms
Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection

How to Create – Deploy WIP EDP Using SCCM CB 1606 and End-user experience of WIP :-

Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?

httpv://www.youtube.com/watch?v=embed/ogylLn18C10
Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection

Sample of the correct WIP CI with correct ConstantValue

<Condition>                   <Expression>                     <Operator>NotEquals</Operator>                     <Operands>                       <SettingReference AuthoringScopeId="GLOBAL" LogicalName="EnterpriseDataProtection" DataType="String" SettingLogicalName="AllowedEXEHash" SettingSourceType="CIM" Method="Value" Changeable="false" />                       <ConstantValue Value="EB9D585A55FAEA4A913BBAB7101911F5BAEA7CA84A8D8AD6BBB7FB50363117F1" DataType="String" />                     </Operands>                   </Expression>                 </Condition>

Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?

Resources

Learn Microsoft Intune Related Posts Real World Experiences (anoopcnair.com)

SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)

Intune Device Management – HTMD Blog #2 (howtomanagedevices.com)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.