Are you having issues with Windows Information Protection (WIP, previously known as “Enterprise Data Protection – EDP”) policies which are configured through SCCM ConfigMgr CB 1606 production version? If so, I was one of you. Here I’m talking about the issue which I faced during the deployment of WIP policy via Windows 10 MDM channel. I will try to explain the issue which I had with WIP CI (for the specific scenario which I tested) :- When you open WIP CI and try to check whether everything is ok or not and just exit out of CI with/without doing any changes, then it will automatically change some values in CI XML and this will intern break the entire CI. I’ve embedded a video below which will explain this bug/issue in much more detail. If you are new to WIP/EDP and you wanted to know how to create, deploy and test WIP with Windows 10 then have a look at the my previous post and video here.
Good news is that the new rollup update (KB3186654) released by Microsoft most probably fixed this issue. I have done extensive testing with Windows Information Protection (WIP) policies/CIs after installing the new rollup on SCCM CB 1606 server and the results are very promising. I tried creating new WIP CIs, editing the existing WIP CIs etc…All the scenarios which I tested worked well for me. I tested this with Windows 10 1607 build Build numbers 14393.00 and 14393.82 (via MDM channel).
EDP WIP CI Known Issue with SCCM CB 1606 before installing Rollup Update KB 3186654
How to Create – Deploy WIP EDP Using SCCM CB 1606 and End-user experience of WIP :-
Sample of the correct WIP CI with correct ConstantValue
<Condition> <Expression> <Operator>NotEquals</Operator> <Operands> <SettingReference AuthoringScopeId=”GLOBAL” LogicalName=”EnterpriseDataProtection” DataType=”String” SettingLogicalName=”AllowedEXEHash” SettingSourceType=”CIM” Method=”Value” Changeable=”false” /> <ConstantValue Value=”EB9D585A55FAEA4A913BBAB7101911F5BAEA7CA84A8D8AD6BBB7FB50363117F1” DataType=”String” /> </Operands> </Expression> </Condition>