Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?
Are you having issues with Windows Information Protection (WIP, previously known as “Enterprise Data Protection – EDP”) policies configured through SCCM ConfigMgr CB 1606 production version?
If so, I was one of you. Here I’m talking about the issue I faced during the deployment of the WIP policy via the Windows 10 MDM channel. I will try to explain the issue which I had with WIP CI (for the specific scenario which I tested):-
Windows Information Protection = WIP
When you open WIP CI and try to check whether everything is ok or not and exit out of CI with/without doing any changes, it will automatically change some values in CI XML, which will break the entire CI.
I’ve embedded a video below that will explain this bug/issue in more detail. If you are new to WIP/EDP and want to know how to create, deploy, and test WIP with Windows 10, look at my previous post and video here.
The good news is that the new rollup update (KB3186654) released by Microsoft most probably fixed this issue. I have done extensive testing with Windows Information Protection (WIP) policies/CIs after installing the new rollup on SCCM CB 1606 server, and the results are very promising.
I tried creating new WIP CIs, editing the existing WIP CIs, etc…All the scenarios which I tested worked well for me. I tested this with Windows 10 1607 build Build numbers 14393.00 and 14393.82 (via MDM channel). Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?
EDP WIP CI Known Issue with SCCM CB 1606 before installing Rollup Update KB 3186654
How to Create – Deploy WIP EDP Using SCCM CB 1606 and End-user experience of WIP:-
Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?
Sample of the correct WIP CI with correct ConstantValue
<Condition> <Expression> <Operator>NotEquals</Operator> <Operands> <SettingReference AuthoringScopeId="GLOBAL" LogicalName="EnterpriseDataProtection" DataType="String" SettingLogicalName="AllowedEXEHash" SettingSourceType="CIM" Method="Value" Changeable="false" /> <ConstantValue Value="EB9D585A55FAEA4A913BBAB7101911F5BAEA7CA84A8D8AD6BBB7FB50363117F1" DataType="String" /> </Operands> </Expression> </Condition>
Are You Having Issue with Windows 10 WIP EDP SCCM CB Configuration Manager ConfigMgr Endpoint Protection?
Resources
Learn Microsoft Intune Related Posts Real World Experiences (anoopcnair.com)
SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)
Intune Device Management – HTMD Blog #2 (howtomanagedevices.com)
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…