Brendan Main, for non DEP devices such as BYOD, Corporate device identifiers can be used to pre-declare devices as corporate-owned. More information can be found in our docs here: Identify devices as corporate-owned.
Additionally, to make managing devices easier, you can also use Microsoft Intune device categories to automatically add devices to groups based on categories that you define. After you configure device groups, and users enroll their device, they are presented with a list of the categories you configured. After they choose a category and finish enrollment, their device is added to the Active Directory security group that corresponds with the category they chose.
parthpattnk, are you still experiencing an issue with the error you've described? Would recommend validating the data transfer policy configured for your App Protection policies.
Sharing a couple of articles that may help determine what to look for:
Troubleshoot mobile application management
Review client app protection logs
If you continue facing an issue where MAM is applied and opening documents is still not working as expected, please open a support case via the Intune Admin console's Help and Support or any of the methods here, as this will help the team capture all the information needed to resolve the issue. Also, please direct message us with your support case number for follow up.
Hope this helps!