Forum Discussion

jjboffy's avatar
jjboffy
Copper Contributor
Dec 16, 2020

WIP w/ MDM Office 365 Licences

Greetings Everyone,

I am attempting to get a WIP policy set up for my company to protect our files in this new "work-from-home" era. Our devices are MDM enrolled and the policy I have created is working mostly as intended for my test group.

 

Biggest issue is this: all files labeled File Ownership - "work-domain" are opening as read-only with the following message in Office apps. 

If I click on Activate, it completely messes up my computer's Office activation, I become un-activated on all profiles and have to completely re-install to fix the issue.

 

What am I missing? Is this a network boundary issue? An enrollment issue? Or some other setting I have overlooked, perhaps on a different window?

 

Any help would be grand!

    • jjboffy's avatar
      jjboffy
      Copper Contributor

      JanBakkerOrphanedThanks for the reply!

       

      I haven't configured any cloud services boundaries yet, so I haven't used the /*AppCompat*/ string. Do I need to use it on network domain and IP4 boundaries as well? I didn't think I did. And yes, the Office ProPlus XML is included in my protected apps.

       

      I wasn't sure what the Denied-Office option was below it, but I've tried it with both, neither, and each selected, all with the same results. I've even tried adding the Excel Program via the Desktop Apps dropdown where you have to enter the fully qualified application publisher name. Same behavior.

       

      My issue is happening when reading any file on a network file server mapped to my profile. My inclination is that its either not seeing my domain boundary or IP boundary. When I open the file with Excel, it becomes read-only and when I bring up "Task Manager ---> Details ---> Enterprise Context" Excel.exe is listed as Enlightened and Work Owned, so I figured that I had the Protected Apps set up correctly.

       

      I was hoping the domain portion of this project would be the easy part, because I know when I start adding cloud service boundaries it is going to get hairy :facepalm:

Resources