I have a short question which I cannot find the answer to on docs.
I am in the process of configuring Endpoint Manager device management for my company, and have set up some compliance and app protection policies. The policies have not been assigned to any groups yet. All users have M365 Enterprise E3 licenses applied. There are no pre-existing policies assigned to any users.
However when I log in at https://admin.microsoft.com and navigate to Devices>Manage, I see a number of user iphone and android devices listed with "App Management only" as state (not all company devices are listed just 20-25% of them).
Devices are not enrolled in Endpoint Manager, and naturally are not listed there.
If I navigate to Endpoint Manager > Apps> Selective Wipe, I can find one of these user devices and appear to be able to perform a wipe (although I have not completed the process, so as not to annoy the user).
Does anyone have any idea how these devices ended up with App Management even though no policies have been applied to company devices yet? I am stumped!