none
Enterprise Protected Domain Names not working in internet explorer RRS feed

  • Question

  • After applying enterprise data protection , the ie browser does not changes to work mode when opening enterprise protected domains. The wip status has returned 11  .What is the problem ? this is the sync ml i have sent to enable the wip
    <SyncML xmlns="SYNCML:SYNCML1.2">
      <SyncHdr></SyncHdr>
      <SyncBody>
        <Atomic>
          <CmdID>143457</CmdID>
          <Replace>
            <CmdID>143458</CmdID>
            <Item>
              <Target>
                <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/EDPEnforcementLevel</LocURI>
              </Target>
              <Data>3</Data>
              <Meta>
                <Format xmlns="syncml:metinf">int</Format>
              </Meta>
            </Item>
            <Item>
              <Target>
                <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/EnterpriseProtectedDomainNames</LocURI>
              </Target>
              <Data>office.com|sharepoint.com</Data>
              <Meta>
                <Format xmlns="syncml:metinf">chr</Format>
              </Meta>
            </Item>
            <Item>
              <Target>
                <LocURI>./Vendor/MSFT/Policy/Config/NetworkIsolation/EnterpriseIPRange</LocURI>
              </Target>
              <Data>172.23.0.0–172.23.255.255</Data>
              <Meta>
                <Format xmlns="syncml:metinf">chr</Format>
              </Meta>
            </Item>
            <Item>
              <Target>
                <LocURI>./Vendor/MSFT/Policy/Config/NetworkIsolation/EnterpriseNetworkDomainNames</LocURI>
              </Target>
              <Data>zzz.com</Data>
              <Meta>
                <Format>chr</Format>
              </Meta>
            </Item>
            <Item>
              <Target>
                <LocURI>./Vendor/MSFT/Policy/Config/NetworkIsolation/EnterpriseCloudResources</LocURI>
              </Target>
              <Data>zoho.com</Data>
              <Meta>
                <Format xmlns="syncml:metinf">chr</Format>
              </Meta>
            </Item>
            <Item>
              <Target>
                <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/CheckEDPNewGroup/EXE/Policy</LocURI>
              </Target>
              <Meta>
                <Format xmlns="syncml:metinf">chr</Format>
              </Meta>
              <Data>&lt;RuleCollection Type=&quot;EXE&quot; EnforcementMode=&quot;Enabled&quot;&gt;&lt;FilePathRule
              Id=&quot;e2bd3661-3305-4100-a2a9-776682c95848&quot; Name=&quot;%SYSTEM32%\notepad.exe&quot; Description=&quot;Allow all
              apps&quot; UserOrGroupSid=&quot;S-1-1-0&quot; Action=&quot;Allow&quot;&gt;&lt;Conditions&gt;&lt;FilePathCondition
              Path=&quot;C:\\windows\\system32\\notepad.exe&quot;/&gt;&lt;/Conditions&gt;&lt;/FilePathRule&gt;&lt;FilePathRule
              Id=&quot;db1abd06-68a1-483c-97c8-a1118bd9c5ff&quot; Name=&quot;%PROGRAMFILES%\Google\Chrome\Application\chrome.exe&quot;
              Description=&quot;Allow all apps&quot; UserOrGroupSid=&quot;S-1-1-0&quot;
              Action=&quot;Allow&quot;&gt;&lt;Conditions&gt;&lt;FilePathCondition Path=&quot;C:\\Program Files
              (x86)\\Google\\Chrome\\Application\\chrome.exe&quot;/&gt;&lt;/Conditions&gt;&lt;/FilePathRule&gt;&lt;FilePathRule
              Id=&quot;14255313-5fed-409d-bdb3-703fd80cfcfb&quot; Name=&quot;%PROGRAMFILES%\Internet Explorer\iexplore.exe&quot;
              Description=&quot;Allow all apps&quot; UserOrGroupSid=&quot;S-1-1-0&quot;
              Action=&quot;Allow&quot;&gt;&lt;Conditions&gt;&lt;FilePathCondition Path=&quot;C:\\Program Files\\Internet
              Explorer\\iexplore.exe&quot;/&gt;&lt;/Conditions&gt;&lt;/FilePathRule&gt;&lt;/RuleCollection&gt;</Data>
            </Item>
            <Item>
              <Target>
                <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/EDPShowIcons</LocURI>
              </Target>
              <Data>1</Data>
              <Meta>
                <Format xmlns="syncml:metinf">int</Format>
              </Meta>
            </Item>
            <Item>
              <Target>
                <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/DataRecoveryCertificate</LocURI>
              </Target>
              <Meta>
                <Format>b64</Format>
                <Type>text/plain</Type>
              </Meta>
              <Data>
              AQABAAEAAAChAwAAnQMAAAAAAAACAAAAgQMAABwAAAAAAAAAAAAAADCCA30wggJloAMCAQICEHAR6lJD6ISVSNj9jAEhWnMwDQYJKoZIhvcNAQEFBQAwSzERMA8GA1UEAxMIZGhydXZlc2gxDDAKBgNVBAcTA0VGUzEoMCYGA1UECxMfRUZTIEZpbGUgRW5jcnlwdGlvbiBDZXJ0aWZpY2F0ZTAgFw0xNjEwMjUwNzMwMDhaGA8yMTE2MTAwMTA3MzAwOFowSzERMA8GA1UEAxMIZGhydXZlc2gxDDAKBgNVBAcTA0VGUzEoMCYGA1UECxMfRUZTIEZpbGUgRW5jcnlwdGlvbiBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkWwwbNopIMLAA+Gff7DgmbN6cxHvuN/vs6/z1lGnVkXiU/HkPHoBfxXnqf6iBMC3YfSAMiwOCPQqrgpDy0ncyvVYnXSmUdCwJ8BFLuWLjZ9/+7VCQ87bppf8rHnFt3YmqZgYkxEtNUajQL+VsADxvNQospiBz5KQOO5EHEZOqqG1mBVLxPC95CQQujMs50ALrAlcSdK8KunmW/T66vRJOS6ZS+WUdDKResScjwdThqppWvXICU5obxLfK70Mljzmd0sahKI48c1sZVGDIuyHds4qF2lIMFYCsLLaaHiGhiD77ONb2ukLLcWHFCIlpR0KQQWP/jFklYz3UpW/3ndJUCAwEAAaNbMFkwFgYDVR0lBA8wDQYLKwYBBAGCNwoDBAEwNAYDVR0RBC0wK6ApBgorBgEEAYI3FAIDoBsMGWRocnV2ZXNoQERIUlVWRVNILUxBUFRPUAAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAfU2MCehjNHfpendP0d5L9fJqYWP2aoRAWku88xhr0SAPPzuOu4+xf1V62fJfeObWBPJK3q8ZB6gRb5FZYepE9CUiR74ZHF/8jbMBLfvz+KrhlRoXaqdXRv3JoBTYkN6psVcotitNAAt3NT/lJzolXJc2kmlSmC4fvbilMLWfy6Qt6aCcCLsQuAGQ1Cx0bTGQ1bOv5K0DIfq5UMPWcWxMqBWOk1lkAXPpJB9kTC32jxvix6DlIWkudoiCV92HjXMRyzkYxgOkSATI1JGp8k6CqzhkbPbOGYbrvG8jZ+RdRqfOevLPIOjIalNghaGjM9YKWV1OiGnc+J+f3qH6zdpAhg==</Data>
            </Item>
          </Replace>
        </Atomic>
      </SyncBody>
    </SyncML>
    


    • Edited by yasargtsby Thursday, March 30, 2017 1:49 PM
    Thursday, March 30, 2017 12:46 PM

All replies

  • I am also facing the same issue. Although, WIP is being enabled via the App Locker CSP, the domain names given under EnterpriseProtectedDomain names does not seem to work. 

    I have set InternetExplorer, and Edge as corporate apps using the WIP App locker CSP. Now the domain names set under Enterprise Protected Domain names are not isolated on the corporate apps set above. I am able to copy paste from a protected domain to an unprotected domain.

    On querying the WIP enabled status, I get the status as 11 which corresponds to the fact that WIP and EDP are enabled properly.

    I am not sure whether I am missing on any other additional setting. Can anyone help out for the same ? 

    Thursday, May 11, 2017 5:00 AM