none
Enterprise Data Protection - EnforcementLevel is not being set to the value sent in the profile. RRS feed

  • Question

  • I have followed all the instructions as specified in https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp .

    Added all the necessary policies and set the EDPEnforcementLevel to 3. Yet the device seems to remain in the default value of 1. On configuring outlook, it does not prevent me from copy pasting data when I have used an enterprise domain.

    The profile that I am using to configure EDP is as follows. The profile is being consumed properly by the device and I get a 200 OK response for all the nodes in the SyncML.

    <SyncML xmlns="SYNCML:SYNCML1.2">
      <SyncHdr></SyncHdr>
      <SyncBody>
        <Sequence>
          <CmdID>1</CmdID>
          <Atomic>
            <CmdID>1479817847296</CmdID>
            <Replace>
              <CmdID>1479817847296</CmdID>
              <Item>
                <Target>
                  <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/EnterpriseProtectedDomainNames</LocURI>
                </Target>
                <Data>primarydomain.com|secondarydomain.com</Data>
                <Meta>
                  <Format>chr</Format>
                </Meta>
              </Item>
              <Item>
                <Target>
                  <LocURI>./Vendor/MSFT/Policy/Config/NetworkIsolation/EnterpriseNetworkDomainNames</LocURI>
                </Target>
                <Data>primarydomain.com,secondarydomain.com</Data>
                <Meta>
                  <Format>chr</Format>
                </Meta>
              </Item>
              <Item>
                <Target>
                  <LocURI>./Vendor/MSFT/Policy/Config/NetworkIsolation/EnterpriseIPRange</LocURI>
                </Target>
                <Data>192.168.0.0-192.168.255.255</Data>
                <Meta>
                  <Format>chr</Format>
                </Meta>
              </Item>
              <Item>
                <Target>
                  <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/CheckMyEDPGroup/EXE/Policy</LocURI>
                </Target>
                <Meta>
                  <Format>chr</Format>
                </Meta>
                <Data>&lt;RuleCollection Type=&quot;EXE&quot; EnforcementMode=&quot;Enabled&quot;&gt;&lt;FilePathRule
                Id=&quot;172B8ACE-AAF5-41FA-941A-93AF11200000&quot; Name=&quot;Default Rule to allow all apps&quot;
                Description=&quot;Allow all apps&quot; UserOrGroupSid=&quot;S-1-1-0&quot;
                Action=&quot;Allow&quot;&gt;&lt;Conditions&gt;&lt;FilePathCondition Path=&quot;C:\Program Files (x86)\Microsoft
                Office\root\Office16\OUTLOOK.EXE&quot;/&gt;&lt;/Conditions&gt;&lt;/FilePathRule&gt;&lt;/RuleCollection&gt;</Data>
              </Item>
              <Item>
                <Target>
                  <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/EDPShowIcons</LocURI>
                </Target>
                <Data>1</Data>
                <Meta>
                  <Format>int</Format>
                </Meta>
              </Item>
              <Item>
                <Target>
                  <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/DataRecoveryCertificate</LocURI>
                </Target>
                <Meta>
                  <Format>b64</Format>
                  <Type>text/plain</Type>
                </Meta>
                <Data>
                AQABAAEAAAChAwAAnQMAAAAAAAACAAAAgQMAABwAAAAAAAAAAAAAADCCA30wggJloAMCAQICEHAR6lJD6ISVSNj9jAEhWnMwDQYJKoZIhvcNAQEFBQAwSzERMA8GA1UEAxMIZGhydXZlc2gxDDAKBgNVBAcTA0VGUzEoMCYGA1UECxMfRUZTIEZpbGUgRW5jcnlwdGlvbiBDZXJ0aWZpY2F0ZTAgFw0xNjEwMjUwNzMwMDhaGA8yMTE2MTAwMTA3MzAwOFowSzERMA8GA1UEAxMIZGhydXZlc2gxDDAKBgNVBAcTA0VGUzEoMCYGA1UECxMfRUZTIEZpbGUgRW5jcnlwdGlvbiBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkWwwbNopIMLAA+Gff7DgmbN6cxHvuN/vs6/z1lGnVkXiU/HkPHoBfxXnqf6iBMC3YfSAMiwOCPQqrgpDy0ncyvVYnXSmUdCwJ8BFLuWLjZ9/+7VCQ87bppf8rHnFt3YmqZgYkxEtNUajQL+VsADxvNQospiBz5KQOO5EHEZOqqG1mBVLxPC95CQQujMs50ALrAlcSdK8KunmW/T66vRJOS6ZS+WUdDKResScjwdThqppWvXICU5obxLfK70Mljzmd0sahKI48c1sZVGDIuyHds4qF2lIMFYCsLLaaHiGhiD77ONb2ukLLcWHFCIlpR0KQQWP/jFklYz3UpW/3ndJUCAwEAAaNbMFkwFgYDVR0lBA8wDQYLKwYBBAGCNwoDBAEwNAYDVR0RBC0wK6ApBgorBgEEAYI3FAIDoBsMGWRocnV2ZXNoQERIUlVWRVNILUxBUFRPUAAwCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAfU2MCehjNHfpendP0d5L9fJqYWP2aoRAWku88xhr0SAPPzuOu4+xf1V62fJfeObWBPJK3q8ZB6gRb5FZYepE9CUiR74ZHF/8jbMBLfvz+KrhlRoXaqdXRv3JoBTYkN6psVcotitNAAt3NT/lJzolXJc2kmlSmC4fvbilMLWfy6Qt6aCcCLsQuAGQ1Cx0bTGQ1bOv5K0DIfq5UMPWcWxMqBWOk1lkAXPpJB9kTC32jxvix6DlIWkudoiCV92HjXMRyzkYxgOkSATI1JGp8k6CqzhkbPbOGYbrvG8jZ+RdRqfOevLPIOjIalNghaGjM9YKWV1OiGnc+J+f3qH6zdpAhg==</Data>
              </Item>
              <Item>
                <Target>
                  <LocURI>./Device/Vendor/MSFT/EnterpriseDataProtection/Settings/EDPEnforcementLevel</LocURI>
                </Target>
                <Data>3</Data>
                <Meta>
                  <Format>int</Format>
                </Meta>
              </Item>
            </Replace>
          </Atomic>
        </Sequence>
      </SyncBody>
    </SyncML>
    

    I am not sure whether I am missing something here. Can I get a guidance on the same and whether I am missing any mandatory policies ?

    Monday, November 28, 2016 10:42 AM

All replies