Hi,
I have a very strange issue which is really testing my patience.
Previously I used app protection policy and am looking to move to work profile. I have a new group 'new' of users that I assigned an enrollment restriction to allow Android Enterprise personally owned to enroll. When I sign in under users in this group, a prompt to create a work profile is raised, great!
The issue is I want to also pilot it in my daily usage and I was not a member of this group. So I have another group which is a 'pilot' group and I added this to the enrollment restrictions, device compliance, and device configuration policies. I deleted all the microsoft apps, signed out of everything MS related. I also deleted the device registration in Azure AD. When I log back into the company portal I don't get a prompt to create a work profile, it signs in fine.
If I try to sign-in via outlook, the login is blocked by conditional access since I require a compliant device for Office 365 apps. This just asks me to download and install the company portal which I am doing already.
If I sign in to the company portal under an account in the newly configured 'new' group on that same device, I do get a prompt for the work profile. So the issue is not the device, software version, etc, it is clearly the user / group settings. When I downloaded the company portal log file it said Enrollment Postponed. I waited overnight and no difference.
I don't really understand what could be blocking this as I went through all the settings and all the documentation says this is enabled by default already. The only real differences between these groups right now is that the 'old' group has MAM policies for mobile, and MDM for win10 whereas the new group has MAM-WE for win10, but that should be unrelated.
Any thoughts are appreciated.
Zac