Share via

WIP App protection policy and Microsoft Oulook

KenlarTaj 1 Reputation point
2020-09-08T12:57:35.533+00:00

Hi all,

I have recently applied an App Policy through Endpoint portal. I have downloaded "O365 ProPlus - WIPMode-Allow - Enterprise AppLocker Policy File.xml" and submited it to the "allowed" applications list in Endpoint.

Unfortunately, when I try to open Microsoft Outlook, I receive the infamous error "Your outlook data file cannot be configured". If I disable the policy, Outlook works.

I have tried to add and/or remove the Office365 xml from the Allowed and Exempt lists without success. Everything else just works as it should (files, MS Word etc), just Outlook doesn't.
If I set protection mode as "Off", Outlook works again. Everything else ("Silent", "Allow Override" and "Block") makes it stop working.

Also, I configured Outlook in the Online mode (without using Cached OST). This makes the OST error disappear, of course, but then I receive another error message saying that "Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened ".

I believe it may be related to the XML somehow, but I downloaded it today from Microsoft website:

https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip

Do you have any insights on hat may be the problem? I have searched for it in Google and Microsoft documentation, but I can't seem to find the solution.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,545 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AndyLiu-MSFT 586 Reputation points
    2020-09-09T08:45:31.99+00:00

    @KenlarTaj

    I didn't experience this problem. Basically, instead of using the downloaded xml file, I usually use the built-in xml file in Intune. You can find it by clicking Add instead of Import.

    23453-image.png

    Besides, after you deployed the policy, please verify that the Outlook app has been protected by WIP. By opening the task manager, you can check the Enterprise Context for the Outlook process. If it's protected, the Enterprise Context should be the tenant name. Please click the following link for how to determine the Enterprise Context of an app.

    https://learn.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments