Breaking changes and known issues, What’s new in mobile device enrollment and management?

There are some breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices that you should be aware of.

In this article, you will find a list of what are known to be the breaking changes and issues Dated 05/14/2019, with mobile device enrollment and management. A few are highlighted below.

Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10

During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret.

After upgrading to Windows 10, you should call MDM_WNSConfiguration class to recreate the notification channel URI.

Apps installed using WMI classes are not removed

Applications installed using WMI classes are not removed when the MDM account is removed from the device.

SSL settings in IIS server for SCEP must be set to “Ignore”

The certificate setting under “SSL Settings” in the IIS server for SCEP must be set to “Ignore” in Windows 10. In Windows Phone 8.1, when you set the client certificate to “Accept,” it works fine.

MDM enrollment fails on the mobile device when traffic is going through proxy

When the mobile device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that does not require authentication or remove the proxy setting from the connected network.

Server-initiated unenrollment failure

Server-initiated unenrollment for a device enrolled by adding a work account silently fails leaving the MDM account active. MDM policies and resources are still in place and the client can continue to sync with the server.

Remote server unenrollment is disabled for mobile devices enrolled via Azure Active Directory Join. It returns an error message to the server. The only way to remove enrollment for a mobile device that is Azure AD joined is by remotely wiping the device.

Certificates causing issues with Wi-Fi and VPN

Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.

Breaking Changes & Known Issues List

Read Full Article