Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. MDM-enrolled devices can't sign in to the company portal through Internet Explorer

MDM-enrolled devices can't sign in to the company portal through Internet Explorer

View products that this article applies to.

Symptoms

Mobile Device Manager (MDM)-enrolled devices that are running Windows 8.1 and later cannot sign in to the Company Portal website through Internet Explorer.

↑ Back to the top

Cause

During the enrollment process for devices that are running Windows 8.1 and later, the URL for the Company Portal website (http://portal.manage.microsoft.com) is automatically added to the local intranet zone in Internet Explorer when a user enters his or her credentials. Even for devices that don't successfully enroll, the URL is added to the local intranet zone when the user authenticates during the enrollment process.

During the login process, UI STS (which is hosted on the root manage.microsoft.com domain) sets a cookie that the browser must send to the IWP redirector. The IWP redirector is hosted on the portal.manage.microsoft.com subdomain. Because Internet Explorer doesn’t permit sites to set cookies across security zones, access is denied.

↑ Back to the top

Resolution

To resolve this issue, remove the URL for the Company Portal from the user’s local intranet zone in Internet Explorer. If this is not desirable, you can opt to turn off protected mode in Internet Explorer. Be aware that you must take these actions again for repeated enrollment attempts.

↑ Back to the top

Keywords: kbexpertiseadvanced, kbsurveynew, kbtshoot, kb

↑ Back to the top

Article Info
Article ID : 3087058
Revision : 1
Created on : 1/7/2017
Published on : 10/28/2015
Exists online : False
Views : 192