Microsoft whiteboard is out almost 2 years that is available to users on Windows 10 which lets users to type, draw, erase and attach notes, images, and beyond what you cannot do it on a physical whiteboard.
Following are some of the activities that you can do with whiteboard:
- Running effective meetings
- Brainstorming
- Team sprint planning
- Project planning
- Problem-solving
- Incident management
Whiteboard app is available in the Microsoft Store for Windows 10, and on the App Store for iPhone and iPad. You can also use the whiteboard in the browser.
Microsoft Whiteboard is integrated with office 365 (Microsoft Teams) and you can enable it from office 365 admin portal. For more information about the user of Microsoft Whiteboard in Teams, please refer help guide.
You can use a personal account (Microsoft) or work/school account to sign-in to the whiteboard because all sessions stored in the cloud.
The problem:
Though we have enabled the whiteboard functionality in office 365 back way back, users started using it from the last few months, and especially due to COVID situation around the globe, the majority of the workforce is working from home, the demand for whiteboard is increased.
For office 365, we have a mix of devices that includes hybrid Azure AD joined, Azure AD joined and Intune enrolled ONLY devices.
On devices that are hybrid azure AD joined, the whiteboard app and browser is working fine.
On devices that are Azure AD joined and intune enrolled ONLY have issues launching the Microsoft whiteboard app but the browser URL works fine.
These Azure AD joined and Intune enrolled (MDM) ONLY devices are managed by Intune hence it has App protection policies controlled by Windows information protection.
When users try to sign-in to the Microsoft Whiteboard app, they see the following error code.
Sign-in using work or school account:
Click on Continue and failed with following error code:
We couldn’t sign you in. There is problem signing in. Please check your internet connection and try signing in again.
Error code: 80070164
Clicking on more details takes you to the Microsoft URL but that doesn't help much.
The solution:
If you search on the internet with this error code, you will get many sites that talk about the error but none of them helped me.
I have also tried sign-in to the app using Microsoft account (personal account) but I get the same error code.
I have looked at the Azure AD sign-in logs for with correlation ID but nothing tracked in there.
The next option is to install fiddler and capture the logs if there is any URL that is getting blocked or something happening but there are no URLs about the error code. So fiddler also doesn't help much at this time.
Take a deep breath and analyze what is going on here.
On Hybrid Azure AD joined, it works fine but AAD/Intune managed devices, the only browser works but not the App.
The only difference between these 2 types of devices is intune enrolled devices that are controlled by windows information protection.
For windows information protection (WIP), i have looked at the event viewer logs on the device but could not find any relevant information.
Though i could not find traces about the issue that is caused by WIP, i took a chance to look at the windows information protection policy that is applied to the user for further troubleshooting.
When i look at the WIP policy, managed apps, there is no Microsoft whiteboard added there.
A few months ago, i pushed an article on how to add Microsoft store apps to windows information protection policy . Follow this article to add the Microsoft store app as a managed app into WIP policy.
Once you add the app into WIP, the policy gets updated on the user device in the next hour and the user should be able to sign-in to the Microsoft whiteboard.
The WIP policy changes applied on the device and loaded into applocker,storeapps folder policy file (C:\windows\system32\AppLocker\MDM\)
Following is the policy file that gets updated with Microsoft store apps As you can see, the whiteboard app is now managed app.
Long story but simple fix for the devices that are managed by intune with app protection policies applied (WIP)
Hope you find this article useful!