Mobile Device Manager (MDM)-enrolled devices that are running Windows 8.1 and later cannot sign in to the Company Portal website through Internet Explorer.
During the enrollment process for devices that are running Windows 8.1 and later, the URL for the Company Portal website (http://portal.manage.microsoft.com) is automatically added to the local intranet zone in Internet Explorer when a user enters his or her credentials. Even for devices that don't successfully enroll, the URL is added to the local intranet zone when the user authenticates during the enrollment process.
During the login process, UI STS (which is hosted on the root manage.microsoft.com domain) sets a cookie that the browser must send to the IWP redirector. The IWP redirector is hosted on the portal.manage.microsoft.com subdomain. Because Internet Explorer doesn’t permit sites to set cookies across security zones, access is denied.
To resolve this issue, remove the URL for the Company Portal from the user’s local intranet zone in Internet Explorer. If this is not desirable, you can opt to turn off protected mode in Internet Explorer. Be aware that you must take these actions again for repeated enrollment attempts.
Windows, Windows 8.1, Windows 10, Company Portal website, IW Portal, Web portal, logon, failed, error, intranet zone, IE, internet explorer, sign-in