OMA-DM

Offboard Windows 10 devices of Windows Defender Advanced Threat Protection

by

This week a follow-up on my post of last week. Last week was about onboarding Windows 10 devices for Windows Defender Advanced Threat Protection (ATP) and this week will be about offboarding Windows 10 devices of Windows Defender ATP. For devices that are leaving the company, for whatever reason, it’s good to first offboard those devices of Windows Defender ATP. That will remove the Windows Defender ATP settings from the device and the device will stop collecting and sending data. In this post I’ll show how to offboard Windows 10 devices, via Configuration Manager and Microsoft Intune, and I’ll show the end result. The steps in this post will be similar to the steps in the post of last week. Configuration Just like last week, …

Read more

Onboard Windows 10 devices for Windows Defender Advanced Threat Protection

by

This week a blog post about onboarding Windows 10 devices for Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP is a relatively new service that will help enterprises to detect, investigate, and respond to advanced attacks on their networks. In this post I’ll show how to onboard Windows 10 devices, via Configuration Manager and Microsoft Intune, and I’ll show the end result in the Windows Defender Security Center and the Configuration Manager administration console. Configuration There are multiple methods available to onboard Windows 10 devices for Windows Defender ATP, Group Policy, Configuration Manager, mobile device management (including Microsoft Intune) and a local script. I’ll have a closer look at the configurations for onboarding Windows 10 devices via Configuration Manager and Microsoft Intune. Create onboarding …

Read more

Managing Windows 10 IoT Core devices via MDM

by

This week a new challenge for a new blog post, managing Windows 10 IoT Core devices. The nice thing about Windows 10, even Windows 10 IoT Core, is the availability of MDM. The availability of MDM is what will help me with managing Windows 10 IoT Core devices. In this post I’ll go through the steps to create an enrollment profile to enroll Windows 10 IoT Core devices in Microsoft Intune hybrid. I’ll end this post with an overview of the end result in Configuration Manager Configuration Let’s start by looking at the configuration in Configuration Manager. To create an enrollment profile, for Windows 10 IoT Core devices, it’s required to provide a certificate profile and it’s optionally to provide a Wi-Fi profile. Create certificate …

Read more

Managing Windows Defender via Windows 10 MDM is getting easier and easier

by

This post is an updated version of a blog post that I did one-and-a-half year ago about managing Windows Defender, of Windows 10, via OMA-DM. As I still get questions about that post and the OMA-URI settings that are used in that post, I thought it would be good to mention that easier methods are available nowadays. Starting with Configuration Manager 1610 and the Microsoft Intune standalone update around March/ April 2016, it’s simply configurable through the console. No need anymore to configure all those OMA-URI settings manually. Within this post I’ll provide a quick overview of the configuration options, followed by an overview of the end result. That end result will show how the configured settings simply translate to the known OMA-URI settings. Configuration …

Read more

Automatic edition upgrade for Windows devices

by

My first blog post in this new year will be about the feature to automatically upgrade the edition of Windows devices. This is already possible, for a while, for Windows 10 devices managed via the MDM channel. However, starting with Configuration Manager 1610 this is now also possible for Windows 10 devices managed via the Configuration Manager client. In this post I’ll provide the general information and configuration settings that are applicable for Microsoft Intune hybrid and Microsoft Intune standalone. I’ll end this post by showing the details of the end result on a Windows 10 device managed via the Configuration Manager client. Think about details like how this is achieved and the relation to the MDM channel. Information The edition upgrade feature can be …

Read more

Windows 10 MDM and the MDM Bridge WMI Provider

by

This week another blog post about Windows 10 and OMA-DM, but this week will be short and different. Starting this week I won’t be referring to OMA-DM anymore, instead I’ll be referring to Windows 10 MDM. The main reason for that is change is to align with Microsoft. Also, it simply makes more sense. OMA-DM is the standards based protocol on which the Windows 10 MDM protocol is based. In other words, Windows 10 MDM is not exactly the same as the OMA-DM standards. Technically speaking it’s not wrong to refer to OMA-DM, but it simply makes more sense to refer to Windows 10 MDM. That being said, this blog post will be different for another reason. This week I’ll try to bring Windows 10 …

Read more

Managing Windows Update for Business on Windows 10 via OMA-DM

by

This week another blog post about Windows 10 and OMA-DM. This week I’m going to have a look at managing Windows Update for Business on Windows 10. However, this time I’ll group the currently available policy settings per subject, to easily provide some more background information. Also, by now I assume that I don’t have to go through all the steps to create a Configuration Item or a Configuration Policy anymore. To manage Windows Update for Business, IT organizations can use the Policy configuration service provider (CSP) and to report about Windows Update for Business IT organizations can mainly use the Update CSP. During this blog post I’ll provide more information about Windows Update for Business, the Policy CSP, the Update CSP and the available …

Read more

Reporting Windows Defender health on Windows 10 via OMA-DM

by

About a year ago I did a blog post about managing Windows Defender on Windows 10 via OMA-DM, by using the available policies in the Policy CSP. This week I’m going to have another look at Windows Defender, on Windows 10, but this time from a reporting perspective. This time I want to report about the health of Windows Defender on the Windows 10 devices that are managed via OMA-DM. To get that type of information I can use the Defender configuration service provider (CSP). The Defender CSP contains the information about the health of Windows Defender. During this blog post I’ll go through the Defender CSP, the required configuration to get the Windows Defender health information and the administrator experience. Defender CSP Before starting …

Read more

Controlling Microsoft Passport for Work on Windows 10 via OMA-DM

by

This week another blog post about Windows 10 and OMA-DM. However, this time it might not be that obvious. In this post I’ll go through the configuration of enabling the provisioning of Microsoft Passport for Work on Windows 10 devices. Maybe even more important, I’ll go through the PassportForWork configuration service provider (CSP) that is used to provision that configuration. During this blog post I’ll go through the PassportForWork CSP, the configuration steps in Microsoft Intune hybrid and standalone and the end-user experience. PassportForWork CSP Before starting with the configuration of enabling the provisioning of Microsoft Passport for Work on Windows 10 devices, it’s good to get a better understanding  of what is actually used to get the configuration in place. The configuration through Microsoft …

Read more

Setting up kiosk mode on Windows 10 via OMA-DM

by

A while ago I did a blog post about managing AppLocker on Windows 10 via OMA-DM. During that post I showed how to use OMA-DM, via Microsoft Intune hybrid and standalone, to configure AppLocker. In this post I’ll do something similar for setting up kiosk mode on Windows 10. Windows 10 Enterprise and Windows 10 Education provide a configuration service provider (CSP) for setting up kiosk mode. That’s the AssignedAccess CSP. During this blog post I’ll go through the AssignedAccess CSP, and its required input, I’ll go through the configuration steps in Microsoft Intune hybrid and standalone and I’ll show the end-user experience with the Twitter app as an example. AssignedAccess CSP Before using the AssignedAccess CSP it’s good to get a better understanding  of …

Read more