Setting up kiosk mode on Windows 10 via OMA-DM

A while ago I did a blog post about managing AppLocker on Windows 10 via OMA-DM. During that post I showed how to use OMA-DM, via Microsoft Intune hybrid and standalone, to configure AppLocker. In this post I’ll do something similar for setting up kiosk mode on Windows 10. Windows 10 Enterprise and Windows 10 Education provide a configuration service provider (CSP) for setting up kiosk mode. That’s the AssignedAccess CSP. During this blog post I’ll go through the AssignedAccess CSP, and its required input, I’ll go through the configuration steps in Microsoft Intune hybrid and standalone and I’ll show the end-user experience with the Twitter app as an example. AssignedAccess CSP Before using the AssignedAccess CSP it’s good to get a better understanding  of …

Read moreSetting up kiosk mode on Windows 10 via OMA-DM

Managing AppLocker on Windows 10 via OMA-DM

A while ago I did a blog post about managing Windows Defender of Windows 10 via OMA-DM. During that specific post I showed how to use OMA-DM, via Microsoft Intune standalone and hybrid, to configure Windows Defender. In this post I’ll do something similar for AppLocker. However, I have to admit that it was a bit more challenging for AppLocker. The main difference is that Windows 10 includes many different separate policy settings for Windows Defender, but provides a separate configuration service provider (CSP) for AppLocker. During this post I’ll show how to create the required AppLocker XML, what the AppLocker XML looks like, what the AppLocker CSP looks like and how to combine the AppLocker XML and the AppLocker CSP. I’ll end this post …

Read moreManaging AppLocker on Windows 10 via OMA-DM

Windows Phone 8.1 and the Windows Phone Store

This blog post will be about the other magical store world of Windows Phone 8.1 and that’s the world of the Windows Phone Store. By now, I think many are already aware of the different possibilities for the Windows Phone Store, but I thought it would be time for a complete overview like I did for Windows Phone 8.1 and the Microsoft Intune Company Portal app. This post will contain the different scenarios for providing (limited) access to the Windows Phone Store. These scenarios will be explained for Microsoft Intune standalone and Microsoft Intune hybrid. Scenarios Now lets start with summarizing the different scenarios that are possible for providing (limiting) access to the Windows Phone Store. I found the following three scenarios and I’ll go …

Read moreWindows Phone 8.1 and the Windows Phone Store

Manage Windows Defender, of Windows 10, via OMA-DM

A couple of weeks ago I did a blog post about the different management options for Windows 8.1. In that specific post I already mentioned OMA-DM as a very valid method to manage Windows 8.1 and Windows 10 devices. To refresh the memories, OMA Device Management (OMA-DM) is an open management standard designed for mobile devices. The nice thing is that OMA-DM is also fully utilized in Windows 10, even the desktop version. That means that OMA-DM can be used to fully manage specific parts of a Windows 10 device. In this post I’ll show how OMA-DM can be used to fully manage Windows Defender in Windows 10. For Windows 10 it’s possible to manage all the settings available for Windows Defender. This includes everything, …

Read moreManage Windows Defender, of Windows 10, via OMA-DM

Set the allowed Management Points via a Configuration Item in ConfigMgr 2012

This blog post will be about a new functionality that got introduced in Cumulative Update 3. This is the ability to configure a Management Point (MP) affinity on a client. Justin Chalfant wrote a nice post about this functionality. That post describes the functionality in detail and also shows how it can be configured. The only thing left open is an automated method to configure the MP affinity. This post will fill that small gap by providing a Configuration Item (CI) that contains the scripts to configure the MP affinity. Configuration Item Now let’s start with the details about the CI. Personally I really like this CI, as it’s created in such a way that it doesn’t need any script modifications any more. The discovery …

Read moreSet the allowed Management Points via a Configuration Item in ConfigMgr 2012

Create a WQL query setting for a Configuration Item in ConfigMgr 2012 via PowerShell

Before I start with this blog post I have to give some (read: a lot) of credits to Dexter. He helped me a lot with understanding the SDMPackageXML of a Configuration Item (CI) and also blogged about that experience. Also, this blog post won’t go into the details he already mentioned about modifying the XML and writing it to a CI. Now let’s really start with this blog post. This blog post will be about creating a WQL query setting for a CI and more specifically the road to creating a WQL query setting for a CI. Step 1: Locate the method to create the WqlQuerySetting The first step is to locate the method that can be used to create the WqlQuerySetting. During the installation …

Read moreCreate a WQL query setting for a Configuration Item in ConfigMgr 2012 via PowerShell