THE Windows Phone 8.1 Configuration Baseline

This blog post will be about THE Windows Phone 8.1 configuration baseline, for usage with ConfigMgr 2012 (integrated with Microsoft Intune). This configuration baseline is created based on the information provided in the Windows Phone 8.1 MDM Protocol document. That document describes the PolicyManager configuration service provider (CSP), which is the centralized component to handle all Windows Phone supported enterprise policies. It describes in detail every currently configurable policy, by any mobile device management solution.

Configuration Items

imageI took all the settings, as described in the Windows Phone 8.1 MDM Protocol document, and created separate configuration items for each one of them. In these configuration items I included all the available information about the specific settings, including their descriptions. Based on the possible values of these settings I created a compliance rule with every configuration item, which I configured to the default values. In the compliance rules I also included the information about the possible values.

This baseline contains the following configuration items:

  • imageAllow Action Center Notifications;
  • Allow Adding Non-Microsoft Accounts Manually;
  • Allow Auto Connect To WiFi Sense Hotspots;
  • Allow Bluetooth;
  • Allow Browser;
  • Allow Camera;
  • Allow Cellular Data Roaming;
    • The configuration of this specific item is shown in the screenshots on the side. This is done to provide an example about the configuration of the different items.
  • Allow Copy-Paste;
  • Allow Cortana;
  • imageAllow Developer Unlock;
  • Allow Idle Return Without Password;
  • Allow Internet Sharing;
  • Allow Location;
  • Allow Manual MDM Unenrollment;
  • Allow Manual Root Certificate Installation;
  • Allow Manual WiFi Configuration;
  • Allow Microsoft Account Connection;
  • Allow NFC;
  • Allow Save As of Office Files;
  • Allow Screen Capture;
  • Allow Search To Use Location;
  • Allow Sharing of Office Files;
  • Allow Simple Device Password;
  • imageAllow Storage Card;
  • Allow Store;
  • Allow Storing Images From Vision Search;
  • Allow Sync My Settings;
  • Allow Telemetry;
  • Allow USB Connection;
  • Allow User To Reset Phone;
  • Allow Voice Recording;
  • Allow VPN Over Cellular;
  • Allow VPN Roaming Over Cellular;
  • Allow WiFi;
  • Allow WiFi Hotspot Reporting;
  • Alphanumeric Device Password Required;
  • imageApplication Restrictions;
  • Device Password Enabled;
  • Device Password Expiration;
  • Device Password History;
  • Maximum Device Password Failed Attempts;
  • Maximum Inactivity Time Device Lock;
  • Minimum Device Password Complex Characters;
  • Minimum Device Password Length;
  • Require Device Encryption;
  • Safe Search Permissions.

Available for download

Starting today this configuration baseline for Windows Phone 8.1 is available for download via the TechNet Galleries. Keep in mind that it contains the currently configurable enterprise policies that can be used to manage these devices. When this gets updated, I’ll try to update the configuration baseline accordingly. 

>> The complete configuration baseline is available in the TechNet Galleries! <<

To use this configuration baseline, simply download it and import it in ConfigMgr. After this the compliance rules can be adjusted, if needed, and the baseline can be deployed.

Further reading

The information about the configurable enterprise polices can be found in the Windows Phone 8.1 MDM Protocol document, starting with page 132. As mentioned before, this document is available for downloaded here: http://go.microsoft.com/fwlink/?LinkID=279003

Share