Microsoft Endpoint Manager’s Updates Aim to Simplify Mobile Device Management Policy Creation

Rolling out in public preview early February 2021, Microsoft is adding a new feature to its Endpoint Manager (MEM) solution called settings catalog. MEM is a rebranding of System Center Configuration Manager (SCCM). It brings together ConfigMgr, Intune, Autopilot, Desktop Analytics, and many and other management tools under one umbrella.

As a result of feedback from clients, settings catalog aims to solve some of the complexities around creating OMA-URI based Mobile Device Management (MDM) policies for Windows devices. It provides organizations with a shopping cart experience where IT can browse all the available policy settings for Windows and create custom policies from scratch.

Settings catalog exposes thousands of settings for Windows 10, including many that haven’t been available before. Settings are generated from the MDM Configuration Service Providers (CSPs) that are built-in to Windows. CSPs are responsible for managing defined groups of configuration settings in Windows. For example, there are Network and Defender CSPs, which are responsible for managing network and Windows Defender settings respectively.

As Microsoft adds more configuration options to CSPs in each new Windows 10 feature update, settings are exposed faster in Intune through the catalog so that organizations can start using them quickly. Intune policy settings for Windows 10 are quite limited out-of-the-box, compared to what’s on offer with Group Policy. Settings catalog helps solve that issue by letting IT add policies to Intune configuration profiles without manually creating custom OMA-URI policies.

And while support is limited, settings catalog can be used to configure settings for Microsoft Edge 77 and later, on macOS.

For more information on CSPs and OMA-URIs in Windows 10, check out Understanding How MDM Policies are Applied in Windows 10 on Petri.

How to add MDM settings using the settings catalog

In the latest update to the MEM admin center, there are two ways you can create a policy. The first is to choose from one of the many templates that ship with Microsoft Endpoint Manager. The second is to use the settings catalog. Using the catalog’s settings picker, you can search for settings, create a filter to list settings for a specific Windows 10 SKU, or browse settings by category.

Image # Expand
Figure1 7
Microsoft Endpoint Manager’s New Settings Catalog Aims to Simplify Mobile Device Management Policy Creation (Image Credit: Russell Smith)

 

In the list of settings displayed, you select which of them you’d like to add to your policy. And the second step is to configure the selected settings as required.

Image #1 Expand
Figure2 3
Microsoft Endpoint Manager’s New Settings Catalog Aims to Simplify Mobile Device Management Policy Creation (Image Credit: Russell Smith)

Settings catalog simplifies the MDM story for Windows 10 while bringing more granular control

Until now, the MDM story for Windows 10 has made it difficult for some organizations to move to cloud-based management for endpoints. But with the global pandemic accelerating the need to secure remote workers’ devices, Microsoft is moving to simplify MDM policy creation and expose more settings so that organizations can configure Windows to the same granular level provided by Group Policy. Settings catalog should make it simpler for businesses to configure settings using MDM without having to resort to using custom OMA-URIs and ADMX-backed policies.