~ Karan Rustagi | Support Escalation Engineer
This article discusses the process of configuring settings that are not configurable through the available Configuration Manager user interface (ConfigMgr 2012 R2). I’ll be using the method discussed here to manage the settings on mobile devices. If you want to see the complete list of policies that can be set on a device, read the Windows Phone 8.1 MDM protocol documentation at http://technet.microsoft.com/en-us/library/dn499787.aspx (Page 134-143)
In this example I am going to disable Cortana on a WP 8.1 device.
Area/Policy name | Description | Supported Value | Value evaluation rule |
Experience/AllowCortana | Specify whether screen capture is allowed. | 0 – not allowed 1 (default) – allowed | Most restricted value is 0 |
Step 1 - Create a Configuration Item:
Step2 - Configure additional settings:
Step 3 - Add a setting:
Step 4 - Create a custom setting:
Step 5 - Enter the details:
Setting type: OMA-URI
Data Type: Integer
OMA-URI: ./Vendor/MSFT/PolicyManager/My/Experience/AllowCortana
Step 6 - Search for newly created setting in previous step and select it:
Step 7 - Create a rule and enter a value of 0 to disable Cortana:
Step 8 - Configure supported platforms and complete the wizard:
Step 9 - Create a baseline and add the Configuration Item created in Step 1:
Step 10 - Deploy the Baseline created in Step 9 to a User collection. Do not forget to check the option ‘Remediate noncompliant rules when supported’.
Wait for Windows Phone to pull policies from Intune, or alternatively you can pull them manually via Workplace. Cortana should now be disabled.
Some other example policies:
System/AllowUserToResetPhone : Specify whether allow the user to factory reset the phone from setting control panel and hardware key combination.
Experience/AllowManualMDMUnenrollment : Specify whether allow the user to delete the workplace account via workplace control panel. The MDM server always could remotely delete the account.
Additional reading: http://blogs.technet.com/b/configmgrteam/archive/2013/07/10/compliance-settings-and-company-resource-access.aspx
Karan Rustagi | Support Escalation Engineer| Microsoft GBS Management and Security Division
Get the latest System Center news onFacebookandTwitter:
System Center All Up: http://blogs.technet.com/b/systemcenter/
Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
Data Protection Manager Team blog: http://blogs.technet.com/dpm/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
WSUS Support Team blog: http://blogs.technet.com/sus/
The RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv
The Surface Team blog: http://blogs.technet.com/b/surface/
The Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/