barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

Windows > Device Data & Configuration

Custom policy configurations for Windows 10

Updated on October 11th, 2021

You can use Miradore configuration profiles to manage and distribute restrictions and settings to your managed devices. In addition to built-in configuration profiles for Windows, you can customize or extend the management capabilities by creating custom policies in Miradore. You can, for example, define what is allowed or denied in your managed Windows devices or how they behave, look and feel.

Good to know

Windows Configuration Service Provider (CSP) enables IT admins to configure multiple custom policies for Windows 10 devices. These CSP-based policies use Open Mobile Alliance - Uniform Resource Identifiers (OMA-URIs), which are paths to the specific settings in Windows 10. With Miradore, you can build the OMA-URI in a configuration profile and add a new custom policy easily for your managed Windows device.

It is important to note that there is variation in the supported policies between different Windows versions. The features of Windows 10 editions differ, and new policies come along with new version releases. You can find the information and requirements of each policy from Microsoft policy CSP documentation.

If both an MDM-based CSP policy and its equivalent Group Policy (GP) are set on a device, the group policy wins over the CSP policy by default. However, IT administrators can use the ControlPolicyConflicts policy to ensure that the MDM-based CSP policy wins over the GP if there is a conflict.

Requirements

  • Miradore Premium plan
  • Windows 10
  • Full device management with active MDM profile

How to create a custom policy configuration

Start creating a new configuration from the Configuration profiles page on Miradore. Click Add, choose the platform and then Custom policy.

1. You need to define the type of configuration in the Policy CSP (build the OMA-URI).

Create the Windows 10 custom configuration

      • Choose the Area name from the drop-down menu.
      • Check the available policies and requirements from Microsoft's documentation. When you have chosen the Area name, the link takes you to the selected area in the documentation to find and copy the correct Policy name.

Microsoft document for Wifi custom policy

restrictions and supported values of Win10 custom policy

2. Define the Policy settings by entering the value and press Add. You can add multiple name/value pairs of the policy area in one custom policy.

The Microsoft Policy CSP documentation provides information about the supported values.

Custom policy settings

Also, ADMX-backed policies are supported, but you need to construct the required payload manually.

      • Find out the ADMX info from the Policy CSP document.

Example: Create a policy that defines the inactivity period before Windows transitions to hibernate in the device on a battery.

Microsoft Policy CSP documentation ADMX

      1. Each Windows device has a folder including a bunch of ADMX files (C:\\Windows\PolicyDefinitions). GP ADMX file name tells you the correct file for searching the input for the value field.
      2. The GP name shows the policy name you need to look for from the file, in this case, DCHibernateTimeOut_2. Inside the <elements> tag, you can find the configurable values. There can be several values, but for this example, there is only one:

<elements>
<decimal id="EnterDCHibernateTimeOut" valueName="DCSettingIndex" required="true" maxValue="4294967295" />
</elements>

The value to enter to the custom configuration:

<enabled /><data id=”EnterDCHibernateTimeOut” value=”TimeInSeconds”></data>

You can find more information about ADMX-backed policies and how to create the required XML value from Microsoft's documentation.

When you have created the policy, you may deploy it to managed devices as any other configuration profile in Miradore.

Updating the policy configuration

You can edit the values of the existing policies in a configuration, but you can not add or remove policies from it. Go to Management > Configuration profiles > Configuration profile to edit the configuration.

Edit Windows custom configuration

  • This field is for validation purposes and should be left unchanged.

Previous Article:
«

Next Article:
»