Support Tip: Custom OMA-URI’s not always applying to Windows 10 Devices

Absolutely true! My understanding was the same as mlippold  mentioned .. Microsoft has some issues with custom OMA-URi and except of resolving this issues they just disabled the feature. Limit to 350k is basically  is a disable of the feature since it's not usable anymore for anything.

All referred articles like

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune

or

https://docs.microsoft.com/en-us/windows/client-management/mdm/applocker-csp

are totally useless since the only security you could provide with 350k is "none" / admin mode

the ADMX custom policy upload is, yes, a possibility to upload registry editing policies, but no CSP policies which adds e.g. whitelist Information in XML or bin format. therefore the "resolution" presented is just a empty box.. 

We are trying to get a solution from MS since 5 weeks and the only thing I've learned was that we have more understanding of the topic then they have. Presenting ADMX as the solution is the best example since they have no administrative template that in anyway that supports the Microsoft Applocker CSP or the Microsoft windows defender application control in Intune.

I just can repeat my request "tear down this wall!" and withdraw the limitation of 350k that seems to be enabled just because you don't want to resolve tickets anymore that are related to custom OMA-URi policies.

kr

Nicky