Forum Discussion
Manage desktop for AAD joined W10 device
I plan on moving my field users to Azure AD Joined devices using Windows 10.
I can deploy .MSI packages via Intune / MDM app deployment.
I need to be able to push down settings such as:
- Trusted sites in IE
- Security settings in IE
- Browser Favorites
All of these end up being registry settings.
What is the best way to manipulate registry settings for MDM managed AAD joined Windows 10 devices?
Must I get the settings wrapped into an .MSI and then deploy that as an app? Or is there any other way to facilitate this.
Thanks
3 Replies
I think you should focus on managing the clients with OMA-DM which is the standard for MDM with Windows 10.
More information regarding modern management of Windows 10 can be found here: https://technet.microsoft.com/itpro/windows/manage/manage-windows-10-in-your-organization-modern-management?f=255&MSPPError=-2147217396
All available policies and how to configure them can be found here: https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider
As far as I understand, with the OMA settings you only control the Edge settings and not the IE settings. I created for example an Custom configuration policy with ./Vendor/MSFT/Policy/Config/Browser/HomePages but it is only applied to the Edge browser.
Unfortunately they haven't made IE settings available in OMA-URI. This is something that might become available in the future, but considering IE is only available because of legacy I wouldn't count on it.
