A new feature in Microsoft Endpoint Manager called settings catalog will make it easier for you to customize, set, and manage device and user policy settings. In public preview with the January release, this feature adds functionality for managing and deploying policies, making it easier to find specific settings, and simplify the multiple places where settings are exposed.
“We heard your feedback on complexities around device configuration, especially around authoring custom OMA URI-based policies for Windows devices,” said Dilip Radhakrishnan, Group Program Manager for Microsoft Endpoint Manager. “We developed the settings catalog feature in response to help simplify the policy creation experience. Settings catalog is like a shopping cart experience, where you can browse the catalog of all available policy settings and create a custom policy from scratch that meets your business needs.”
The simplified workflow offers two entry points to creating a policy. The first option is to leverage one of the existing policy templates that ships with our service (for example: Kiosks, Templates for resource access like VPN/WiFI configurations). The second option is the settings catalog. You will soon see this change reflected in Endpoint Security and Baselines features as we simplify policy configurations throughout the admin center.
We are introducing some new features within the settings catalog that will help with the issues we hear most often.
When you create a new policy from the settings catalog, no settings are initially configured, and the policy contains only the settings you specify. The Settings Picker will allow you to search or browse to select any settings available in the settings catalog for configuration in your policy. These settings are generated directly from Windows Configuration Service Providers (CSP), and the settings experience in the catalog is dynamically generated based on the type of setting and its metadata. This new technology also enables us to quickly add new Windows settings and reduce the need to deploy custom policy. We will be adding more settings as the public preview continues, as well as adopting these settings throughout the Microsoft Endpoint Manager, so stay tuned.
Removing policy settings
We have heard the feedback asking for the ability to specify settings as not configured. In the settings catalog, any setting not in your policy will be considered not configured. Removing a setting from an existing settings catalog policy will not only remove that setting from the policy, but also remove the previously set enforcement from assigned devices on the next device check-in.
Filtering policy settings
It can be challenging to determine which settings will apply to the various Windows devices in your environment. Narrow down the settings to add to your policy from the wide array available by using the new settings catalog filter. At the time of preview, the filter will cover Windows 10 OS editions. This means you can set the filter for Windows Enterprise and see all settings applicable to Windows devices running that edition of Windows 10.
Setting device scope and user scope
In Windows 10, settings can apply at the user level, the device level, or have the option for either. Sometimes, this is determined by the Mobile Device Management provider. With the settings catalog, all settings are device scope unless noted as a user, to allow admins to choose. User scope settings will be delineated by (User) after the settings name.
Standardizing tooltips and setting values
We have added tooltip text and setting values-based directly on settings documentation from Windows. The new standardized tooltip will clarify the impact of using certain settings and help you understand exactly what each setting will do when configured.
Monitoring policy with the overview page and reporting
In addressing the feedback around reporting and monitoring, the settings catalog will introduce a new look and feel for the overview page tailored specifically for device configuration policies. This view will provide a quick glance at the status of your new settings catalog policy and properties all in one place.
The updated design simplifies the overview page into one summary chart where you can view the state of targeted devices. The data within the summary operates in near real-time and refreshes automatically. The summary allows drill down into the detailed report, which offers consistent data on devices and users.
The detailed Device status report provides updated controls to search across the records, sort on every column, filter based on deployment status, and export faster to a .csv file. Report features include upgraded pagination controls, and the ability to add additional device property columns. You can find additional reporting with the same upgraded controls for settings catalog policies in the new troubleshooting focused Assignment Failures report and the Device Configuration node under Monitor when selecting an individual device from the All Devices list. For more information on Device Configuration reporting improvements: Introducing New Policy Reports & more in Microsoft Endpoint Manager Reporting - Microsoft Tech Commu...
Note that in the preview timeframe, settings catalog reporting will not contain pending status for policy that is assigned to users or devices that have not yet checked in.
Q: Where did the profile types list go?
A: All existing Profile Types have moved to the Templates list. This change will have no impact on previously created policies, and you can still create, edit, and assign these policies the same way you do today. While we plan to improve the templates in the future, we are not changing your existing policies, so feel free to continue using the policies you are used to under the new Templates section.
Q: Why build a settings catalog?
A: The settings catalog is the first step on our journey to standardize our settings throughout Microsoft Endpoint Manager. As we build out the library, we want to provide the catalog to view or deploy policy from all of the available settings and reduce the reliance on custom policy (OMA-URI based).
Q: Can the settings catalog be used with existing configurations?
A: Absolutely, the catalog policies will all be added to the all-up policy a device receives during check-in. Conflict detection will behave the same way it does today if there are policies with conflicting values configured the same setting.
Q: If I set a setting to not configured, do I need to remove it from the policy too?
A: We have added an undo button to quickly add a setting back that has been set to not configured. Once the policy is saved, the next time it is edited, the settings that were set to not configured will no longer show in the policy editor. If needed, they can be added back via the settings picker. Removing the setting via the picker directly will set it to not configured and remove it from the editor page immediately.
Q: What platforms will have the settings catalog?
A: At the public preview, the settings catalog will be available for Windows 10 and later as well as MacOS to configure and deploy Microsoft Edge settings.
(This blog is co-authored withMike Danoski, Senior Program Manager, Microsoft 365)