Manage desktop for AAD joined W10 device

Eric Raff
Occasional Visitor

I plan on moving my field users to Azure AD Joined devices using Windows 10.

I can deploy .MSI packages via Intune / MDM app deployment.

I need to be able to push down settings such as:

- Trusted sites in IE

- Security settings in IE

- Browser Favorites

All of these end up being registry settings.

What is the best way to manipulate registry settings for MDM managed AAD joined Windows 10 devices?

Must I get the settings wrapped into an .MSI and then deploy that as an app? Or is there any other way to facilitate this.


3 Replies

I think you should focus on managing the clients with OMA-DM which is the standard for MDM with Windows 10. 

More information regarding modern management of Windows 10 can be found here: https://technet.microsoft.com/itpro/windows/manage/manage-windows-10-in-your-organization-modern-man...


All available policies and how to configure them can be found here: https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/policy-configuration-s...

As far as I understand, with the OMA settings you only control the Edge settings and not the IE settings. I created for example an Custom configuration policy with ./Vendor/MSFT/Policy/Config/Browser/HomePages but it is only applied to the Edge browser.

Unfortunately they haven't made IE settings available in OMA-URI. This is something that might become available in the future, but considering IE is only available because of legacy I wouldn't count on it.