Manage desktop for AAD joined W10 device

Occasional Visitor

I plan on moving my field users to Azure AD Joined devices using Windows 10.

I can deploy .MSI packages via Intune / MDM app deployment.

I need to be able to push down settings such as:

- Trusted sites in IE

- Security settings in IE

- Browser Favorites

All of these end up being registry settings.

What is the best way to manipulate registry settings for MDM managed AAD joined Windows 10 devices?

Must I get the settings wrapped into an .MSI and then deploy that as an app? Or is there any other way to facilitate this.


3 Replies

I think you should focus on managing the clients with OMA-DM which is the standard for MDM with Windows 10. 

More information regarding modern management of Windows 10 can be found here:


All available policies and how to configure them can be found here:

As far as I understand, with the OMA settings you only control the Edge settings and not the IE settings. I created for example an Custom configuration policy with ./Vendor/MSFT/Policy/Config/Browser/HomePages but it is only applied to the Edge browser.

Unfortunately they haven't made IE settings available in OMA-URI. This is something that might become available in the future, but considering IE is only available because of legacy I wouldn't count on it.