How to configure Windows Phone 8.1 settings not available in the Configuration Manager console

~ Karan Rustagi | Support Escalation Engineer

This article discusses the process of configuring settings that are not configurable through the available Configuration Manager user interface (ConfigMgr 2012 R2). I’ll be using the method discussed here to manage the settings on mobile devices. If you want to see the complete list of policies that can be set on a device, read the Windows Phone 8.1 MDM protocol documentation at http://technet.microsoft.com/en-us/library/dn499787.aspx (Page 134-143)

In this example I am going to disable Cortana on a WP 8.1 device.

Area/Policy name

Description

Supported Value

Value evaluation rule

Experience/AllowCortana

Specify whether screen capture is allowed.

0 – not allowed

1 (default) – allowed

Most restricted value is 0

Step 1 – Create a Configuration Item:

clip_image002

Step2 – Configure additional settings:

clip_image004

Step 3 – Add a setting:

clip_image006

Step 4 – Create a custom setting:

clip_image008

Step 5 – Enter the details:

Setting type: OMA-URI

Data Type: Integer

OMA-URI: ./Vendor/MSFT/PolicyManager/My/Experience/AllowCortana

clip_image010

Step 6 – Search for newly created setting in previous step and select it:

clip_image012

Step 7 – Create a rule and enter a value of 0 to disable Cortana:

clip_image014

Step 8 – Configure supported platforms and complete the wizard:

clip_image016

Step 9 – Create a baseline and add the Configuration Item created in Step 1:

clip_image018

Step 10 – Deploy the Baseline created in Step 9 to a User collection. Do not forget to check the option ‘Remediate noncompliant rules when supported’.

clip_image020

Wait for Windows Phone to pull policies from Intune, or alternatively you can pull them manually via Workplace. Cortana should now be disabled.

Some other example policies:

System/AllowUserToResetPhone : Specify whether allow the user to factory reset the phone from setting control panel and hardware key combination.

Experience/AllowManualMDMUnenrollment : Specify whether allow the user to delete the workplace account via workplace control panel. The MDM server always could remotely delete the account.

Additional reading: http://blogs.technet.com/b/configmgrteam/archive/2013/07/10/compliance-settings-and-company-resource-access.aspx

Karan Rustagi | Support Escalation Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/

Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/ 
Data Protection Manager Team blog: http://blogs.technet.com/dpm/ 
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ 
Operations Manager Team blog: http://blogs.technet.com/momteam/ 
Service Manager Team blog: http://blogs.technet.com/b/servicemanager 
Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Microsoft Intune: http://blogs.technet.com/b/microsoftintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The RMS blog: http://blogs.technet.com/b/rms/
App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv
The Surface Team blog: http://blogs.technet.com/b/surface/
The Application Proxy blog: http://blogs.technet.com/b/applicationproxyblog/

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/