Management and Security

Agent settings: Windows MDM Configuration

Tools > Configuration> Agent settings > Windows MDM configuration

Use this page to configure Microsoft configuration service profiles (CSPs) with the configuration profile editor. For more information about the configuration profile editor, see Agent settings: Configuration Profile Editor.

The Windows MDM device section of the configuration profile editor contains the following settings for Windows 10 devices:


  • Projection: Create rules for projecting to and from a PC.
  • User Rights: Set user and user group rights.
  • Endpoint Protection: Configure security settings, scans, and monitoring.
  • Control Panel and Settings: Configure system settings, including time settings, power settings, and sign-in options.
  • Windows Search: Configure search permissions, including Cortana, location access, and remote queries.
  • Windows AppStore: Configure AppStore settings, including auto-updates, trusted apps, and data volume limits.
  • Device Passwords: Configure device password requirements, including password type, password complexity, and the amount of idle time before the device locks.
  • General Restrictions: Configure general restrictions, such as location, camera, gaming service, and telemetry settings.
  • Lock screen experience: Configure the lock screen settings.
  • Remote Procedure Call: Configure remote procedure call settings
  • Start: Configure task bar settings and what will appear in the Start menu.
  • Accounts: Configure if the user can add accounts and which domains are allowed to sync email on the device.

Dynamic CSP

  • Email2: Configure simple mail transfer protocol (SMTP) email accounts.

Endpoint Protection

  • Windows Encryption: Configure BitLocker device encryption policies.


  • Connectivity and Cellular: Configure connectivity settings, such as cellular settings, Bluetooth, and Wi-Fi.


  • Custom Settings: Add custom CSPs for items that aren't directly available in the Windows MDM Configuration agent settings.

Kiosk (Preview)

  • Kiosk: Configure the kiosk mode login and what app will run.


  • Personalization: Set background and lock screen images.
  • Power & Sleep: Configure power settings for when the device is plugged in or on battery.
  • Printers: Add approved printers to the device.
  • Windows Update: Configure how the device will receive security updates and other downloads through the Windows automatic updating service.

Administrators can access this editor only if the Modify Mobile Device Configuration Profiles option has been activated for their account.

Using Custom Settings

You can add custom CSPs for items that aren't directly available in the Windows MDM Configuration agent settings. There are hundreds of available CSPs. Microsoft's CSP documentation is here:

Each custom CSP requires the following information:

  • Operation: Either Add, Replace, or Delete.
  • OMA URI: Open Mobile Alliance Uniform Resource Identifier. Use the Microsoft Configuration Service Provider reference to identify the syntax for the CSP you're creating.
  • Data type: Match this with the data type that your OMA URI requires.
  • Data: The CSP value. This must match your selected data type.

For example, here's a CSP that disables a device's camera:

  • Operation: Add
  • OMA URI: ../Device/Vendor/MSFT/Policy/Config/Camera/AllowCamera
  • Data type: Integer
  • Data: 0

You can add multiple custom settings by using the + and - buttons. Plus adds a new setting and Minus deletes the current setting. When you have more than one custom setting configured, use the scroll bar to view them.

Was this article useful?    

The topic was:



Not what I expected