Enterprise Mobility and Security Blog

RSS

Hello!  I’m Paul Goodson, and I’m a Program Manager on the Microsoft Intune Customer Experience (CXP) Team.  Today I’d like to talk about how you can do some cool things with Windows Phone 8.1 and Microsoft Intune.  This blog post will focus on how to do the basics such as deploying an app or wiping a device since those tasks are already well documented on TechNet.  Instead, we’ll focus on some of the more advanced things you can do with Windows Phone such as configuring management settings not available in the GUI and extending the inventory using MOF files. 

Windows Phone 8.1 Management Prerequisites 

To manage Windows Phone 8.1 devices there are some prerequisites that must be completed first.  You should have System Center Configuration Manager 2012 R2 (although not required we recommend Cumulative Update 3) connected to your Intune tenant.  You should also have created the proper DNS entries for enrollment and have either purchased a code signing certificate from Symantec or utilized the Support tool for Windows Phone trial management.  These and the other necessary pre-requisite steps can be found here. You can manage Windows Phone 8.1 with standalone Intune (no System Center Configuration Manager integration) but you won’t be able to do the things that I’ll be discussing in this blog post.  However, the ability to use OMA URI strings for Windows Phone 8.1 will be coming to standalone Intune in the coming months.  Look for a blog post with additional information about those changes in the near future! 

What are OMA URI strings and how do we use them? 

System Center Configuration Manager has the ability to create custom settings with OMA URIs (Open Mobile Alliance Uniform Resource Identifier) to target Configuration Service Providers (CSPs) on a device to directly configure nodes available on a mobile device.  This allows us to bridge the gap between what features and functionality are available for a mobile device and what is available for configuration through the System Center Configuration Manager GUI. 

How do we know what OMA URI strings to configure? 

All of the Windows Phone 8.1 settings you can configure via an MDM solution such as Intune are documented in the Windows Phone 8.1 MDM Protocol documentation located here. 

Let’s create an OMA URI setting to solve a problem! 

The problem we are trying to solve is that a customer does not want to allow their users to connect a Windows Phone 8.1 device to a PC and be able to copy files to or from the phones storage.  If you go to page 140 of the protocol documentation, you’ll see the appropriate setting for this task (screenshot below).  You’ll also notice many other interesting settings that you can deploy using this same technique.  

  

 

Now that we know the setting and the value, we should create this configuration item in the System Center Configuration Manager console. See step-by-step instructions below. 

From within the System Center Configuration Manager console create a new configuration item 

  

Give the configuration item a name and specify the type as “Mobile Device” and then click “Next” 

  

Check the box “Configure additional settings that are not in the default settings group” and then click “Next” 

  

Click “Add…” 

  

Click “Create Setting…” 

  

Give the setting a name, choose “OMA URI” from the drop down and since the value can be either “0” or “1” per the documentation it will be an integer data type. Enter “./Vendor/MSFT/PolicyManager/My/Connectivity/AllowUSBConnection” as your OMA URI.  Then click “OK”. 
Note: You can understand the full OMA URI value by reading the section of the protocol document called “PolicyManager configuration service provider (New in Windows Phone 8.1)” 

  

On the “Browse Settings” dialog, search for the setting you just created and choose “Select” 

  

Next we’ll need to provide an integer value of 1 (allow) or 0 (disallow).  Since we want to disable USB connectivity we’ll enter “0”.  Make sure you leave “Remediate noncompliant rules when supported” checked and then click “OK 

  

Click “Close” 

  

Click “Next” 

  

Select Windows Phone 8.1 as the supported platform for this setting and then click “Next” 

  

Click “Next” 

  

Click “Next” 

  

Click “Close” 

  

 

You’ve successfully created a configuration item with an OMA URI setting.  Now you should add the configuration item to a baseline and deploy it to users or devices as you would any configuration item.  Congrats! Now you can repeat this process for any settings in the Windows Phone 8.1 MDM Protocol documentation. 

Next up, inventory! 

While System Center Configuration Manager and Intune will inventory a ton of great information by default, there might be a few items that you think are missing.  Well, just as you create custom MOF (Managed Object Format) files to collect additional information on the servers and workstations you manage with System Center Configuration Manager, you can do the same for Windows Phone 8.1. 

The below is the code you would create to inventory the device name (the one the end user specified), IMEI, and the phone number of the device. This is an example that includes the three most common pieces of hardware inventory that I've heard customers request for Windows Phone 8.1 that isn't included by default. 
 
Simply copy and paste the code into Notepad and save it with a “.MOF” extension on your System Center Configuration Manager server. For example, “DeviceName and IMEI and Phone Number.MOF 

#pragma namespace ("\\.\root\cimv2") 
instance of __Namespace 
{ 
    Name = "SMS" ; 
}; 
#pragma namespace ("\\.\root\cimv2\SMS") 
instance of __Namespace 
{ 
    Name = "INV_TEMP" ; 
}; 
#pragma namespace ("\\.\root\cimv2\SMS\INV_TEMP") 
class SMS_Class_Template 
{ 
}; 
[ SMS_Report (TRUE), 
  SMS_Group_Name ("Device_CUSTOMINFO"), 
  SMS_Class_ID ("MICROSOFT|DEVICE_CUSTOMINFO|1.0"), 
  Namespace ("Reserved"), 
  SMS_DEVICE_URI ("") ] 
class Device_CUSTOMINFO : SMS_Class_Template 
{ 
    [SMS_Report (TRUE), SMS_DEVICE_URI("WM:./DevDetail/Ext/Microsoft/DeviceName")] 
    String     DeviceName; 
    [SMS_Report (TRUE), SMS_DEVICE_URI("WM:./Vendor/MSFT/DeviceInstanceService/IMEI")] 
    String     IMEI; 
[SMS_Report (TRUE), SMS_DEVICE_URI("WM:./Vendor/MSFT/DeviceInstanceService/PhoneNumber")] 
    String     PhoneNumber; 
}; 

Right-click your “Default Client Settings” and choose “Properties 

  

On the “Hardware Inventory” pane choose “Set Classes…” 

  

Choose “Import” 

  

Select the MOF file you created previously and click “Open” 

  

Click “Import” 

  

Then click “OK” to return to the System Center Configuration Manager console. 

The next time your Windows Phone 8.1 devices send inventory to Intune you’ll get the additional information specified in the MOF.  You can further extend your MOF file by using other data specified in the Windows Phone 8.1 MDM Protocol documentation located here. 

Thank you! 

I hope that you’ve found this blog post useful and that it makes your Windows Phone 8.1 management with Intune more complete.  Please bookmark this blog and check back often as we plan to post new content weekly! 

Also – if you’re not yet using Intune, sign up for a free 30-day trial today!