When we configure Mobile SSO on iOS with VMware Identity Manager, the documentation indicate that, you have to list the applications bundle IDs that will do Mobile SSO, however sometime it can be cumbersome to every single one of them.
One of the thing that come back often is: do I need admin rights or not ?!. While most of the people will think that this question can only be asked for a user context, it is not true and this apply to device context too.
When you are creating custom xml for specific CSP and import it, you probably wondered what “Make Commands Atomic” tick box means, especially as it is ticked by default.
Windows 10 use OMA-DM (Open Mobile Alliance-Device Management) protocol for MDM, the OMA-DM protocol use the SyncML representation protocol format to pass instructions and stay in sync, SyncML is XML-based so easy to read.
In the SyncML format, Atomic is a container attribute, this mean that it can contain 1 or more instructions within it.
When you create a custom profile with multiple command, some command may fail, some other may succeed, so you may end up with a profile half-applied. This is where Atomic attribute come in play, it validate that all the command succeed or it will fail entirely.
Some CSPs require to use atomic in order to be used, Firewall CSP is one of them, no one want a firewall half-configured…
Let’s say I want to apply 2 settings but it’s fine if one of them is failing then I should create 2 profile for each settings.
Now imagine that you need to run an exec command, apply 2 other settings to make a feature working then Atomic is the “safeguard” to make sure that the exec command run and the other 2 settings are applied as well otherwise if 1 fail the whole profile fail and no settings are applied.
Since Windows 10 embedded a lot of feature some consumer feature are available in the enterprise space like Xbox services and Homegroup, this article explain how do we block these with UEM.
Since Windows 10 1803, we can change the services start type using CSP. This available for any support MDM managed Windows Desktop, (Pro, Business, Enterprise, Education)
Note : Xbox Game Monitoring service is missing from the list but this service depends on Xbox Live Auth Manager and this one is going to be disabled so the service itself won’t be able to start even if the by default the start is on Manual.