This blog will be about the new settings catalog and some background info from the client’s perspective. The possibility to configure settings by simply selecting the settings with a GUI instead of manually creating your own custom-made settings (Configuration Service Provider) can be great.
I am not going to show you how to manually create this new settings catalog, Microsoft does a very good job in explaining it.
When writing this blog, in my opinion, there are a lot of settings missing that can be configured. I really hoped to see the option to configure AppLocker as you could do with the old-fashioned on-premise GPO. Not all is bad, the reporting option is great…
If you are reading my blogs often, you will know I want to automate the deployment. The first thing I did, was starting Fiddler to get some more information where the information is stored as the location is not the same as the existing device configuration policies
Device Configuration Policies:
As shown above, it almost uses the same URL, automating it should be no problem at all. To be sure I manually created my first Settings Catalog: MDM Wins Over GP.
While saving the policy I watched fiddler go.
Now we have the URL and the JSON we can automate it.
The zip file contains the script to deploy the new settings catalog JSON and a folder with the JSON itself. The script also assigns the policy to all devices.
Automating the process is one thing I did but I really wanted to see if there is a difference in how the client sees this new settings catalog. So I waited for my own device to receive this setting after I run the PowerShell script.
It was funny to see that all other devices were receiving this setting but my own device was the latest to receive it… Rebooting/stopping and starting the Intune MGT service / Syncing in the company portal and Intune portal did not help at all.
But after getting myself a coffee and reading some other blogs about this new setting, there it was.
You can use the MDMDiagReport to determine if the new setting is being applied:
Or you can open the Registry to check if the new setting is configured like it should.
For now… I am not going to use the new setting catalog because all the settings I wanted to configure are missing but I really like where this is going. When all the settings are configurable from the setting catalog I will definitely going to use it. It’s nothing but a combination of ones and zeroes, that’s it.