Settings Catalog: A World Beyond

Settings Catalog: A World Beyond

This blog will be about the new settings catalog and some background info from the client’s perspective. The possibility to configure settings by simply selecting the settings with a GUI instead of manually creating your own custom-made settings (Configuration Service Provider) can be great.

I am not going to show you how to manually create this new settings catalog, Microsoft does a very good job in explaining it.

Create a policy using settings catalog in Microsoft Intune – Azure | Microsoft Docs

When writing this blog, in my opinion, there are a lot of settings missing that can be configured. I really hoped to see the option to configure AppLocker as you could do with the old-fashioned on-premise GPO. Not all is bad, the reporting option is great…

If you are reading my blogs often, you will know I want to automate the deployment. The first thing I did, was starting Fiddler to get some more information where the information is stored as the location is not the same as the existing device configuration policies

Settings Picker:

Device Configuration Policies:

As shown above, it almost uses the same URL, automating it should be no problem at all. To be sure I manually created my first Settings Catalog: MDM Wins Over GP.

While saving the policy I watched fiddler go.

Now we have the URL and the JSON we can automate it.

https://call4cloud.nl/wp-content/uploads/2021/02/SettingsPicker.zip

The zip file contains the script to deploy the new settings catalog JSON and a folder with the JSON itself. The script also assigns the policy to all devices.

Automating the process is one thing I did but I really wanted to see if there is a difference in how the client sees this new settings catalog. So I waited for my own device to receive this setting after I run the PowerShell script.

It was funny to see that all other devices were receiving this setting but my own device was the latest to receive it… Rebooting/stopping and starting the Intune MGT service / Syncing in the company portal and Intune portal did not help at all.

But after getting myself a coffee and reading some other blogs about this new setting, there it was.

You can use the MDMDiagReport to determine if the new setting is being applied:

Or you can open the Registry to check if the new setting is configured like it should.

Conclusion

For now… I am not going to use the new setting catalog because all the settings I wanted to configure are missing but I really like where this is going. When all the settings are configurable from the setting catalog I will definitely going to use it. It’s nothing but a combination of ones and zeroes, that’s it.

Leave a Reply

Your email address will not be published. Required fields are marked *

4  +  6  =