Custom XML device policy
You can create custom XML policies in Endpoint Management to customize the following features on supported Windows, Zebra Android, and Android Enterprise devices:
- Provisioning, which includes configuring the device, and enabling or disabling features
- Device configuration, which includes allowing users to change settings and device parameters
- Software upgrades, which include providing new software or bug fixes to be loaded onto the device, including apps and system software
- Fault management, which includes receiving error and status reports from the device
For Windows devices: You create your custom XML configuration by using the Open Mobile Alliance Device Management (OMA DM) API in Windows. Creating custom XML with the OMA DM API is beyond the scope of this topic. For more information about using the OMA DM API, see OMA Device Management on the Microsoft Developer Network site.
For Zebra Android and Android Enterprise devices: You create your custom XML configuration by using the MX Management System (MXMS). Creating custom XML with the MXMS API is beyond the scope of this article. For more information about using MXMS, see About MX on the Zebra site.
For Windows 10 RS2 Phone: After a Custom XML policy or Restrictions policy that disables Internet Explorer deploys to the phone, the browser remains enabled. To work around this issue, restart the phone. This is a third-party issue.
To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.
Windows Phone, Windows Desktop/Tablet, Zebra Android, and Android Enterprise settings
XML content: Type, or cut and paste, the custom XML code you want to add to the policy.
After you click Next, Endpoint Management checks the XML content syntax. Any syntax errors appear below the content box. Fix any errors before you continue.
If there are no syntax errors, the Custom XML Policy assignment page appears.
Use Windows AutoPilot to set up and configure devices
Windows AutoPilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use. You can use Windows AutoPilot to reset, repurpose, and recover devices. AutoPilot helps to remove some of the complexity of your current operating system deployment. Using AutoPilot reduces the task to a set of simple settings and operations that can get your devices ready to use quickly and efficiently.
- Devices registered to the organization in Microsoft Store for Business portal.
- Company branding configured in Azure Active Directory portal.
- Company has an Azure Active Directory Premium P1 or P2 subscription.
- Configure Citrix Identity Platform as the IDP type for Endpoint Management: In the Endpoint Management console, go to Settings > Identity Provider (IDP). For more information, see Single sign in with Azure Active Directory.
- Network connectivity to cloud services used by Windows AutoPilot.
- Devices pre-installed with Windows 10 Professional, Enterprise or Education, version 1703 or later.
- Devices have access to the internet.
For more information on configuring prerequisites, see https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot.
To configure Windows Automatic Redeployment in Endpoint Management for AutoPilot devices:
Follow the steps to add a custom XML policy at Custom XML Device Policy. Add the following in XML Content:
<Add> <CmdID>_cmdid_</CmdID> <Item> <Target> <LocURI>./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">int</Format> </Meta> <Data>0</Data> </Item> </Add>
On the Windows lock screen, type the keystroke CTRL + Windows key + R.
Log in with an Azure Active Directory account.
The device verifies that the user has rights to redeploy the device. The device then redeploys.
After the device updates with the AutoPilot configuration, the user can then log into the freshly configured device.