Support on how to use available payloads on Modern Device Management (MDM) for Windows

search cancel

Support on how to use available payloads on Modern Device Management (MDM) for Windows

book

Article ID: 367447

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Besides the provided documentation regarding MDM (Modern Device Management) for Windows:

Modern Device Management (this is the overview and parent page)

Setting up MDM for Windows (this page has a link to our IMS Software Academy page that has how-to videos)

Preparing the MDM Server

Obtaining and Importing the MDM Server Certificate for Windows

Setting Up and Configuring MDM Server for Windows

Managing Devices by MDM

Do you have any specific steps in how to use and configure the available payloads for an MDM Profile? For example, like the one for "BitLocker Drive Encryption":

Environment

ITMS 8.7.x

Resolution

ITMS enables you to configure various MDM properties. ITMS does not enforce MDM properties. Enforcement is the function of the operating system. Since the enforcement of MDM properties is managed by the operating system itself, we recommend that you consult the documentation from the operating system vendor related to the functionality of the various settings.

In the ITMS console, you can see the LocURI (i.e../Device/Vendor/MSFT/Policy/Config/Bitlocker/IdentificationField) corresponding to each property.

This is what gets delivered to endpoints. You can google these URIs to get more information on how they are used. More information on the Bitlocker settings from Microsoft can be found here:

https://learn.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp

More specifically, you can find information related to ./Device/Vendor/MSFT/Policy/Config/Bitlocker/IdentificationField here:

https://learn.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp#identificationfield

Note: If any specific setting is missing from our MDM solution, you can send any location URI to the endpoint using a custom payload. You just need to define the URI, its type, and its value.

A few things to consider regarding MDM Implementations:

The Windows MDM implementation in ITMS allows the delivery of settings to endpoints. These settings are defined by Microsoft, and their behavior is also implemented by Microsoft. Our understanding of how specific settings work is limited, so we're unable to provide detailed advice in this area. We offer a default set of settings based on Microsoft documentation. However, if a particular setting is missed, we retain the ability to deliver custom settings.
The Windows MDM implementation does not support the execution of custom tasks on endpoints or the collection of custom inventory data from endpoints. Therefore, it's not feasible to retrieve specific data (such as Bitlocker encryption keys) from endpoints using our current MDM implementation.
However, it is possible for users to utilize both MDM and the Symantec Management Agent on the same endpoint. They can use MDM to deliver settings and at same time use the available functionality of SMA (for example, executing specific scripts or collecting custom inventory data).

Feedback

thumb_up Yes

thumb_down No