Understand custom settings for Windows 10 or 11 devices

This feature is available with Cloud Identity Premium edition. Compare editions 

You can configure devices under Windows device management with custom settings. These settings include many of the most common Windows settings and features that don't have configuration controls in the Admin console.

What is a custom setting?

Custom settings are based on Microsoft configuration service providers (CSPs), which expose device configuration settings on the Windows 10 or 11 platform. CSPs are used by mobile device management (MDM) service providers to read, set, modify, or delete device configuration settings for your organization. They are similar to client-side group policies, in that CSP settings map to configurable or read-only registry keys, files, or permissions.

The Admin console lets you easily incorporate these device configuration settings into your MDM policies. Custom settings include the most commonly used CSPs. See examples

You can apply these custom settings to all users using the top-level organizational unit or to specific users within a child organizational unit. Custom settings can also be inherited from, overridden, and disabled between organizational units. Note that a custom setting applies to all of a user's devices enrolled in Windows device management; you can't apply a setting to specific device for a user. Learn more about the organizational structure.

To learn how to incorporate these settings into your device policies, see Add, edit, or delete custom settings for Windows 10 or 11 devices.

Custom settings vs. Microsoft configuration service providers

While custom settings cover the most common settings, you may need a specific CSP for your organization’s policies. The custom settings page allows you to create a new custom Open Mobile Alliance Uniform Resource Identifier (OMA-URI) policy setting using a valid CSP.

All CSPs include a complete OMA-URI path and the values its supports. Most CSPs are represented in tree format with a diagram that maps to the XML for that CSP.

For details, review the Microsoft documentation.

Popular Microsoft CSPs

There are similar tasks you will need to perform when setting up your custom OMA-URI policies. Here are some of the more popular settings requested by admins.

CSP setting type CSP setting
Network
Security
Certificates
Device hardware
Device software

Map existing GPOs into CSPs

As an administrator, it's important to make sure Active Directory Group Policy Objects (GPOs) you’ve set on your desktop management software are the same on your mobile devices. Microsoft's MDM Migration Analysis Tool (MMAT) helps with this task.

MMAT examines an organization's Windows 10 and 11 GPOs and determines if there are equivalent MDM policies. It then generates both XML and HTML reports indicating the level of support for each GPO in terms of MDM equivalents.

Note: MMAT does not transfer GPOs to MDM policies.

For more details, see the MDM Migration Analysis Tool (external).

Third-party tools aren't supported by Google. If you have an issue with a third-party tool, contact the third-party vendor.

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
11571942283054283231
true
Search Help Center
true
true
true
false
false