Windows CSPs (Configuration Service Provider)

Version 2

    Purpose:

     

    A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. We currently have a small number for now but list will continue to grow. For full list of all CSPs please visit: Configuration service provider reference | Microsoft Docs. CSPs will vary on which OS is supported, please review the Microsoft site to determine if the CSP you want will work on your device.

     

    These are configured the same way as CPE and use the same editor. For more questions on this editor and what it is please see doc: Configuration Profile Editor ( CPE) for IOS, MacOS and TvOS

     

     

    **Note**

    Windows MDM must be configured on the core and clients enrolled to be able to use CSPs. Windows 10 MDM Core Setup and Enrollment

     

    Prerequisites:

     

    You will need to complete the following in order to be able to add  WNS to your Core server.

    1. You will need to be on 2018.1  for the new feature to be available
    2. A 3rd party SSL Identity cert with the FQDN of theis needed for IIS on your core and bindings set to that new certificate.
    3. Windows Developer account - Most that an MSDN account need to get their activation code from the benefits section and create an account on the developers site.

          

    Process:

     

    Agent Settings

    We will need to go into Agent settings and create a new Windows MDM Configuration

     

     

    This will open the configuration window

    1. Create a new Profile
    2. Edit current profiles- This can be done to available or selected profiles, no need to deselect a profile
    3. Select the profile you will like to distribute using this setting.

     

    CSP

     

    Though there is a few now, we will be working towards adding more CSPs but for now you can add custom settings.


    Custom Settings will allow you to Add, Replace or Delete a CSP. These settings can only applied and are there unless you send another profile to remove it. Custom settings do not follow the compliance state and the removal of a profile does not remove the affect you sent with the custom setting. I.E: Want to push out vpn settings with a custom setting, when the profile is removed the vpn settings stay on the device.

     

    • OMA URI: This is the path indicator for the profile, you can see what the path should be with its respective csp from the link Configuration service provider reference | Microsoft Docs.
      • Lets use bitlocker for this example, the oma uri will be ./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption
    • The Data type can be changed to string, integer, boolean, base64 (string) and will depend on the CSP and what you want to use.
      • We continue with bitlocker and change the data type to integer and set it to 1. This will require encryption t storage cards

    Basically you will use the tree forma windows has provided:

    bitlocker csp

     

    Not all CSPs will be available to custom CSPs and will depend greatly on what you are trying to accomplish. We can not have a custom CSP report back to a server or the core in current setup but might be configurable in the data type string using xml. This is untested and can not be supported until we have been able to add more and more CSPs. Please contact support with any questions or concerns. This is beta and all feedback is appreciated to guide us in the usage of this feature.