How to find settings in the Setting Catalog by custom OMA-URI

In a recent announcement by Microsoft, they advised that new configuration profiles in Intune containing custom OMA-URI settings will no longer be able to be created if those settings belong in the Settings Catalog already. This is a move to help organisations adopt the Settings Catalog in favour of the more complex custom settings options. You can read more about this change in my article ‘Microsoft to start blocking custom OMA-URI settings in Intune‘.

Unfortunately, what Microsoft failed to provide was a simple method to look up whether your custom OMA-URI settings are available in the settings catalog already.

Requirements

To search for custom OMA-URI settings with PowerShell, you must have the Intune Administrator role assigned.

You also need to consent to the DeviceManagementConfiguration.Read.All permission with a Global Administrator and have the Beta Microsoft Graph PowerShell SDK installed

List all custom OMA-URI settings used in your environment

The first thing you must do is audit which device configuration profiles in your environment are using custom OMA-URI settings. To do this quickly, use Microsoft Graph PowerShell to explore a list of OMA-URI paths like so:

Connect-MgGraph -scopes DeviceManagementConfiguration.Read.All

$Settings = Get-MgDeviceManagementDeviceConfiguration `
-Filter "(isof('microsoft.graph.windows10CustomConfiguration'))"

$Settings.AdditionalProperties.omaSettings.omaUri

Once you have run the above commands, you will be presented with a list of all settings like below. Ensure you save this list so it can be quickly referenced when creating new configuration profiles from the settings catalog.

Custom OMA-URI list
Custom OMA-URI list

Search for settings in the Settings Catalog by OMA-URI

Now you have a list of settings used in your environment, you can use this information to search for corresponding settings in the Settings Catalog. Again, we will use Microsoft Graph PowerShell and filter by the offsetUri property in the Settings Catalog. The offset Uri is the trailing part of the OMA-URI, after the base URI. Take the following example:

./Device/Vendor/MSFT/LAPS/Policies/PasswordComplexity

This full path can be broken down into two parts, the base URI and the offset URI. The base URI is the first portion of the path up to ‘Policy / LAPS’ (or equivalent), this highlights the scope of the setting and location within the registry. The offset URI details the actual setting which is being configured. The below highlights the base URI (in Blue) and offset URI (in Red).

./Device/Vendor/MSFT/LAPS/Policies/PasswordComplexity

Now you have highlighted the offset URI, use the below example to search for this setting in the Settings Catalog.

Get-MgBetaDeviceManagementConfigurationSetting `
-Filter "offsetUri eq '/Policies/PasswordComplexity'" 

As you can see from the below image, settings were found in the Settings Catalog. If no results were returned to the console, no settings after yet available in the Settings Catalog.

Searching the settings catalog
Searching the settings catalog

Specifically, to search for the setting and configure it through the Intune portal, we need the displayName of the setting from the results. Use the following example to extract the display name.

Get-MgBetaDeviceManagementConfigurationSetting `
-Filter "offsetUri eq '/Policies/PasswordComplexity'" | Select displayName

For this example, the display name is Password Complexity.

Replacing the settings from the Settings Catalog

To find your newly discovered settings in the Settings Catalog and redeploy them to your workstations, login to the Intune admin portal and follow the below steps:

  1. Select Devices.
  2. Select Configuration.
  3. Click Create > Create new policy.
  4. Choose Windows 10 and later > Settings catalog and click Create.
  5. Define a name for your policy and click Next.
  6. Search for the display name of your setting in the search box.

The setting should immediately appear in the Browse by category result section. Once you select it, the setting name will appear below and allow you to enable and configure it.

Searching for existing setting catalog setting
Searching for existing setting catalog setting

Complete the configuration profile wizard to deploy your new setting. Once this is complete, delete or unassign the custom configuration profile.

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

Leave a Reply