Microsoft to start blocking custom OMA-URI settings in Intune

Custom OMA-URI settings in Microsoft Intune can be used to target Windows CSPs (Configure Settings Providers) to configure features on your Windows devices. Generally speaking, when you deploy a custom OMA-URI setting to a device through Intune, relevant registry keys on the device are configured to implement this change.

Microsoft Intune also includes a settings catalogue as part of its device configuration features. The settings catalogue allows you to conveniently search for Windows CSPs and configure them to be deployed to your devices using a friendly UI with supporting names and descriptions of each setting. Unfortunately, not every possible setting is available from the settings catalogue at current.

So how do you configure settings that are not available in the settings catalogue?

Well, that is exactly what custom OMA-URI settings in Microsoft Intune are used for! 

When deploying a change to devices using Microsoft Intune, the best course of action is to first check if the setting is available from the settings catalogue. Failing that, use the Windows CSP policy reference to deploy your change using a custom OMA-URI setting.

Custom OMA-URI settings are configurable by following the below steps:

  1. Log in to https://intune.microsoft.com/ as at least an Intune Administrator.
  2. Select Devices > Configuration.
  3. Select Create > New Policy > Windows 10 and later > Templates.
  4. Select Custom > Create.

Is there any benefit for using custom OMA-URI settings over the settings catalogue?

On a technical level, not really no. But while the custom OMA-URI setting option provides you with a lot of granular control, it is less readable, difficult to understand for support teams and disconnected from the rest of your settings from a management point of view.

What is Microsoft blocking for custom OMA-URI settings?

In message center post ‘MC822716’, Microsoft states that starting August 15th, they will block the creation of new custom OMA-URI settings that already exist in the settings catalogue, starting with the least used settings.

You will not be able to recreate any existing custom OMA-URI settings you have deployed. But, if you try and fail, you already know that the setting is now available in the more convenient settings catalogue. 

From September 2025, Microsoft will continue to expand this block as more settings are added to the settings catalogue.

Audit your deployed custom OMA-URI settings

The quickest way to get a list of all custom configuration profiles in Microsoft Intune is to filter profiles based on the OData type value using Microsoft Graph PowerShell. I have written the below example for you to generate a simple list of profiles which you can take action on.

If you need to install the Microsoft Graph PowerShell SDK, follow my article: How To Install the Microsoft Graph PowerShell Module

Connect-MgGraph -scopes DeviceManagementConfiguration.Read.All

Get-MgDeviceManagementDeviceConfiguration `
-Filter "(isof('microsoft.graph.windows10CustomConfiguration'))"

The output of the above command should look like the following:

Custom device configuration profiles
Custom device configuration profiles

Unfortunately, there is no documentation to state which custom OMA-URI settings are available in the settings catalog without searching the settings catalog manually. My general advice is to use the settings catalog where possible, minimise the use of custom OMA-URI settings and migrate to the settings catalog as soon as you can identify the settings catalog options become available. The goal is to enable consistency in how settings are managed on your devices and improve the readability of device configurations from the Intune admin center.

FAQ

  • When will Microsoft start blocking custom OMA-URI settings? – August 15th 2024.
  • Can I recreate existing custom OMA-URI settings? – No you cannot.
  • Will my existing custom OMA-URI settings be impacted? – No they will not.
  • Can I edit an existing custom OMA-URI setting? – Yes.
  • How should I proceed with this announcement? – You should audit your existing policies to verify if any can be immediately migrated to the settings catalog. If you have outstanding policies after that, set up a monthly review.

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

Leave a Reply