So, this is basically the same approach but with MDM it is standardized and designed to work perfectly over the air. The Windows client had so called Client Side Extensions (CSE’s) (compare: CSP) to process the input files and finally do the configuration. On the client side we had the group policy service (compare: MDM client) which simply used a SMB connection (compare: HTTPS) to get the files from the sysvol folders (okay there was a little bit more involved in that process like authentication, GPC lookup, etc, but for this comparison I simplify it a little bit). There was the domain controller (DC) (compare: MDM server) and the DC provided the sysvol folders with policy files. Yeah, right as it is basically the same architecture as we had in an on-premises domain. These components are responsible to read, set, modify, or delete configuration settings on the device. On the client side there are so called Configuration Service Providers (CSP’s). This builds the architecture to transfer instructions in a standardized way to the endpoints. This is vendor independent and is used for Android and iOS management as well. This is a common defined standard and uses a XML-based SyncML format to push the information to the client. The MDM system and the MDM client are working together to exchange data based on the Open Mobile Alliance Device Management ( OMA-DM) protocol (more from Microsoft here). Today Microsoft provides us the MDM client also on Windows 10. The roots of the MDM client are based on Windows Mobile. There is the MDM system (Intune) and the MDM client on the Windows 10 OS. To better understand the processing, we first need to understand the components involved in the process. I cover the current technology and what has changed with Windows 10 version 1903. We will have a look at the architecture, the settings, and the actual processing including the refresh behavior. Intune is an MDM system and has the ability to deploy so called device configuration profiles to managed Windows 10 endpoints. In this post I will dive into the Intune policy processing on a MDM managed Windows 10 client.
0 kommentar(er)
