Ever heard of a Custom OMA-URI? It’s like a secret admin tool in Microsoft Intune that lets you personalize the way devices are managed. Intune is pretty handy with its default settings for device management, but there are moments when you need to tweak things your own way.

What is OMA-URI?


So, what’s this Custom OMA-URI magic all about?

Imagine an OMA-URI as a code that speaks device language. It’s a link to a specific setting on a device. Think of it as a universal remote for device tasks. And Intune uses this magic code to apply settings.

Now, here’s where the fun begins. Custom OMA-URI lets you create your own special settings using these codes. You can say, “Hey device, do this,” by telling it what URI to look at, what kind of data to expect, and what value to set. It’s like crafting a unique potion for each device. These cool settings usually come in profiles. Profiles are like collections of device instructions. Custom OMA-URI settings hang out in profiles, just like buddies with other regular settings.

Think of Custom OMA-URI settings as your secret agents for tricky missions. When you’re dealing with apps that aren’t from Microsoft or you have those unique device cravings, these settings step in. Say you want a special setup for that secret app your team uses—just whip up a Custom OMA-URI setting.

Making your own Custom OMA-URI setting is like writing a wizard’s spell. You give it the magic words (URI), tell it the type of trick (data type), and what it should do (value). You can either weave the spell right in the Intune console or use a special script. Flexibility comes as a bonus with Custom OMA-URI settings. You get to customize device management to fit your organization like a glove. But, fair warning, it’s not a “one-size-fits-all” trick; you need to know your devices and these magical OMA-URIs well.


How are OMA-URI built?

Alright, let’s dive into crafting that OMA-URI path to tinker with Windows 10 settings. It’s like putting together a puzzle, and the pieces you need are right in the CSP documentation. Good news is, it’s a breeze to grab these pieces:


Think of scope as the “who” in your setting tale. Is it for a user or a device? There are two scopes: User and Device. For now, just remember this is the starting point of your OMA-URI path. So, it’s like the first chapter of your path’s story: ./<Scope>

You can sometimes skip scope for device-wide settings, but I prefer using it for that extra safety net.


Now, let’s meet the root node. It’s always /Vendor/MSFT/Policy in Policy CSP land. That’s where all the Intune custom policy action happens.

So, add this to your tale, and your OMA-URI path gets its first paragraphs:


Remember, the capitalization dance matters here.


Next, let’s talk about sub-categories. There are two: Policy/Config and Policy/Result. We’re only concerned with Policy/Config. It’s like choosing which flavor of ice cream you want—Policy/Config is our scoop.

Now, our tale continues with:



But we’re not done yet. We need another nugget: the PolicyName. Think of it as the secret code that tells the policy what to do. To find this code, skim the list of policies in the CSP documentation. See which one matches your custom policy needs—AreaName/PolicyName is your key.

And now, the epic finale of our OMA-URI journey:


That’s your golden path to work your Windows 10/11 magic with Intune.

Still puzzled? Here’s an example to make it crystal clear.

OMA-URI Examples


Here are a few examples of OMA-URI settings that you might use in Microsoft Intune to configure various aspects of devices:

Setting Wi-Fi Configuration:
OMA-URI: ./Device/Vendor/MSFT/WiFi/Profiles/{ProfileName}/SSIDConfig/{SSIDName}/ (Example of setting Wi-Fi profile)
Use Case: Configure Wi-Fi settings for devices, including SSID, authentication, encryption, etc.

Setting VPN Configuration:
OMA-URI: ./Device/Vendor/MSFT/VpnSettings/ (Example of setting VPN profiles)
Use Case: Configure Virtual Private Network (VPN) settings, such as server address, authentication, and encryption.

Configuring Email Profiles:
OMA-URI: ./Device/Vendor/MSFT/Email/Profile/{ProfileName}/ (Example of setting email profile)
Use Case: Configure email accounts on devices, including server settings, authentication, and sync options.

Enabling Device Camera:
OMA-URI: ./Device/Vendor/MSFT/Camera/AllowCamera/ (Example of enabling device camera)
Use Case: Enable or disable the device’s camera functionality for security or compliance reasons.

Applying Device Restrictions:
OMA-URI: ./Device/Vendor/MSFT/PolicyManager/My/Category/{CategoryName}/ (Example of applying device restrictions)
Use Case: Enforce restrictions on devices, such as preventing installation of certain apps or limiting access to specific features.

Custom Device Settings:
OMA-URI: ./Device/Vendor/CustomVendor/CustomSettings/ (Example of custom vendor-specific settings)
Use Case: Define and apply custom settings for third-party applications or proprietary configurations.

Configuring Browser Homepage:
OMA-URI: ./Device/Vendor/MSFT/Edge/Policy/StartPages/ (Example of setting browser homepage)
Use Case: Set the default homepage for the device’s web browser.

Enforcing Security Policies:
OMA-URI: ./Device/Vendor/MSFT/PolicyManager/AdmxDefault/{PolicyName}/ (Example of applying security policies)
Use Case: Apply security policies to devices, such as password complexity, screen lock timeouts, and encryption requirements.

These are just a few examples of the types of settings that can be configured using OMA-URI in Microsoft Intune. OMA-URIs provide a way to fine-tune device configurations to match specific organizational requirements and use cases. Keep in mind that OMA-URIs might vary depending on the specific device settings, vendors, and configurations you’re working with.


Leave a comment

Your email address will not be published. Required fields are marked *

12 − six =