Hello. Long time no see. Finally I'm back with a new post. This time I created a nice little list with Windows 10 1803 New MDM Policy CSP Settings for the next Windows 10 release.  If you're not familiar with Policy CSP Settings - that are GPO Settings configureable over an Intune OMA-Uri Policy. Here's a great introducation to Policy CSP Settings.

You can find the entire list (CSV) on Github: https://github.com/nicolonsky/Techblog/blob/master/PolicyCSP/CSPPolicyList_New.csv

If you want to know how to generate your own list - just let me know.

Here are my favorite Windows 10 1803 new MDM Policy CSP Settings:

ControlPolicyConflict, MDMWinsOverGP

This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy are set on the device.


LanmanWorkstation, EnableInsecureGuestLogons

Added in Windows 10, version 1803. This policy setting determines if the SMB client will allow insecure guest logons to an SMB server


RestrictedGroups, ConfigureGroupMembership

This security setting allows an administrator to define the members of a security-sensitive (restricted) group.


The next blog post will cover the Restricted-Groups setting, to define the local administrator group. This can be useful, to remove the local administrator rights for a user who enrolled his device to Intune or Azure AD - without the need for Windows AutoPilot.

If interested, I created a Github folder containing the scripts to retrieve and compare the available Policy CSP Settings for a Windows Version. Feel free to leave feedback or improvement changes.


See also my other script to check for open TCP ports: https://tech.nicolonsky.ch/power-shell-script-test-open-tcp-ports/