How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager

 

Updated: February 5, 2016

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Use this topic to help you create System Center 2012 Configuration Manager configuration items that manage settings on mobile devices.

Important

To deploy configuration items to mobile devices, they must be enrolled into Microsoft Intune. For information about how to get your devices enrolled, see Manage Mobile Devices with Configuration Manager and Microsoft Intune.

There are a number of different setting types that you can include in a configuration item, depending on your needs:

  • Default settings – Select and configure typical settings from a list.

  • Settings that are not included in the default settings - To configure additional settings, select the Configure additional settings that are not in the default setting groups check box on the Mobile Device Settings page of the Create Configuration Item wizard.

  • Custom settings – Settings that you define yourself by using OMA URI values. Consult your device vendor documentation to help you define these settings and values. To create the custom settings in the Create Configuration Item wizard:

    1. On the Mobile Device Settings page, click Configure additional settings that are not in the default setting groups.

    2. Click Next > Add > Create Setting.

    3. Configure the required setting values, then click OK.

Note

Not all settings are supported on all platforms. Configuration Manager displays known compatibility issues for the settings that you configure in the default groups and the additional settings. However, you should test the settings and values before you deploy them in a production environment.

Many mobile device settings can be remediated if they are out of compliance.

Warning

Do not configure configuration items for different values and assign them to the same devices. When devices evaluate configuration items that have conflicting values, the order in which they are evaluated is nondeterministic.

For information about the settings you can configure in a mobile device configuration item, see the following topics:

To create a mobile device configuration item

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Compliance Settings, and then click Configuration Items.

  3. On the Home tab, in the Create group, click Create Configuration Item.

  4. On the General page of the Create Configuration Item Wizard, specify the following information, and then click Next:

    - **Name:** Enter a unique name for the configuration item. You can use a maximum of 256 characters.
    
    - **Description:** Provide a description that helps to identify the configuration item in the Configuration Manager console. You can use a maximum of 256 characters.
    
    - In the **Specify type of configuration item that you want to create** list, select **Mobile device**.
    
    - Click **Categories** to assign optional categories to the configuration item to make it easier to search for and filter in the Configuration Manager console. For details, see [How to Manage Configuration Items for Compliance Settings in Configuration Manager](gg712263\(v=technet.10\).md).
    
  5. On the Mobile Device Settings page, select the settings group to configure. If the setting that you want is not listed, select the Configure additional settings that are not in the default setting groups check box, and then click Next.

  6. Configure the settings, and specify whether to remediate them (when supported) if they are out of compliance.

  7. Configure the Noncompliance severity for reports from:

    - **None** Devices that fail this compliance rule do not report a failure severity for Configuration Manager reports.
    
    - **Information** Devices that fail this compliance rule report a failure severity of **Information** for Configuration Manager reports.
    
    - **Warning** Devices that fail this compliance rule report a failure severity of **Warning** for Configuration Manager reports.
    
    - **Critical** Devices that fail this compliance rule report a failure severity of **Critical** for Configuration Manager reports.
    
    - **Critical with event** Devices that fail this compliance rule report a failure severity of **Critical** for Configuration Manager reports. This severity level is also be logged as a Windows event in the application event log.
    
  8. Complete the wizard.

Next Steps

Now that you have created a configuration item, the next step is to add this to a configuration baseline, deploy the configuration baseline to the required user or device collection, then monitor the compliance of the configuration baseline. Use the following topics to help you accomplish this: