EnterpriseExt configuration service provider
September 30, 2015
The EnterpriseExt configuration service provider allows Information Technology (IT) administrators to use the Mobile Device Management (MDM) service to set up a device to enroll automatically to the MDM server in an enterprise environment, restart a device, and manage the maintenance window schedule for a device so that it can perform device updates and other management tasks. IT administrators can also test updates with a small number of devices in their environment before deploying the same update to all devices.
Note
This CSP applies only to Windows Embedded 8.1 Handheld devices.
The following image shows the EnterpriseExt configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
.jpg)
The following list shows the characteristics and parameters.
./Vendor/MSFT/EnterpriseExt
The root node for the EnterpriseExt configuration service provider. Supported operations: Add, Replace, and Get.DeviceReboot
The root node for the device reboot command. Supported operations: Exec.DeviceReboot/WaitTime
The number of seconds, from 0 to 86400, to wait before restarting the device after the exec command is received for DeviceReboot.The following table shows the possible values and actions:
Value
Action
0
Restart immediately.
1 to 300
The device will be restarted silently after the specified amount of time elapses.
300 to 86400
The user will be prompted 5 minutes (300 seconds) prior to restart with an option to restart now:
If the user chooses Cancel, the device will restart after waiting for 5 minutes.
If the user chooses OK, the device restarts immediately.
MaintenanceWindow
The root node for the maintenance window.The MDM server queries the device to see if it is in a maintenance window so that it can be updated. If the device is not in a maintenance window, the server blocks maintenance actions that might shut down or restart the device. If the device is in a maintenance window, the server does not block the actions.
Before a maintenance window begins on the device, the user is notified that it will soon begin. Because the scheduler manages the notification window and only one instance of the scheduler can run, a command that an IT administrator pushes to the device will be run after the notification window is closed.
To change the duration of a maintenance window while a device is in the maintenance window, the IT administrator must delete the existing maintenance window configuration and then apply the new maintenance window configuration to the device. The new configuration can change the duration of the current maintenance window, but the device will remain in a maintenance window even if the new configuration includes a later start time.
The state of being in a maintenance window cannot be cancelled while it is in progress.
MaintenanceWindow/MaintenanceAllowed
Specifies whether maintenance is allowed on the device: a value of 1 indicates that maintenance is allowed because the device is either in a maintenance window or no maintenance window is scheduled. A value of 0 indicates that no maintenance is allowed because the device is outside of the scheduled maintenance window.Supported operations: Get.
MaintenanceWindow/MWMandatory
Returns 1 if a maintenance window is mandatory or 0 if a maintenance window is optional (from an end-user perspective). This is a global setting that affects all the scheduled maintenance windows on the device.Sets the value for Boolean flag that indicates whether a maintenance window is mandatory and whether a user should be able to cancel the maintenance window. The default value is 1, which indicates that the maintenance window is cannot be cancelled by user. This is a global setting that affects all the scheduled maintenance windows on the device.
Supported operations: Get, Set.
MaintenanceWindow/ScheduleXML
Gets the list of maintenance window schedules as XML.Replaces the current schedule with a new set of schedules or adds new schedules if there are no existing schedules. Replace is destructive and will erase the old schedule.
Supported operations: Add, Replace, and Get.
Use the parameters in the following table to specify the schedule for the maintenance window.
Parameter
Description
Enabled
Specify true to enable the maintenance window; otherwise, specify false.
Schedule StartDate
Specifies the date to start the scheduled maintenance window, including the year, month, day, T as a separator, hour, minute, and second: YYYY-MM-DDTHH:mm:ss format. For example: 2013-10-27T02:00:00
IsUTC
Specify true if the time should be interpreted as UTC time; otherwise, specify false.
Duration
Required. Specifies the duration of the scheduled maintenance window:
ParameterDescriptionDaysAn integer that specifies the number of days: 01 through 31.HoursAn integer that specifies the number of hours for the maintenance window: 0 through 23.MinutesAn integer that specifies the number of minutes in addition to the hours for the maintenance window: 0 through 59.Recurrence
Required. Specifies the recurrence schedule for the maintenance window:
ParameterDescriptionTypeRequired. A string that specifies the recurrence schedule:None – one time instance only.
Interval—occurs at a specified interval as defined by MinuteSpan.
MinuteSpanRequired if the type is Interval. Specifies the interval recurrence in minutes: 0 through 59.HourSpanRequired if the type is Interval. Specifies the interval recurrence in hours: 0 through 23.DaySpanRequired if the type is Interval. Specifies the interval recurrence in days: 0 through 31.MaintenanceWindow/MWNotificationDuration
Gets the duration of pop-up windows in minutes.Sets the pop-up window duration in minutes. The default duration is 5 minutes.
Supported operations: Get, Set.
MaintenanceWindow/MWminimumDuration
Gets the minimum duration to be considered as a valid MaintenanceWindow.Sets the minimum duration of maintenance window to be considered a valid window by the device. The default minimum duration is 5 minutes.
Supported operations: Get, Set.
DeviceUpdate
The parent node for device update settings.DeviceUpdate/DateTimeStamp
Specifies when to start a new device update session. This number can be any integer greater than zero, but to start a new session, the value must be greater than the value that is on the device.Supported operations: Add, Replace.
DeviceUpdate/UpdatesResultXml
Specifies the update information that is on the device.Supported operations: Add, Get.
DeviceUpdate/ApprovedUpdatesXml
Pass in the contents of an XML file with the list of packages for a given OS/firmware update for the Approved Updates process. This is the same as the DUReport.xml file generated during an update. For more information about Approved Updates, go to the Approved Updates page.Supported operations: Add, Replace.
DeviceUpdate/CustomContentUrisXml
Pass in the contents of an XML file with the location of each package in an update for the Approved Updates process. This is usually a link to a network share where the packages are hosted. For more information about Approved Updates, go to the Approved Updates page.Supported operations: Add, Replace.
MDM
The parent node for MDM settings.MDM/Server
A string that specifies the MDM server to enroll the device to.MDM/Username
A string that specifies the username of the person to enroll.To enroll multiple devices (bulk enroll), enter the same user credentials for all devices.
MDM/Password
A string that specifies the password for the person to enroll.MDM/EnableDeviceEnrollment
Set to true to skip the discovery service; otherwise, set to false. The default value is true.This value is saved in the HKLM\Software\Microsoft\Enrollment\EnableDeviceEnrollment registry key, and is set to a pre-defined value of 0 (zero).
Pfx
The parent node for enterprise certificate validation.DisableEnterpriseValidation
Set to true to disable validation of certificates installed on the device; if set to false or if the value is not set, then the validation of certificates is performed by contacting the Microsoft server over the Internet. If the device does not have an Internet connection and the value is set to false, then apps may be disabled or deployments may be blocked.Value type is Boolean.
This value is saved in the registry in the HKLM\software\microsoft\enterpriseappmanagement\appmanagementvalidation\config\DisabledByEnterprise key.
The restart process
The restart command is sent as an XML provisioning file to the device.
The user is alerted that the company IT requires that the device be restarted, and the device will be restarted after waiting for the number of seconds specified in DeviceReboot/WaitTime.
The enrollment process
When you load the provisioning file to a device during the OOBE by using a Secure Digital (SD) card or near-field communication (NFC) Tag, the device connects to the company Wi-Fi that is defined in the provisioning file and then initiates the enrollment to the MDM server.
The device sends unique and constant device IDs to the MDM server as part of the enrollment information.
The server then authenticates the device based on the credentials and unique device IDs, and then it issues certificates to each device.
OMA client provisioning examples
The XML examples in this section show how to perform various tasks by using OMA client provisioning.
MDM enrollment example
The following example shows how to enroll a device.
<characteristic type="EnterpriseExt">
<characteristic type="MDM">
<parm value="contoso.com:443" name="Server"/>
<parm value="@contoso.com" name="Username"/>username<parm value="password" name="Password"/>
<parm value="TRUE" name="EnableDeviceEnrollment"/>
</characteristic>
OMA DM examples
These XML examples show how to perform various tasks using OMA DM.
Device restart example
Restart a device:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Exec>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/DeviceReboot/WaitTime</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Exec>
</SyncBody>
</SyncMl>
Maintenance window examples
Set the maintenance window schedule. In this example, the schedule starts on October 27, 2013 (10/27/2013) at 2:00 A.M. and lasts for 4 hours:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/ScheduleXml</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data><MWList><MW Enabled="True"><Schedule StartDate="2013-10-27T02:00:00" IsUTC="False"/><Duration Days="0" Hours="4" Minutes="0"/><Recurrence Type="None" MinuteSpan="0" HourSpan="0" DaySpan="0"/></Schedule></MW></MWList>
</Data>
</Item>
</Add>
</SyncBody>
</SyncMl>
Retrieve the maintenance window schedule:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/ScheduleXml</LocURI>
</Target>
</Item>
</Get>
</SyncBody>
</SyncMl>
Retrieve the MaintenanceAllowed value:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MaintenanceAllowed</LocURI>
</Target>
</Item>
</Get>
</SyncBody>
</SyncMl>
Set the MWNotificationDuration value to 3 minutes:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MWNotificationDuration</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>3</Data>
</Item>
</Replace>
</SyncBody>
</SyncMl
Set the MWMinimumDuration to 2 hours:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MWMinimumDuration</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>120</Data>
</Item>
</Replace>
</SyncBody>
</SyncMl
Set MWMandatory to 0, which means that the window can be cancelled by the device user:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MWMandatory</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Replace>
</SyncBody>
</SyncMl
Get the current values of MWNotificationDuration, MWMinimumDuration, and MWMandatory values from the device:
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MWNotificationDuration </LocURI>
</Target>
</Item>
</Get>
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MWMinimumDuration</LocURI>
</Target>
</Item>
</Get>
<Get>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/MaintenanceWindow/MWMandatory</LocURI>
</Target>
</Item>
</Get>
</SyncBody>
</SyncMl>
Schema for the maintenance ScheduleXML parameters
<?xml version="1.0" encoding="utf-16LE" ?>
<!--
In-memory format is Little Endian and
hence the encoding of this file has to be little endian
to be in the native format. Make sure that this file's
encoding is Unicode-16 LE (Unicode Codepage 1200) --> <xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
>
<!-- COMPLEX TYPE: Duration -->
<xs:complexType name="duration_t">
<xs:attribute name="Days" >
<xs:simpleType>
<xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="0" />
<xs:maxInclusive value="31" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="Hours" >
<xs:simpleType>
<xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="0" />
<xs:maxInclusive value="23" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="Minutes" >
<xs:simpleType>
<xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="0" />
<xs:maxInclusive value="59" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
<!-- COMPLEX TYPE: Recurrence -->
<xs:complexType name="recurrence_t">
<xs:attribute name="Type" use="required">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:pattern value="None|Interval"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="MinuteSpan" >
<xs:simpleType>
<xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="0" />
<xs:maxInclusive value="59" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="HourSpan" >
<xs:simpleType>
<xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="0" />
<xs:maxInclusive value="23" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="DaySpan" >
<xs:simpleType>
<xs:restriction base="xs:unsignedInt">
<xs:minInclusive value="0" />
<xs:maxInclusive value="31" />
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
<!-- COMPLEX TYPE: Schedule TYPE -->
<xs:complexType name="schedule_t">
<xs:sequence>
<xs:element name="Duration" type="duration_t" minOccurs="1" maxOccurs="1"/>
<xs:element name="Recurrence" type="recurrence_t" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="StartDate" type="xs:dateTime" use="required"/>
<xs:attribute name="IsUTC" type="xs:boolean" use="required"/>
</xs:complexType>
<!-- COMPLEX TYPE: PROP TYPE -->
<xs:complexType name="prop_t">
<xs:attribute name="Name" type="xs:string"/>
<xs:attribute name="Value" type="xs:string"/>
<xs:attribute name="Datatype" >
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:pattern value="integer|string|boolean"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
<!-- COMPLEX TYPE: PropList TYPE -->
<xs:complexType name="proplist_t">
<xs:sequence>
<xs:element name="Prop" type="prop_t" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: MW TYPE -->
<xs:complexType name="mw_t">
<xs:sequence>
<xs:element name="Schedule" type="schedule_t" minOccurs="1" />
</xs:sequence>
<xs:attribute name="Enabled" type="xs:boolean" use="required"/>
</xs:complexType>
<!-- SCHEMA -->
<xs:element name="MWList">
<xs:complexType>
<xs:sequence>
<xs:element name="PropList" type="proplist_t" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="MW" type="mw_t" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="version" use="required" type="xs:decimal"/>
</xs:complexType>
</xs:element>
</xs:schema>