How to create configuration items for Windows Phone devices managed without the System Center Configuration Manager client


Aplica-se A: System Center Configuration Manager (current branch)

Use the O System Center Configuration Manager  Windows Phone configuration item to manage settings for Windows Phone devices that are enrolled in Microsoft Intune or managed on-premises by Gestor de configuração.To create a Windows Phone configuration itemIn the Gestor de configuração console, click Assets and compliance.In the Assets and Compliance workspace, expand Compliance Settings, and then click Configuration Items.On the Home tab, in the Create group, click Create Configuration Item.On the General page of the Create Configuration Item Wizard, specify a name, and optional description for the configuration item.Under Specify the type of configuration item that you want to create, select Windows Phone.Click Categories if you create and assign categories to help you search and filter configuration items in the Gestor de configuração console.On the Supported Platforms page of the wizard, select the specific Windows Phone platforms that will evaluate the configuration item.On the Device Settings page of the wizard, select the settings group that you want to configure. See Windows Phone configuration item settings reference in this topic for details, and then click Next.If the setting that you want is not listed, select the Configure additional settings that are not in the default setting groups check box.On each settings page, configure the settings you require, and whether you want to remediate them when they are not compliant on devices (when this is supported).For each settings group, you can also configure the severity that will be reported when a configuration item is found to be noncompliant from:None - Devices that fail this compliance rule do not report a failure severity for Gestor de configuração reports.Information - Devices that fail this compliance rule report a failure severity of Information for Gestor de configuração reports.Warning - Devices that fail this compliance rule report a failure severity of Warning for Gestor de configuração reports.Critical - Devices that fail this compliance rule report a failure severity of Critical for Gestor de configuração reports.Critical with event - Devices that fail this compliance rule report a failure severity of Critical for Gestor de configuração reports. This severity level is also be logged as a Windows event in the application event log.On the Platform Applicability page of the wizard, review any settings that are not compatible with the supported platforms you selected earlier. You can go back and remove these settings, or you can continue.Unsupported settings are not assessed for compliance.Complete the wizard.You can view the new configuration item in the Configuration Items node of the Assets and Compliance workspace.<section address="BKMK_Setref"> Windows Phone configuration item settings referencePasswordSettingDetailsWindows Phone 8Windows Phone 8.1Require password settings on devicesRequire a password on supported devices. YesYesMinimum password length (characters)The minimum length for the password. YesYesPassword expiration in daysThe number of days before a password must be changed. YesYesNumber of passwords rememberedPrevents re-using previously used passwords. YesYesNumber of failed logon attempts before device is wipedWipes the device if this number of login attempts fail. YesYesPassword complexityChoose whether you can specify a PIN such as ‘1234’, or whether you must supply a strong password. YesYesSend password recovery PIN to Exchange ServerYesYesDeviceSettingDetailsWindows Phone 8Windows Phone 8.1Screen captureNoYesDiagnostic data submissionAllow submission of app log files. YesYesGeolocationAllow the device to use location services information. NoYesCopy and PasteUse copy and paste to transfer data between apps. NoYesBluetoothAllows use of the Bluetooth capability of the device.YesYesEmail managementSettingDetailsWindows Phone 8Windows Phone 8.1POP and IMAP emailAllows connection to email accounts that use the POP and IMAP standards. YesYesMaximum time to keep emailHow long to keep email before it is deleted from the server. YesYesAllowed message formatsSpecify whether user emails can be HTML, or plain text only. YesYesMaximum size for plain text email (automatically downloaded)Controls the maximum size of plain text emails when automatically downloaded. YesYesMaximum size for HTML email (automatically downloaded)Controls the maximum size of HTML emails when automatically downloaded. YesYesMaximum size of an attachment (automatically downloaded)Configures the maximum size email that will be automatically downloaded. YesYesCalendar synchronizationYesYesCustom email accountAllow using a non-Microsoft account on the device. YesYesMake Microsoft Account optional in Windows Mail appYesYesStoreSettingDetailsWindows Phone 8Windows Phone 8.1Application storeAllows access to the app store on the device. NoYesEnter a password to access the application storeUsers must enter a password to access the app store. NoYesIn-app purchasesAllows users to make in-app purchases. NoYesBrowserSettingDetailsWindows Phone 8Windows Phone 8.1Default browserUser can change the default Internet browser. YesYesAutofillUser can change autocomplete settings in the browser. YesYesActive scriptingBrowser can run scripts, such as Active X scripts. YesYesPlug-insUser can add plug-ins to Internet Explorer. YesYesPop-up blockerEnables or disables the browser pop-up blocker. YesYesCookiesAllow cookies to be saved on the device. YesYesFraud warningEnable or disable warnings of potential fraudulent websites. YesYesInternet ExplorerSettingDetailsWindows Phone 8Windows Phone 8.1Always send Do Not Track headerPrevents browsing information from being sent to third-party sites. YesYesIntranet security zoneYesYesSecurity level for Internet zoneConfigure the security level for the Internet zone. YesYesSecurity level for intranet zoneConfigure the security level for the intranet zone. YesYesSecurity level for trusted sites zoneConfigure the security level for the trusted sites zone. YesYesSecurity level for restricted sites zoneConfigure the security level for the restricted sites zone. YesYesNamespaces for intranet zoneYesYesGo to intranet site for single word entryEnables or disables the setting that allows Internet Explorer to automatically go to an Intranet site if a valid site name is entered without a preceding HTTP: YesYesEnterprise mode menu optionAllow users to activate and deactivate Enterprise Mode from the Internet Explorer Tools menu. YesYesLogging report location (URL)Specify a URL where visited websites will be logged when Enterprise Mode is active. YesYesEnterprise Mode site list location (URL)Specify the location of the list of websites that will use Enterprise Mode when it is active. YesYesCloudSettingDetailsWindows Phone 8Windows Phone 8.1Settings synchronizationAllows synchronization of settings between devices. YesYesCredentials synchronizationAllows synchronization of credentials between devices. YesYesMicrosoft AccountAllow the use of a Microsoft account on the device. NoYesSettings synchronization over metered connectionsAllow settings to be synchronized when the Internet connection is metered. YesYesSecuritySettingDetailsWindows Phone 8Windows Phone 8.1Unsigned file installationAllows the loading of unsigned files. YesYesUnsigned applicationsAllows the loading of unsigned apps. YesYesSMS and MMS messagingAllow SMS and MMS messaging from the device. YesYesRemovable storageAllow use of removable storage, like an SD card on the device. YesYesCameraAllow use of the device camera. YesYesNear field communication (NFC)Allow communication using NFC on the device. NoYesPeak synchronizationSettingDetailsWindows Phone 8Windows Phone 8.1Specify peak timeYesYesPeak synchronization frequencyYesYesOff-peak synchronization frequencyYesYesRoamingSettingDetailsWindows Phone 8Windows Phone 8.1Device management while roamingAllows the device to be managed by Gestor de configuração when it is roaming. YesYesSoftware download while roamingAllows the download of apps and software when roaming. YesYesEmail download while roamingAllows e-mail downloads when roaming. YesYesData roamingAllow roaming between networks when accessing data. YesYesEncryptionSettingDetailsWindows Phone 8Windows Phone 8.1Storage card encryptionRequire any storage cards used with the device to be encrypted. YesYesFile encryption on deviceRequires that files on the mobile device are encrypted. YesYesRequire email signingRequire emails to be signed before they are sent.YesYesSigning algorithmSelect the algorithm used to sign emails.YesYesRequire email encryptionRequire emails to be encrypted before they are sent.YesYesEncryption algorithmSelect the algorithm used to encrypt emails.YesYesWireless communicationsSetting nameDetailsWindows Phone 8Windows Phone 8.1 </tr> </thead> <tbody> <tr> <TD> <para> <ui>Wireless network connection</ui> </para> </TD> <TD> <para>Enable or disable the devices Wi-Fi capability.</para> </TD><TD><para>Yes</para></TD><TD><para>Yes</para></TD> </tr> <tr> <TD> <para> <ui>Wi-Fi tethering</ui> </para> </TD> <TD> <para>Let’s users use their device as a mobile hotspot.</para> </TD><TD><para>Yes</para></TD><TD><para>Yes</para></TD> </tr> <tr> <TD> <para> <ui>Offload data to Wi-Fi when possible</ui> </para> </TD> <TD> <para/> </TD><TD><para>Yes</para></TD><TD><para>Yes</para></TD> </tr> <tr> <TD> <para> <ui>Wi-Fi hotspot reporting</ui> </para> </TD> <TD> <para/> </TD><TD><para>Yes</para></TD><TD><para>Yes</para></TD> </tr> </tbody> </table> <procedure> <title>To configure a wireless network connection</title> <steps class="ordered"> <step> <content> <para>On the <ui>Configure mobile device wireless communication settings</ui> page, click <ui>Add</ui>.</para> </content> </step> <step> <content> <para>In the <ui>Wireless Network Connection</ui> dialog box, specify the following information about the wireless connection that will be provisioned on mobile devices:</para> <table> <thead> <tr> <TD> <para>Setting</para> </TD> <TD> <para>More information</para> </TD> </tr> </thead> <tbody> <tr> <TD> <para> <ui>Network name (SSID)</ui> </para> </TD> <TD> <para/> </TD> </tr> <tr> <TD> <para> <ui>Network connection</ui> </para> </TD> <TD> <para/> <para>Choose from <ui>Internet</ui> or <ui>Work</ui>.</para> </TD> </tr> <tr> <TD> <para> <ui>Authentication</ui> </para> </TD> <TD> <para>Choose the authentication method for the wireless connection from:</para> <list class="bullet"> <listItem> <para> <ui>Open</ui> </para> </listItem> <listItem> <para> <ui>Shared</ui> </para> </listItem> <listItem> <para> <ui>WPA</ui> </para> </listItem> <listItem> <para> <ui>WPA-PSK</ui> </para> </listItem> <listItem> <para> <ui>WPA2</ui> </para> </listItem> <listItem> <para> <ui>WPA2-PSK</ui> </para> </listItem> </list> </TD> </tr> <tr> <TD> <para> <ui>Data encryption</ui> </para> </TD> <TD> <para>Choose the encryption method used by this connection. The values you can select will differ depending on the <ui>Authentication</ui> method you selected:</para> <list class="bullet"> <listItem> <para> <ui>Disabled</ui> </para> </listItem> <listItem> <para> <ui>WEP</ui> </para> </listItem> <listItem> <para> <ui>TKIP</ui> </para> </listItem> <listItem> <para> <ui>AES</ui> </para> </listItem> </list> </TD> </tr> <tr> <TD> <para> <ui>Key index</ui> </para> </TD> <TD> <para>Select a key index from <ui>1</ui> to <ui>4</ui> that will be used with a <ui>Data encryption</ui> setting of <ui>WEP</ui>.</para> </TD> </tr> <tr> <TD> <para> <ui>This network connects to the Internet</ui> </para> </TD> <TD> <para>Select this option if you want to supply proxy settings that let mobile devices on a wireless connection connect to the Internet.</para> </TD> </tr> <tr> <TD> <para> <ui>Proxy server settings</ui> </para> </TD> <TD> <para>Specify as required, <ui>Server</ui> and <ui>Port</ui> settings for <ui>HTTP</ui>, <ui>WAP</ui> and <ui>Sockets</ui>.</para> </TD> </tr> <tr> <TD> <para> <ui>Enable 802.1X network access</ui> </para> </TD> <TD> <para>Select this option if you want to secure the connection by specifying an EAP type.</para> </TD> </tr> <tr> <TD> <para> <ui>EAP type</ui> </para> </TD> <TD> <para>Choose the EAP type to use from:</para> <list class="bullet"> <listItem> <para> <ui>PEAP</ui> </para> </listItem> <listItem> <para> <ui>Smart card or certificate</ui> </para> </listItem> </list> </TD> </tr> </tbody> </table> </content> </step> <step> <content> <para>When you are finished, click <ui>OK</ui>.</para> </content> </step> </steps> </procedure> </content> CertificatesLet’s you import certificates to install on mobile devices.Click Import, and then specify the following values:Certificate file – Click Browse and then select the certificate file with the extension .cer that you want to import.Destination store – Choose one or more destination stores where the imported certificate will be added on the mobile device from:RootCANormalPrivilegedSPCPeerRole – If SPC (Software Publisher Certificate) is selected as the destination store, choose the role that will be associated with the certificate from:Mobile OperatorManagerUser AuthenticatedIT AdministratorUser UnauthenticatedTrusted Provisioning ServerSystem securitySettingDetailsWindows Phone 8Windows Phone 8.1User Account ControlEnables or disables Windows User Account Control on the device. YesYesNetwork firewallEnables or disables Windows Firewall. YesYesUpdatesChoose how Windows software updates will be downloaded to computers. For example, you can automatically download updates, but let the user choose when to install them. YesYesMinimum classification of updatesChoose the minimum classification of updates that will be downloaded to Windows computers, None, Important, or Recommended. YesYesSmartScreenEnable or disable Windows Smart Screen. YesYesVirus protectionEnsure that the device is protected by antivirus softwareYesYesVirus protection signatures are up to dateEnsure that the antivirus software signatures are up to date.YesYesWindows Server Work FoldersSettingDetailsWindows Phone 8Windows Phone 8.1Work Folders URLConfigures the location of a Windows Server work folder that users can connect to from their device. YesYesWindows Phone allowed and blocked apps list (Windows Phone 8.1 only)Let’s you specify a list of Windows Phone apps that are compliant, or not compliant in your company. Apps that you specify as blocked cannot be installed by users. If you specify a list of allowed apps, users can only install apps in the list.You cannot specify both allowed and blocked apps in the same configuration item.If you specify a list of allowed apps, you must ensure that the company portal app, and any apps you have deployed to Windows Phone 8.1 devices are in the Allowed apps list. To specify an allowed or blocked apps listOn the Allowed and Blocked Apps list (Windows Phone 8.1) page, specify the following information:SettingMore informationBlocked apps listSelect this option if you want to specify a list of apps that users will not be allowed to install. Allowed apps listSelect this option if you want to specify a list of apps that users are allowed to install. AddAdds an app to the selected list. Specify a name of your choice, optionally the app publisher, and the URL to the app in the app store.To specify the URL, from the Windows Phone Store page, search for the app you want to use.Example: Search the store for the Skype app. The URL you use will be the company portal app, or line of business apps, you do not have to specify a full URL, only the app GUID. EditLet’s you edit the name, publisher and URL of the selected app. RemoveDeletes the selected app from the list. ImportImports a list of apps you have specified in a comma-separated values file. Use the format, application name, publisher, app URL in the file. </steps> Configuration items for devices managed without the Configuration Manager client