How to Leverage Configuration Service Provider (CSP) and Custom settings for Windows 10 devices

Managing Windows 10 devices in the enterprise environment is the need of the hour. Especially since the boundaries of ‘work perimeters’ are diminishing and the enterprise Windows 10 devices are connected to unknown networks outside of the secure corporate network, the traditional on-prem device management and patch management is no longer enough. The legacy tools cannot be used to manage the devices outside of the enterprise network or via VPN.

As enterprises move to modern management using an MDM or a UEM tool to encompass all the Windows 10 devices used for work, creating granular usage and access settings is critical for maintaining device and data security and UI consistency. And while several companies might be opting for COPE- corporate owned personally enabled management, having the provision to push settings whenever needed is imperative, especially since remote working might be a new normal in the near future.

In this article, let us discuss the CSP or Custom Service Provider which helps in pushing settings and managing device operations in the enterprise environment.

What is a Configuration Service Provider (CSP)?

Configuration Service Provider or CSP is an interface that enables reading, setting, modifying or deleting previous configuration settings on the device. CSP is a component of the Windows operating system and comes handy for IT teams managing Windows device inventory to seamlessly apply settings for each device, assign applications depending on the use-case and ensure that the device configuration meets the organizational standards for security and integrity. 

CSP is an integral part of mobile device management and helps the IT teams in setting up universal policies for all remotely operating Windows 10 devices. CSP templates are widely available for configuring the UI changes on the managed Windows 10 devices, limiting access to applications, protecting corporate data as well as controlling the action centers. IT teams can make use of ready-made templates or configure their own, to have granular control over the device settings. An MDM for Windows 10 is needed to deploy these CSPs efficiently to the devices. 

Scalefusion offers the capability to configure CSPs and push them on the devices. This is done within the custom settings section of the Device Profile settings on the Scalefusion dashboard. IT admins can choose any trusted XML editor to create a CSP configuration and push it to the devices using Scalefusion. Further, IT admins can replace or delete the operations of CSP.

How to configure and push custom settings/CSP on managed devices with Scalefusion:

Getting started:

Sign up, login and enroll Windows 10 devices into Scalefusion MDM. Create base policy settings or Device Profile to get started with pushing custom settings on the managed devices. Navigate to the Device Profile section of the dashboard and click on edit profile.

Step 1:

Navigate to the Settings section in the Device Profile. Select the Custom Settings Tab from the left menu.

Step 2:

Now, select the send payload as an atomic command option with the toggle button. This will ensure that all the commands in the payload either succeed or fail and policies are not half applied on the devices. This setting will ensure the entire payload is wrapped in an Atomic command

Step 3:

Choose the conflict resolution method. This is to resolve clashes between overlapping policies and restrictions configured via the device profile. For instance, if an application is whitelisted in the Application whitelisting policy and is blocked via CSP, the conflict resolution settings can help in determining the optimum way to resolve the conflict and present the right set of settings on the device.

You can choose from two options:

• Custom Payload Wins over Device Profile Settings: In this case, the settings in the custom payload are given preference and the Device Profile settings are ignored.
• Device Profiles Wins over Custom Payload: In this option, the settings in Device Profile are given preference and the Custom Payload settings are discarded.

Step 4:

Configure the custom payload. You can clear the existing payload and start typing in the new custom payload commands in the Payload editor. You can alternatively import an XML file and it will be available in the Custom Settings tab. 

Learn more

Step 5:

Validate the Payload by clicking on the Validate button. This will check the payload file for any syntactic or validation issues. If your entered payload is all okay and ready to be deployed, it will flash a green tick on the top right corner. 

If there are any errors, a red cross will be displayed on the top right corner which means you need to edit or update the payload.

Step 6:

Save the profile settings and apply it to the device settings. Your custom settings will now be applied to the devices belonging to the profile.

Thus, with CSP or Configuration Service Provider, IT admins can gain access to granular settings on the managed Windows 10 devices.