Most of the Organisations follow “Traditional device management approach” which use Group policy as their primary tool to set security standards and end user settings. But in modern device management approach, we should try new solutions like Windows CSPs. In this post, we will see how to deploy and monitor Default Search Engine CSP policy via Microsoft Intune.
Modern device management uses Azure solutions. Azure cloud solutions include Autopilot, Intune, Windows update for business, Windows Analytics, etc. For more details on Modern management, you can read How to move from Traditional to Modern Management. In “Modern device management” world, Microsoft’s guideline is to use Windows 10 CSP’s wherever possible. And try to avoid Group policy unless and until it’s a real necessity.
TIP:Windows 10 RS4 & higher PCs managed through the Intune MDM channel will now have MDM setting prioritised over group policy starting with settings in the Policy CSP.
Content of the post
Overview of Windows 10 CSPs
How to Configure Default Search Engine CSP policy in Intune
How can we monitor the Default Search Engine CSP policy from Intune console?
End user experience of Default Search Engine Policy
Overview of Windows 10 CSPs
There are 500 + CSP’s for Windows 10 management. New CSP’s will added for every new Windows 10 release. In this post, we will see how to change default search engine in Edge as “google” instead of “Bing” using CSP. We will use Intune to deploy the CSP. Based on requirement you can use other CSP’s.
Below are the reference to new CSP’s added :
Below is the CSP to configure Default Search Engine and this CSP was added in Windows 10 1703. In this post, I’ll show you how to configure default search engine policy via Intune Profiles.
How to Configure Default Search Engine CSP Policy in Intune
As we already identified the CSP policy to change the default search engine, we can login to Azure portal Navigate to Microsoft Intune blade -> select Device configuration -> select Profiles -> select Create Profile.
Navigate via Intune blade – Create profile – Settings – Configure – Custom OMA-URI Settings – Windows 10 and later – Add OMA-URI settings
OMA-URI settings to setup Default Search Engine in the Edge browser and the value is the most important settings in the policy.
Name - Edge_Search_Engine Description - NA OMA-URI - ./Device/Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine Data Type -String Value - https://www.google.com/searchdomaincheck?format=opensearch
How to verify Default Search Engine CSP Policy Got Applied?
We can verify CSP deployment status from both Intune console and client side.We will go through each one. How can we monitor the CSP policy deployment from Intune console? Following are some of the options.
Azure portal Navigate to Microsoft Intune blade -> Device configuration – profiles -> “Device configuration profile – > Device status.
As show below you can see list of computers and status of CSP deployment. This will help IT to understand how many computers successfully applied the CSP.
Client side :
Below are the different areas we can look to verify and troubleshoot CSP deployment issues.
- Event viewer :
MDM events are captured in the Event Viewer as shown below
MDM PolicyManager: Set policy string, Policy: (SetDefaultSearchEngine), Area: (Browser), EnrollmentID requesting merge: (DA7B33EF-0E91-4063-B9CB-0C2762E31147), Current User: (Device), String: (https://www.google.com/searchdomaincheck?format=opensearch),Enrollment Type: (0x0), Scope: (0x0)
- MDM Diagnostics :
As shown below you can see Browser policy is applied successfully. However for detailed diagnostics report click on create report.
MDM Diagnostics report are in HTML format. Reports are available within C:\Users\Public\Documents\MDMDiagnostics\MDMDiagReport.html
- WMI provider :
We can use MDM Bridge WMI Provider to see the setting applied by CSP’s on computer. You can connect to below WMI Name space and verify using Wbemtest or WMI Explorer.
Note : you need to launch wmiexplorer in system context otherwise setting will not show
- Registry :
All the MDM Policy CSP settings applied on device registry is in below location
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Browser] "SetDefaultSearchEngine"="https://www.google.com/searchdomaincheck?format=opensearch" "SetDefaultSearchEngine_ProviderSet"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\DA7B33EF-0E91-4063-B9CB-0C2762E31147\default\Device\Browser] "SetDefaultSearchEngine"="https://www.google.com/searchdomaincheck?format=opensearch" "SetDefaultSearchEngine_LastWrite"=dword:00000001
End user experience of Default Search Engine CSP Policy
- Default search engine is Bing before applying the Intune policy.
- Now search engine is Google after applying the Intune policy.
By default, users can change the default search engines. If you want to prevent users from changing this setting, then deploy additional CSP.