Skip to content

Windows Device Management

Applicable Policies

The following Policies can be executed on a Windows device.

Passcode Policy

After changing passcode, users will be prompted to change the passcode on the next reboot.

  1. If not, passcode can be changed by going to, Windows Menu -> Settings -> Accounts

    Windows Passcode Policy

  2. Click Password -> Change.

    Windows Passcode Policy

  3. If there is a passcode that does not match the criteria, the following error will be displayed when changing passcode.

    Windows Passcode Policy

  4. Disable device reset - Disable one drive sync - To validate on Desktop, do the following:

    1. Enable policy.
    2. Restart machine.
    3. Verify that OneDrive.exe is not running in Task Manager.

Restrictions Policies

Restrictions policies are those that can be applied on a device restricting or controlling the use of certain specific device features.

The following restriction policies are applicable on a Windows device.

  • Camera - Check if the camera is working or not based on the policy

  • Disable Location - Add a get location command and the location will not complete

  • Disable storage - SD cards and USB drives are not allowed. When plugging in one, an error will be displayed

  • Disable one drive - Reboot the device and the syncing of files will be diasabled in one drive

  • Bluetooth.

  • Disable cellular data.

  • Disable data roaming.

  • Disable connected devices.

  • Disable connect with PC - Policy requires device restart.

Goto -> settings -> phone

The following screen will be displayed with the link phone button greyed out

  • Disable VPN configuration.

  • Disable VPN roaming.

  • Disable date time - Policy requires device restart.

  • Disable the ability to change date time settings.

  • Goto Settings -> Time & Language -> Date & time Following screen will be displayed with configurations grayed out

Assigned Acess Policy

Kiosk Mode that allows a user to lock on to a single app. It requires the users to enter a user name and a domain, the domain is optional if the user name is unique across the system. Moreover, it requires an AMUID which points to the app that will be running on that user. Steps to finding the AUMID can be found here. It’s important to keep in mind if there is a single user when the policy is being applied, there is no way to access the settings and manually sync and revoke the policy. The IoT server sends requests every one minute and if there are any pending revoke policies it will sync at that time. Alternatively, the device could be manually synced using another user account and the changes will be applied. A computer restart is required for the policy enforcement and revoke to take effect.