Why use the Custom XML Policy for Windows 10 in XenMobile 10.x?

With XenMobile 10.3.x, Citrix has added Windows 10 Tablet, Desktop and Phone MDM APIs and is starting the transition from a Enterprise Mobility Managent to a Unified Endpoint Management Solution for their customers.

The first stepping stone of this is adding the most common MDM APIs to XenMobile 10.3 and make them available in the administration web interface. As their are many more options to configure Windows 10 by XenMobile UI policy’s their is also the option to create a custom xml policy that contains a Configuration service provider configuration.

What is a Configuration Service Provider in Windows 10?

A configuration service provider (CSP) is an interface to read, set, modify or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot. A overview of the options are showed in the link provided in the Additional Resource Section.

Table of Contents

Prerequisites.
Additional Resources
Configuration adding a Windows 10 Wi-Fi policy.
Configuration adding a Windows 10 Wi-Fi removal policy

Prerequisites

1. Windows 10 Pro or Enterprise Workstation
2. Windows 10 Phone
3. XenMobile 10.3 Server
4. Windows 8/10 Wi-Fi Profile Manager
5. Online XML Escape Tool
6. XML Editing tool like Notepad++

Additional Resources

Windows 10 Configuration Service Provider reference
https://msdn.microsoft.com/en-us/library/windows/hardware/dn920025%28v=vs.85%29.aspx
Product IDs in Windows 10 Mobile
https://technet.microsoft.com/itpro/windows/manage/product-ids-in-windows-10-mobile
Compare Windows 10 Editions
https://www.microsoft.com/en-us/WindowsForBusiness/Compare

Configuration adding a Windows 10 Wi-Fi policy

Step Action
          1. Add your Windows 10 Workstation open a browser and go to http://www.thewindowsclub.com/wifi-profile-manager-windows-8 to download the Wi-Fi profile Manager.
          2. Wi-Fi Profile Manager lets you:
·         View the Preferred Network Profiles
·         Change list order
·         Export to XML
·         Import from XML
·         Remove ProfilesWe will use the Export to XML to get the needed information and configuration of the Wi-Fi access point you want to configure on Windows 10 and Windows Phone 10 by Custom XML on XenMobile.
          3. Extract WFPM8.zip to a location on your Workstation.1
          4. At your Windows 10 Workstation, connect to the Wi-Fi access points you want to use with XenMobile.
1
          5. Go to the location on your workstation where you have extracted WFPM8 and execute WiFi8.exe as administrator.3
          6. Within the Wi-Fi Profile Manager, you will see an overview of all Wi-Fi access points configured on your Workstation and their configuration.4
          7. Select the Wi-Fi access point you want to use in XenMobile and right click your mouse to export it to a configuration XML file.5
          8. Browse to the location were WFPM8 exported the file, default this is C:\Users\user\Documents.6
          9. Download and Install Notepad++ to your Workstation.
You can download Notepad++ here: https://notepad-plus-plus.org/
        10. Open the Wi-Fi XML with Notepad++.
The file will look similar to the screenshot below.7
        11. Create a new XML file in Notepad++ and copy in the below template.8
—TEMPLATE—
<Atomic>
<CmdID>_cmdid_</CmdID>
<Add>
<CmdID>_cmdid_</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/WiFi/Profile/<MUST BE NAME OF PROFILE AS PER WIFI XML>/WlanXml</LocURI>
</Target>
<Meta>
<Format xmlns=”syncml:metinf”>chr</Format>
</Meta>
<Data>
<CONFIGURATION COMES HERE>
</Data>
</Item>
</Add>
</Atomic>
—END TEMPLATE—
        12. Open a browser and go to the online XML Escape Tool.9
You can find the online XML Escape Tool here: http://www.freeformatter.com/xml-escape.html#ad-output
        13. Paste the content of the XML from step 10 (Export of the WFPM8) into the Online XML Escape [Copy-paste the string here] field.10
        14. Press [ENSCAPE] to get the correct format we need to use in the XenMobile Custom XML Policy.11
        15. Select the entire content form the [Copy-past the string here] field.12
        16. Paste the copied content in the Notepad++ created XML file in step 11 between <DATA> and </DATA>.13
        17. In the same XML file replace within the <LocURI> string <MUST BE NAME OF PROFILE AS PER WIFI XML> with the <name>QuikSoft-Cisco-Wifi</name> defined in step 10.
See Example below.14
Save the Wi-Fi.xml file.
        18. Login into your XenMobile Administrating interface.15
        19. Select the [Configure] Tab to go to the [Device Policies] section.16
        20. In the [Device Policies] section select [Add] to add the Windows 10/Windows Phone 10 Custom XML policy.17
        21. In the [Add New Policy] select [More] to see the Windows 10/Windows Phone 10 Custom XML policy. Select [Custom XML].18
        22. In section 1. Of the Custom XML Policy provide a [Policy Name] and [Description].19
Select [Next>] to continue.
        23. On the left side the [Windows Phone] tab is highlighted, on the right copy the content of the xml file created is step 16 and 17 into the [XML content] section.20
Configure [Deployment Rules] when needed and select [Next>] to continue.
        24. On the left side the [Windows Desktop/Tablet] tab is highlighted, on the right copy the content of the xml file created is step 16 and 17 into the [XML content] section.21
Configure [Deployment Rules] when needed and select [Next>] to continue.
        25. On the left side the [Windows Mobile/CE] tab is highlighted, uncheck the [Windows Mobile/CE].22
Select [Next>] to continue.
        26. On the left side the [Assignment] tab is highlighted, on the right select the desired [Delivery groups].23
Configure [Deployment Rules] when needed and select [Save] to complete the creation of the Wi-Fi policy.
        27. For testing the Wi-Fi policy enroll a [Windows 10 Tablet/Desktop] or [Windows 10 Phone] against your XenMobile environment.24
        28. Check in the XenMobile Administration Interface if the device is enrolled. Select the Windows 10 Device and choose [Show more].25
        29. A detailed overview of the device will be displayed. On the left select the [Assigned Policies] to check if the Wi-Fi policy is delivered to the device.26
Select [Next] to go to all the [Device details] tabs and Finish.
        30. To check if your Wi-Fi policy is received on the Windows 10 device/Windows 10 Phone Device go to the [All settings] menu.27
        31. Select [Network & wireless].
28
        32. Select [Wi-Fi].
29
        33. When the policy is received by the device, the device should already be connected to the Wi-Fi access point if it is in range.30
        34. To verify, scroll down to the bottom of the screen and select [Manage].
31
        35. Select and hold the Wi-Fi network you pushed by Wi-Fi policy in [Known networks]. You should see that the [Delete] options is greyed out and cannot be used to remove the Wi-Fi network. This means the Wi-Fi policy pushed with XenMobile to the Windows 10 device is successfully received and configured.
32

 

Configuration adding a Windows 10 Wi-Fi removal policy

Step Action
          1. Add your Windows 10 Workstation open Notepad++ and create the below XML file.33
—XML TEMPLATE—
<Atomic>
<CmdID>_cmdid_</CmdID>
<Delete>
<CmdID>_cmdid_</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/WiFi/Profile/<MUST BE NAME OF PROFILE AS PER WIFI XML>/WlanXml</LocURI>
</Target>
</Item>
</Delete>
</Atomic>
—END TEMPLATE—
          2. Replace the [<MUST BE NAME OF PROFILE AS PER WIFI XML>] with the profile name of the Wi-Fi access point you want to remove from the Windows 10 device.3435
          3. Create a [Custom XML policy] in XenMobile and deploy this to the device you want to remove the Wi-Fi access point from.36
          4. Copy and paste the content of the XML file created in Step 1 into the [XML content] section.37
          5. If you want to deploy the Wi-Fi removal policy to a specific range of device/users or a unique device character [Active Sync ID] you can use the [Deployment Rules] within the [Custom XML Policy38
39
          6. Select [Next>] to go through all the steps, in the [Assignment] add the ad the desired [delivery group] select [Save] to complete.40
The Wi-Fi removal policy will now be deployed to the selected delivery group only to the device with the defined unique character.
          7. The easiest way to target a specific user is to create a [Local Group] that you can create from the [Manage], [Users] XenMobile Management Interface and Select [Manage Local Groups] and ad a new local group.41
          8. Add this local group to a [Delivery Group] with the Custom XML Wi-Fi removal policy.42
          9. Add the Wi-Fi removal policy.43
        10. Select [Next>] to go through all the steps and select [Save] to complete.44
        11. To deploy the policy to a specific user, go to [Manage], [Users] tab and select the desired user. Then select the [Assign Local Groups] and add the Local group created, Select [Save]45

Special Thanks to Christopher Friend and Jerome Mainguet for review and comments.

Citrix_Mobilize Windows_Banner 2_728x90_Static_Compete_F_072715