MDM Cloud Wiki

%mdmname% Wiki

  • Docs
  • Languages iconEnglish
    • Italiano

›Microsoft

Introduzione

  • Overview
  • Definitions and Terms
  • Requirements
  • Management scenarios
  • Languages

Configurazione

  • Overview
  • Passport generation
  • ["mobile"]~Apple

    • Overview
    • ["mobile"]~Apple Push Notification Service configuration
    • ["mobile"]~Apple Deployment Program configuration
    • ["mobile"]~Apple Volume Purchase Program configuration
    • ["mobile"]~iOS, iPadOS and tvOS device setup
    • ["edu","mobile"]~Apple Classroom integration
    • ["mobile"]~Apple Autodiscovery setup for user-driven enrollment

    Google

    • Overview
    • Android Enterprise setup
    • ["mobile"]~Android mobile device setup
    • ["mobile"]~Configuration via Android Configurator
    • ["mobile"]~Samsung Knox Mobile Enrollment
    • Pre-installed Agent configuration
    • ["mobile"]~Android Zero-touch sync
    • ["noWhitelabel","mobile"]~Android Enterprise provisioning customizations

    Microsoft

    • Overview
    • Configure MDM in Azure Entra ID tenant
    • Configure Microsoft Autodiscovery
    • Windows Autopilot enrollment
    • Azure Entra ID login enrollment
    • Office enrollment
    • Windows Settings > Enroll only in device management
    • Windows Configuration Designer for imaging
    • Shortcut commands for Standard provisioning
    • Enrollment script for already-logged Azure Entra ID devices
  • General settings
  • ["edu"]~Classes

Utenti

  • Overview
  • Single User detail
  • Azioni degli utenti

    • Overview
    • Change Name
    • Change role
    • Change Email
    • ["edu"]~Manage classes
    • Change password
    • Enable user account
    • Disable user account
    • Change avatar
    • Reset Avatar
    • Bind Devices
    • Unbind devices
    • Tag
    • Remove tags
    • ["mobile"]~User enroll settings
    • Delete user
    • Verify account
  • CSV Users' import
  • Operator's role overview

Dispositivi

  • Overview
  • Device detail
  • Azioni dei dispositivi

    • Overview
    • Device Info
    • Refresh Info
    • Bind User
    • View Screen
    • Change Device Name
    • ["mobile"]~Install/Update App (Apple)
    • ["mobile"]~Remove App (Apple)
    • ["mobile"]~Install/Update App (Google Play)
    • ["mobile"]~Remove App (Google Play)
    • Install Apk
    • Remove Apk
    • ["mobile"]~Install eBook, PDF
    • ["mobile"]~Remove eBook, PDF
    • ["mobile"]~Assign DEP Profile
    • ["mobile"]~Enable Activation Lock
    • ["mobile"]~Disable Activation Lock
    • Shutdown
    • Upload File
    • Remove File
    • Install Certificate
    • Remove Certificate
    • Schedule Os Updates
    • ["mobile"]~Reconnect Google Play Managed Account
    • Keypress
    • Notification
    • Input Video Source
    • Audio Settings
    • Output Video
    • PC Module Power
    • Wake other devices over LAN
    • Standby LCD
    • Volume
    • ["mobile"]~Factory Reset Protection
    • Clean Usage Data
    • Play a Sound
    • Fetch location
    • Set passcode
    • Lock Screen
    • Clear passcode
    • ["mobile"]~Clear Local Restrictions
    • Enable Lost Mode
    • Disable Lost Mode
    • Wipe
    • Restart
    • Unenroll
    • Unenroll and Delete
    • Tag
    • Remove Tag
    • ["mobile"]~Check support coverage
    • ["mobile"]~Set time zone
    • ["mobile"]~Install VPP App
    • ["mobile"]~Unassign VPP License
    • ["mobile"]~Enable Bluetooth
    • ["mobile"]~Disable Bluetooth
    • ["mobile"]~Refresh eSIM Cellular Plans
    • ["mobile"]~Enable Hotspot
    • ["mobile"]~Disable Hotspot
    • ["mobile"]~Enable Data Roaming
    • ["mobile"]~Disable Data Roaming
    • ["mobile"]~Start OS Update
    • ["mobile"]~Add Space
    • ["mobile"]~Logout User / Space
    • ["mobile"]~Remove User / Space
    • ["edu","mobile"]~Detach Passport
    • ["mobile"]~Remove Service Accounts
    • Disable Emergency Mode
    • Install MS Store App
    • Install MSI package
    • Install .exe
    • Remove MS store apps
    • Custom Command
  • CSV Device's Placeholders import

Profili

  • Overview
  • Generale

    • Overview
    • Profile name
    • Profile description
    • Apply to all device's spaces
    • Automatically Remove Profile
    • Limit on dates
    • Limit on WiFi in range
    • Limit on Public IPs

    Codice

    • Overview
    • Minimum passcode length
    • Maximum passcode age
    • Passcode history
    • Maximum number of failed attempts
    • ["mobile"]~Allow simple value
    • ["mobile"]~Require Passcode on Device
    • ["mobile"]~Require alphanumeric value
    • ["mobile"]~Minimum number of complex characters
    • ["mobile"]~Maximum grace period for device lock
    • Device Passcode Policy
    • ["mobile"]~Profile Passcode Policy
    • ["mobile"]~Allow Unified Passcode
    • ["mobile"]~Allow Biometrics Unlock
    • ["mobile"]~Allow Google Smart Lock and other trust agents
    • Allow Notifications in Lock Screen
    • Allow Unredacted Notifications in Lock Screen
    • Allow Camera in Lock Screen
    • Lockscreen time-out
    • Strong Authentication time-out
    • Definition for "Complex" Passcode Policy

    Restrizioni

    • Overview
    • ["mobile"]~Allow device Sleep
    • Allow use of camera
    • Allow screenshots and screen recordings
    • ["mobile"]~Allow AirPlay and View Screen in Classroom
    • ["mobile","edu"]~Force Unprompted AirPlay and View Screen in Classrooms
    • ["mobile","edu"]~Automatically join Classroom classes without prompting
    • ["mobile","edu"]~Require teacher permission to leave Classroom unmanaged classes
    • ["mobile","edu"]~Allow Classroom to lock to an app and lock the device without prompting
    • Allow use of system browser
    • ["mobile"]~Accept Cookies
    • ["mobile"]~Allow Popups
    • ["mobile"]~Enable JavaScript
    • ["mobile"]~Force fraud warning
    • ["mobile"]~Enable Autofill
    • Allow messaging
    • ["mobile"]~Allow News
    • ["mobile"]~Allow use of "iTunes Music Store"
    • ["mobile"]~Allow iBooks Store
    • ["mobile"]~Allow explicit sexual content in iBooks Store
    • ["mobile"]~Allow Podcasts
    • ["mobile"]~Allow Music service
    • ["mobile"]~Allow Radio service
    • ["mobile"]~Allow modifying local restrictions
    • Allow Airplane Mode
    • Allow modifying wallpaper
    • ["mobile"]~Allow modifying device name
    • Allow adjusting Volume
    • Allow unmuting Microphone
    • App Home launcher
    • Allowed Accessibility Tools
    • Allow Erase All Content And Settings
    • Allow modifying account settings
    • Allow Google account modification
    • Allow asking Google Account screen after enroll
    • ["mobile"]~Allow Temporary Session on Shared iPad
    • ["mobile"]~Allow Auto Correction
    • ["mobile"]~Allow Auto Correction
    • ["mobile"]~Allow Spell Check
    • ["mobile"]~Allow keyboard shortcuts
    • Allow continuous path keyboard
    • Allow playback of explicit music, podcasts, and iTunes U content
    • ["mobile"]~Allow pairing with Apple TV Remote app
    • ["mobile"]~Software Updates Delay
    • Allow switch user
    • Force Temporary Session mode
    • Force Select User screen mode
    • Allow temporary login to guest
    • Allow temporary login via account or SSO
    • Allow login to existing User Spaces
    • Force adding Google Account on User Spaces
    • Force Date & Time Automatically
    • ["mobile"]~Allow installing configuration profiles
    • Location services level Precision
    • Force Location services
    • Allow Work profile provisioning
    • Allow Safe Boot
    • Allow use of Gaming platforms
    • ["mobile"]~Allow adding Game Center friends
    • ["mobile"]~Allow multiplayer gaming
    • ["mobile"]~Allow sending diagnostic and usage data to Apple
    • Allow Debug
    • Allow Status Bar
    • Pause limit on Work Profile
    • Allow Ambient Display feature
    • Allow modifying Brightness
    • Keep Screen On during charge
    • Lock the touchscreen
    • Lock the Remote
    • Lock the Key Pad
    • Lock the screen after booting up
    • Allow app installation
    • ["mobile"]~Allow app installs through App Store
    • ["mobile"]~Allow system app removal
    • ["mobile"]~Allow Samsung Galaxy Apps store
    • Allow removing apps
    • ["mobile"]~Allow automatic app downloads
    • Allow Auto Unlock
    • ["mobile"]~Allow In-App Purchase
    • Allow apps control
    • ["mobile"]~Whitelisted iOS Apps
    • ["mobile"]~Blacklisted App iOS
    • Whitelisted App Android
    • Blacklisted App Android
    • ["mobile"]~Autonomous Single App Mode
    • Rating apps
    • Allow Personal Android Apps
    • ["mobile"]~Rating movies
    • ["mobile"]~Rating tv shows
    • ["mobile"]~Allow managed apps to store data in iCloud
    • ["mobile"]~Allow backup of business books
    • ["mobile"]~Allow notes and highlights synchronization of business books
    • ["mobile"]~Allow trusting new enterprise app authors
    • ["mobile"]~Allow Enterprise App Trust Modification
    • ["mobile"]~Require iTunes password for all purchases
    • ["mobile"]~Allow pairing with non-Configurator hosts
    • ["mobile"]~Allow Siri
    • ["mobile"]~Allow Siri Server Logging
    • ["mobile"]~Show user-generated content in Siri
    • ["mobile"]~Enable Siri profanity filter
    • ["mobile"]~Allow Siri while device locked
    • ["mobile"]~Allow Dictation
    • Whitelisted Apps on Personal Google Play
    • Blacklisted Apps on Personal Google Play
    • Allow Unknown sources
    • Allow AutoFill Passwords
    • ["mobile"]~Require Face ID authentication before AutoFill
    • ["mobile"]~Allow setting up new nearby devices
    • ["mobile"]~Allow Password Proximity Requests
    • Allow Airdrop Passwords
    • ["mobile"]~Allow iCloud Keychain
    • ["mobile"]~Allow Handoff
    • ["mobile"]~Allow My Photo Stream
    • ["mobile"]~Allow iCloud Photo Sharing
    • ["mobile"]~Allow iCloud Photo Library
    • ["mobile"]~Allow iCloud documents and data
    • ["mobile"]~Allow AirPrint
    • ["mobile"]~Allow discovery of AirPrint printers using iBeacons
    • ["mobile"]~Require TLS for AirPrint printers
    • ["mobile"]~Allow storage of AirPrint credentials in Keychain
    • ["mobile"]~Force Airplay outgoing requests pairing password
    • ["mobile"]~Force Airplay incoming requests pairing password
    • ["mobile"]~Allow predictive keyboard
    • ["mobile"]~Allow voice dialing while device is locked
    • Allow printing
    • Allow VoIP Calls
    • Allow Cloud backups
    • ["mobile"]~Force encrypted backups
    • ["mobile"]~Allow users to accept untrusted TLS certificates
    • ["mobile"]~Limit AD tracking
    • ["mobile"]~Allow Touch ID / Face ID to unlock device
    • ["mobile"]~Allow modifying Touch ID fingerprints / Face ID face
    • ["mobile"]~Allow Passcode modification
    • ["mobile"]~Allow Siri Suggestions
    • ["mobile"]~Allow Wallet while locked
    • ["mobile"]~Show Control Center in Lock screen
    • ["mobile"]~Show Notification Center in Lock screen
    • ["mobile"]~Show Today view in Lock screen
    • ["mobile"]~Allow editing notification settings
    • ["mobile"]~Allow Apple personalized Advertising
    • ["mobile"]~Allow "Find My"
    • ["mobile"]~Allow "Find My Friends"
    • ["mobile"]~Allow modifying "Find My Friends" settings
    • ["mobile"]~Documents from managed sources appear in unmanaged destinations
    • ["mobile"]~Documents from unmanaged sources appear in managed destinations
    • ["mobile"]~Allow managed apps to edit unmanaged contacts
    • ["mobile"]~Allow unmanaged apps to read managed contacts
    • ["mobile"]~Allow background sync while roaming
    • ["mobile"]~Allow Personal Hotspost Modification
    • ["mobile"]~Allow modifying cellular plan settings
    • ["mobile"]~Allow modifying eSIM settings
    • ["mobile"]~Allow modifying cellular data app settings
    • ["mobile"]~Allow app clips
    • ["mobile"]~Allow OTA PKY updates
    • ["mobile"]~Allow WiFi state modification
    • Allow Passcode
    • Allow location sharing
    • Allow modifying certificates
    • Allow modifying cell broadcast settings
    • Allow data roaming
    • Allow network reset
    • Allow outgoing calls
    • Allow configuring mobile networks
    • Force WiFi power on
    • Allow Tethering
    • Allow USB Mass Storage Mode
    • Bluetooth State
    • Allow Bluetooth modification
    • WiFi Sleep Policy
    • WiFi Whitelisting
    • WiFi "RECOVERY3847"
    • Unlock WiFi Settings Password
    • Allow configure Private DNS
    • Allow VPN creation
    • ["mobile"]~Allow AirDrop
    • ["mobile"]~Treat AirDrop as unmanaged destination
    • Offline Emergency Mode
    • Allow external media
    • Allow USB drive access in "Files" app
    • ["mobile"]~Allow network drive access in "Files" app
    • ["mobile"]~Allow USB accessories while device is locked
    • ["mobile"]~Allow unpaired devices to boot in recovery
    • ["mobile"]~Allow pairing with Apple Watch
    • ["mobile"]~Allow auto unlock with Apple Watch
    • ["mobile"]~Force Apple Watch wrist detection
    • Allow NFC
    • ["kindermann"]~WOL Status
    • ["kindermann"]~Block "Network" system setting pane
    • ["kindermann"]~Block "Wifi" system setting pane
    • ["kindermann"]~Block "Ethernet" system setting pane
    • ["kindermann"]~Block "Hotspot" system setting pane
    • ["kindermann"]~Block "Language" system setting pane
    • ["kindermann"]~Block "Apps" system setting pane
    • ["kindermann"]~Block "Control" system setting pane
    • ["kindermann"]~Block "Source setting" video setting pane
    • ["kindermann"]~Block "Setting" video setting pane
    • ["kindermann"]~Block "Check update" button
    • ["kindermann"]~Block "Auto heck update" toggle
    • ["kindermann"]~Block "Change screen lock password" option
    • ["kindermann"]~Block "Boot lock screen" button
    • ["kindermann"]~Block "Restore factory settings" button
    • ["kindermann"]~Block "Power On time" button
    • ["kindermann"]~Block "Power Off time" button
    • ["kindermann"]~Block "Wake on Lan" button
    • ["kindermann"]~Block "Lock IR remote" button
    • ["kindermann"]~Block "Lock touch" button
    • ["kindermann"]~Block "Lock front panel keys" button
    • Allow offline unenroll
    • Set minimum Wifi security level
    • Cross Profile Packages
    • Set Grant Key Pair to App
    • Allow Cloud Private Relay
    • Allow end task in task manager
    • MSI Allow user control over install
    • MSI always install with elevated privileges
    • Allow modifying WiFi settings
    • Allow store purchases
    • Allow applications installation only in the system's volume

    Certificati

    • Overview
    • File
    • Password
  • ["mobile"]~CT (Certificate Transparency)
  • Network

    • Overview
    • Service Set Identifier (SSID)
    • Security Type
  • Global HTTP Proxy
  • Filtro Contenuti Web

    • Overview
    • Whitelist URL
    • Blacklisted URLs

    App Lock

    • Overview
    • App ID (Apple)
    • App IDs
    • Force opening of the first App
    • Additional Services or Apps ID to permit in background
    • Single App Unlock Password
    • Settings enforced when in App Lock
  • ["mobile"]~Conference Room View
  • Web Lock

    • Overview
    • Single App Unlock Password
    • Main Site URL (Homepage)
    • Settings enforced when in Web Lock
    • Inactivity Timeout to refresh main page
  • VPN Always-ON
  • Cellular
  • Wallpaper
  • Lock Screen Message
  • Permitted Google Accounts
  • ["mobile"]~Home Screen Layout
  • ["mobile"]~AirPlay Security
  • ["mobile"]~Airplay
  • ["mobile"]~Notifications
  • ["mobile"]~Airprint
  • ["mobile"]~Associated Domains
  • ["mobile"]~VPN
  • ["mobile"]~VPN per App
  • ["mobile"]~Calendar
  • ["mobile"]~Contacts
  • ["mobile"]~Subscribed Calendars
  • Monitoring
  • ["mobile"]~Geofence
  • Power management
  • Video sources management
  • Video Settings
  • DNS Settings
  • ["mobile"]~Mail
  • ["mobile"]~Account Google
  • ["mobile"]~Exchange ActiveSync
  • ["mobile"]~Single Sign-On
  • ["mobile"]~Extensible SSO
  • ["mobile"]~SCEP
  • ["mobile"]~Network Usage Rules
  • ["mobile"]~DNS Proxy
  • ["mobile"]~LDAP
  • ["mobile"]~TV Remote
  • ["mobile"]~Font
  • ["mobile"]~Custom profile
  • ["mobile"]~Certificate Revocation
  • ["mobile"]~Samsung Knox
  • Proxy
  • Bitlocker
  • Windows Config
  • Security
  • Custom CSP Policies
  • ADMX Policies

Gruppi

  • Overview
  • Groups
  • Profiles

Apps & Media

  • Overview
  • Regole Gestite

    • Overview
    • Assign and install apps automatically
    • Runtime permissions
    • Managed configurations
  • ["mobile"]~Apple VPP
  • ["mobile"]~Google Play

Smart Workflows

  • Overview
  • ["mobile"]~Deny use of devices with inserted SIM

Catalogo Privato

  • Overview
  • Organization's resources
  • ["edu"]~Teachers' resources
  • Categories
  • Apps lists

Directory Sync

  • Overview

SSO

  • Overview
  • ["mobile"]~SSO Microsoft 365 su iOS ed iPadOS

Altro

  • Overview
  • App search modal
  • Wildcard variables
  • Emergency mode
  • Log and monitoring compatibilities
  • Analytics
  • Security Logs
  • ["mobile"]~Geofence
  • Action Logs
  • Access logs
  • Firewall configurations
  • Platform security
  • ["mobile"]~Knox Platform for Enterprise
  • ["noWhitelabel"]~Release notes
  • ["mobile"]~Enable remote control for Zebra devices
  • ["mobile"]~Enable remote control for Motorola devices
  • ["mobile"]~Android Enterprise OEMConfig compatibility

Domande frequenti

  • Overview

Sicurezza

  • Central
  • Firewall rules
  • Hosts
  • IPs
  • Websites

Windows Autopilot enrollment

WARNING! Before proceeding you need to inizialize the device with a factory reset. Be sure you saved documents and datas in the cloud, so you will be able to retrieve them once the enrollment procedure is complete.

Windows Autopilot configuration will start automatically at device first turn on or after initialization (User-driven flow). If your device supports Autopilot, follow steps and wait to se your device automatically enrolled on your MDM.

Requirements:

  1. Internet connection (At startup use Shift-F10 to open Terminal and run command Ncpa.cpl to manually change network settings)
  2. Windows 10 (build 1809) or newer
  3. Wlidsvc must be enabled
  4. Azure Entra ID Sync connected in Chimpa Admin
  5. MDM configured in Azure Entra ID tenant. Configure MDM in Azure Entra ID tenant.
  6. AD Premium 1 or 2 licensing required
  7. Device in OOBE mode
    • Manufacturers oobe-enabled from factory (business models)
    • Manual shell command
      C:\Windows\System32\Sysprep\sysprep.exe /oobe /shutdown
  8. Device registered into Autopilot console
    • Surface devices can be added also by the client using the Windows Registration Support for Surface
    • Certified resellers allowed to add orders automatically for the clients
    • Manual script generates the csv to import inside the Microsoft Admin - Autopilot
      Install-Script -Name Get-WindowsAutoPilotInfo -Force
      Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
      Get-WindowsAutoPilotInfo.ps1 -OutputFile C:\Temp\W10.csv
    • Remember to assign an Autopilot profile to your devices in the Microsoft Admin - Autopilot or in the Microsoft Endpoint Manager admin center

References:

https://docs.microsoft.com/en-us/mem/autopilot/software-requirements
https://docs.microsoft.com/en-us/mem/autopilot/resolved-issues
https://docs.microsoft.com/en-us/mem/autopilot/configuration-requirements
https://docs.microsoft.com/en-us/mem/autopilot/user-driven

← Configure Microsoft AutodiscoveryAzure Entra ID login enrollment →
MDM Cloud Wiki
%docs%
%getstarted%
%more%
%officialwebsiteurl%
Copyright © 2025 %organizationname%