I am breaking one of my own rules today by posting a straight up guide. I want to do this because
A.) There are not a lot of guides out there on this topic
B.) I feel like I may be able to explain it in a different manner, put my own lazy admin spin on it.
Before we go to far lets talk a little but about Windows 10 and the concept of Modern Managment.
Windows 10 has been built from the ground up to be managed as a mobile device. We are able to accomplish this with a few different protocols, which I myself and not really clear on all the details, but some of those are OMA-DM, SyncML, CSP's, and another OMA-Something,Something.
What this boils down to is anything that is not exposed through your MDMs GUI you will have to use what is called a 'custom policy' or 'custom profile' depending on your MDM solution. These are lines of pseudo code that you can input as SyncML, which to me looks very much like XML. Dont ask me the difference, I dont know. Im just the messenger here.
So, Microsoft maintains a list of all the CSPs you can configure here
Most of these will map out to existing legacy GPO settings. There are 2 types of CSPs when you boil it down. Native CSPs and Policy Backed CSPs. It is important to note this because they are constructed differently. All of the Policy CSPs are under the Policy tab in that reference.
There is a third type of Custom Policy we can push out though, that is third party .ADMX policies. Everything in the above reference website are all first party options from Microsoft, very much built in policies.
What happens when you want to configure something like Google Chrome or even Microsofts own Office Suite? Well that is where .ADMX Ingestion comes into play.
Before we get into it let me tell you the basic idea of it. You start off by grabbing the actual .ADMX file for the GPOs you need. You then open up the .ADMX and copy the entire contents into a custom policy. Once this is done you can create another rule within that policy to configure the options contained within that .ADMX file. This will all become much clearer.....hopefully.
In this example we are going to modify an Outlook GPO that determines what authentication type we would use with Exchange. This is what the GPO looks like on the DC
As you can see it is not just a enabled/disabled option, it also has a drop down menu. Other GPOs may have a table, a custom value you have to put in, or any other number of options. Those are also all configured differently in our policy. This guide will show you how to do both those basic just enabled/disabled GPOs as well as drop down menu GPOs.
So now that we know the GPO that we want to carry over into Modern Managment we can open up the actual outlook.admx file and begin. The first step is to copy THE ENTIRE .ADMX into our custom policy.
To do this we want to go into our MDM and create a new custom policy. A custom policy can contain any number of SyncML entries. Our first entry is going to be the entire .ADMX. Lets give it the policy a name, i'm fond of just using the app name. We also need to tell it where to store this .ADMX file.