Custom OMA-URI & PowerShell Scripts
Understanding the Concept
Custom OMA-URI (Open Mobile Alliance Uniform Resource Identifier) profiles allow configuration of Windows CSP settings not available in standard Intune profiles or the Settings Catalog. Each OMA-URI setting requires the CSP path, data type, and value.
PowerShell scripts in Intune extend configuration capabilities beyond what CSPs offer. Scripts can configure registry settings, install software, modify system settings, and perform complex configurations. Scripts run in the SYSTEM context by default but can be configured to run in the user context.
Remediation scripts (Proactive remediations) consist of a detection script and a remediation script pair. The detection script checks for a condition, and if found, the remediation script fixes it. This enables ongoing compliance for settings that may drift over time.
Key Points
- Custom OMA-URI for CSP settings not in standard profiles
- OMA-URI requires: CSP path, data type (String, Integer, Boolean), value
- PowerShell scripts run in SYSTEM or user context
- Scripts execute once by default or can be set to run repeatedly
- Proactive remediations: detection + remediation script pairs
- Platform scripts for macOS (shell) and Linux (bash) also supported
Why This Matters in Real Organizations
Custom OMA-URI and PowerShell scripts fill gaps where standard profiles don't cover specific requirements. Proactive remediations ensure ongoing compliance by automatically detecting and fixing configuration drift.
Common Mistakes to Avoid
Interview Tips
- Explain when custom OMA-URI is needed vs standard profiles
- Discuss PowerShell script deployment challenges and solutions
- Describe your experience with proactive remediations
Exam Tips (MD-102)
- Know when to use custom OMA-URI vs Settings Catalog
- Understand PowerShell script execution context (SYSTEM vs user)
- Be familiar with proactive remediation script requirements
Course Complete!
You've finished all lessons