Local MDM command testing

Open Mobile Alliance Uniform Resource Identifier (OMA-URI) commands serve a crucial role in the configuration of clients by Mobile Device Management (MDM) systems, like Microsoft Intune. They interact with Configuration Service Providers (CSP) located on the windows device to perform this configuration function. Understanding how these elements work together is vital for those working in device management or IT support roles. But how can you test or debug these commands to ensure they’re performing optimally? This is where you can use the LocalMDM PowerShell module – Developed by Michael Niehaus. It is a PowerShell module designed to test OMA-URI commands locally. It offers an environment where you can experiment with, debug, and understand these commands better without the risk of altering the live settings of an MDM system. This post will guide you through the process of installing and using this module from the PowerShell gallery.

Installing the LocalMDM PowerShell Module

The LocalMDM PowerShell module has been conveniently published in the PowerShell gallery, making its installation a straightforward process.

To install the module, follow these steps: Launch PowerShell from the Start menu or by searching for it in Windows. Once PowerShell is open, input the following command:

Install-Module -Name LocalMDM

Press Enter to execute the command. PowerShell will then install the LocalMDM module from the gallery. It’s important to note that you may need to run PowerShell as an administrator for the installation to be successful or you need to add „-scope CurrentUser“ to the command to install the module only for your user.

Testing local OMA-URI commands

Now that we have the module installed on a system we can start to try some OMA-URI commands locally to see how they change configurations.

Simple GET command to extract the Autopilot Hardware Hash

Send-LocalMDMRequest -OmaUri "./DevDetail/Ext/DeviceHardwareData"

Simple POST command to disable the Animation on a users first logon

Send-LocalMDMRequest -OmaUri "./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnableFirstLogonAnimation" -Cmd Replace -Data "0"

You can find many CSP URLs on the Microsoft Learn page: https://learn.microsoft.com/en-us/windows/client-management/mdm/. And you for your knowledge if you create an Intune configuration profile from a template or the settings catalog it will trigger the CSP for this setting on the device to configure the setting that you defined in the Intune configuration profile.

Conclusion The LocalMDM PowerShell module is a valuable tool for anyone who needs to test OMA-URI commands. By providing a local environment for experimentation and debugging, it allows users to gain a deeper understanding of how these commands interact with Configuration Service Providers. This knowledge can be invaluable for troubleshooting and optimizing MDM systems. Also it enables you to quickly try OMA-URI configurations without the need of waiting for a configuration profile to apply to a device.

Whether you’re a seasoned IT professional or just starting in the field, the LocalMDM PowerShell module is worth trying out. By delving into its features and capabilities, you can enhance your skills and understanding of MDM systems and OMA-URI commands. Remember, the best way to learn is by doing, and with this module, you have a safe sandbox to play, test, and learn. So, give it a shot and explore the world of OMA-URI commands like never before. Credits and thanks to Michael Niehaus for the development and contribution of the module to PowerShell Gallery so that we can use this great module. Check out Michael´s post to the module HERE to get more insights of the script.