How to configure ADMX Backed Policies

Today we are going to discuss ADMX Backed Windows 10 policies with Intune.

After reading this article you will be able to configure ADMX backed policies yourself.

Nowadays, most industries are moving to cloud technologies with MDM solutions. A good example of cloud-based solutions is Microsoft Intune. It is quite a challenge to set up on-premises domains on Windows 10 devices. The reason is that the configuration environments for Intune and GPO are slightly different.

While transitioning from on-prem to cloud, environments must have at least the same capabilities. Another condition is that Microsoft Intune must include components syncing with GPO.

Although, there are thousands of settings available in Intune, unfortunately, they still do not cover all settings for Windows 10 devices.

Apparently, some settings are unavailable on the GUI. To fix this issue, Intune provided an option to configure a custom profile that can target the exact CSP using an OMA URI policy.

The supported CSPs for Intune can be found in the documentation:

New ADMX Backed Policies

To resolve the above issue, Microsoft has launched 647 new MDM policies across 56 ADMX files for the Windows 10 Insider Preview Build.

Intune solutions rely on the Open Mobile Alliance Device Management (OMA-DM) protocol to exchange data using XML-based (SyncML) format. Now it is possible to import any ADMX file straight into Intune. This is almost like traditional Group Policy in the cloud.

The available ADMX policies are located in the Windows 10 devices, in the folder C:\Windows\PolicyDefinitions. Though, some ADMX files are not supported. To get an overview of the (current) supported settings you can refer to the Windows blog post.

The following method shows how to ingest ADMX backed policy to Intune.

Create a Custom Windows 10 policy

Creating custom windows ADMX policies stands for creating a Custom OMA-URI. 

Open Endpoint Manager

Navigate to Devices>Windows>Configuration Profiles> Click +Create Profile>Select Windows 10 and Later as Platform> In the Profile dropdown list select Custom and Create.

Configuration Profiles

The below image shows OMA URI settings.

OMA URI settings

In the OMA URI settings fill the required fields as mandatory.

In the “Name” field give the meaning “full name” that identifies the policy.

Description (optional) – describe the policy.

OMA-URI ingest the ADMX policy

Ingest the custom ADMX through the Policy CSP, here ingesting means copy/paste. 

To ingest an ADMX file we must use the following format:

./{user or device}/Vendor/MSFT/Policy/Config/{AreaName}/{PolicyName}




Here the Device or user refers to the policy is going to apply user context or device context.

Apply the settings we want to enforce.

 The below example shows the OMA-URI for configuring time zone, in the device context

And the Value used is String format. And the value is “India Standard Time”.


The below reference image shows the time zone of the device and makes the change work.

Date and time ADMX backed policies

Note: all available time zones are also listed in the registry in the key

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones.

The time zone configuration is stored in the Windows registry in the HKEY_LOCAL_MACHINE hive. The exact registry key is:


The time zone settings consist of multiple values as seen in the screenshot below.

Registry Editor ADMX policies


Enter the above policy in the OMA-URI filed and provide the required value as string format “India Standard Time”.

Review and save the window. Assign the policy to the device group.

Windows ADMX screenshot 1
Windows ADMX screenshot 2

Once the device gets the policy downloaded it changes the registry value as mentioned.

The device now will show the behavior according to the settings pushed from Intune.

One important thing to note here is that, if the value for a node is set and the device is unenrolled, the value will not be changed.

The setting remains with the device until an external policy changes it using GPO, Intune, etc. Another option is that it can be changed manually by a local admin.

All the policy CSP information can be found in:

This was a bite on how we can configure a custom profile using Intune. Thank you for your attention. We hope , that this information was useful for you.

About the Author Ritesh Jangir

Author is Bachelor of Technology in Electronics & Communication graduate in 2013 and have made the career establishment precisely in the field of Cloud IT infrastructure. Got associated with the Microsoft technologies right from the bottom of the ladder as Help desk operator. Working for Microsoft support with Convergys gave an end to end insight on Microsoft Intune and SAAS based technologies. Further worked for multiple clients to migrate their device management strategies from on-prem to cloud mostly Intune and AirWatch (VMware Workspace ONE). Worked with HCL and now with ITC infotech as Intune consultant for planning and implementation of device management for one of the biggest Beer manufacturing company globally.

follow me on: