deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
Meghana Athavale 59409841d4 Updated
2021-09-28 09:51:15 +05:30

3.8 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.localizationpriority, ms.reviewer, manager
title description ms.author ms.topic ms.prod ms.technology author ms.localizationpriority ms.reviewer manager
Policy CSP - ControlPolicyConflict Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device. dansimp article w10 windows dansimp medium dansimp

Policy CSP - ControlPolicyConflict

ControlPolicyConflict policies

ControlPolicyConflict/MDMWinsOverGP

ControlPolicyConflict/MDMWinsOverGP

Edition Windows 10 Windows 11
Home No No
Pro Yes Yes
Business Yes Yes
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy allows the IT admin to control which policy will be used whenever both the MDM policy and its equivalent Group Policy (GP) are set on the device.

Note

MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs.

This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.

Note

This policy doesn't support the Delete command and doesnt support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1.

The following list shows the supported values:

  • 0 (default)
  • 1 - The MDM policy is used and the GP policy is blocked.

The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that:

  • GP settings that correspond to MDM applied settings are not conflicting
  • The current Policy Manager policies are refreshed from what MDM has set
  • Any values set by scripts/user outside of GP that conflict with MDM are removed

The Policy DDF contains the following tags to identify the policies with equivalent GP:

  • <MSFT:ADMXBacked>
  • <MSFT:ADMXMapped>
  • <MSFT:GPRegistryMappedName>
  • <MSFT:GPDBMappedName>

For the list MDM-GP mapping list, see Policies in Policy CSP supported by Group Policy .

The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to Settings > Accounts > Access work or school > and then click the desired work or school account. Scroll to the bottom of the page to Advanced Diagnostic Report and then click Create Report.

The following list shows the supported values:

  • 0 (default)
  • 1 - The MDM policy is used and the GP policy is blocked.