Manage your Windows device in the same directory as your Android, iOS, and Linux devices. Go to Devices & Groups to view all the devices provisioned on your tenant. Then use the filters and views to find the devices you’d like to manage.
In this article:
- Managing Windows Devices with Blueprints
Managing Windows Devices with Blueprints
Blueprints control the desired state of the device. Think of a blueprint as the overarching controller for your device fleets. You can assign any number of devices to a blueprint, and every device is assigned one blueprint at a time. Blueprints are applied to a device when they are converged. Learn more about Blueprints and desired state.
When converging a Windows device to a blueprint, the blueprint converges to all accounts currently on the device.
To create a blueprint, go to Blueprint Manager and select Create Blueprint.
Apps & Configuration
In the blueprint, go to Apps & Configuration and click on the Windows tab.
Multi-app Mode
The Device mode function enables you to switch a device between Multi-App mode and Kiosk mode. When a device is in Multi-App mode, the end user can see and use all the approved apps on the device.
To add an application, click on Add Application.
Choose from the applications in Apps > Esper Windows Apps.
After adding the application, click on its ellipsis to manage its configurations or remove it from the list.
Windows apps added to a blueprint are always in the Show state, meaning they will always be displayed on the device home screen.
Kiosk Mode
To set the device in kiosk mode, ensure that the kiosk app is installed on the device. Then, select Kiosk Mode from the Device Mode dropdown. You’ll be prompted to add the kiosk app when Kiosk Mode is selected. Click on Add Application to add the kiosk app.
Then, enter information associated with the kiosk mode app.
Input the following information:
- Set App Name: The app name. This name does not necessarily have to match the application name on the device.
- Set Installation Path: The path where the application is installed on the device. The application will need to be installed prior to setting the installation path.
- Arguments: Optional arguments for the kiosk application. You can optionally select browser argument defaults for Google Chrome, Mozilla Firefox and Edge.
When a device is set to Kiosk Mode, the device user will need to sign out of the current account and sign into the Kiosk account. If the Kiosk account does not appear after the converge, reboot the device or sign out of the current account.
Once signed into the Kiosk account, complete the device set up to enter kiosk mode. Learn how to switch back to multi-app mode.
About Windows Managed Configurations
You can apply a managed configuration to a Windows MSI applications through a blueprint or via a group. When an MSI app is installed, you have the option to specify custom configurations as command line arguments. These arguments can be defined by your application developer. See Microsoft Standard Installer documentation for more information.
By default, the values are set to '/qn /norestart' which means the application installs silently and without a restart (recommended argument for MSI applications). For Windows applications, overrides apply on the next deployment of the application when the configuration is changed.
Connectivity
In the blueprint, go to Connectivity and click on the Windows tab.
Allow Bluetooth
Enable or disable Bluetooth connectivity on the device.
Wi-Fi Access Points
Add Wi-Fi access points to the device. When the device is in range of the listed network, it will use the credentials to access the network.
Click on Add Wi-Fi Access Point to add the network’s:
- SSID: name of the network.
- Security Type: None or WPA2.
- Hidden status: whether or not the network is hidden.
Once a network is added, click on the ellipsis (...) to edit access credentials or remove the network from the list.
Device Security
In the blueprint, go to Device Security and click on the Windows tab.
Factory Reset
When this is enabled, device users will be able to factory reset and wipe the device, effectively removing Esper management from it. We recommend keeping this disabled in production. This option should only be enabled for testing purposes.
If a device user attempts the Reset this PC option when this option is disabled, a message will appear informing them that the organization's policy doesn't allow it.
Display & Branding
In the blueprint, go to Display & Branding and click on the Windows tab.
Customize Home Screen Wallpaper
Change the device’s home screen wallpaper. Upload a wallpaper that doesn’t exceed 5 MB.
Customize Lock Screen Wallpaper
Change the device’s lock screen wallpaper. Set the lock screen wallpaper to the home wallpaper or upload a wallpaper that doesn’t exceed 5 MB.
After upload, click on See preview to adjust the wallpaper.
Wallpapers are not applied immediately after a converge.
-
Home screen- the wallpaper will appear the next time:
- the user signs into the account
- restarts of the device
- refreshes the device (Windows 11 only)
- Lock screen- the wallpaper will apply the next time the lock screen appears on the device.
Hardware Settings
In the blueprint, go to the Hardware section and click on the Windows tab.
Camera
Allow or prevent access to the device’s camera (if it has one).
Platform Services
In the blueprint, go to the Platform Services section and click on the Windows tab.
Windows Services
Allow Unenrollment from Device
Allow or prevent the device user from unenrolling from device management. When this option is enabled, the device user can unenroll from Microsoft device managed and Esper device management. We recommend keeping this disabled and only enabling it for testing purposes.
If this is disabled, the user will be prevented from removing the work or school account.
Scripts
In the blueprint, go to the Scripts section and click on the Windows tab. Up to 10 scripts may be added a time. Script character limit: 16,600 characters.
Sequential script execution is not guaranteed. Up to five scripts can execute in parallel, meaning their execution order may vary. This limit was chosen to provide the best performance while being mindful of device resources. Design mutually exclusive scripts that don’t rely on the execution order of other scripts for the best results.
Timezone
In the blueprint, go to the Timezone section and click on the Windows tab.
Set the device’s timezone.
Windows device management lets you manage Windows devices alongside Android, iOS, and Linux using Blueprints to define apps, security, connectivity, branding, and system settings in one place. Blueprints enforce a consistent desired state across all your devices supporting diverse use cases. Start managing Windows devices together with your Android, iOS, and Linux fleets for a unified, streamlined device management experience.