Overview
This guide walks administrators through deploying custom Windows Start menu and Taskbar layout policies to managed devices using Mobile Guardian.
These layout policies are deployed by leveraging the integrated connection with Microsoft Endpoint Manager (Intune) and Mobile Guardian, allowing you to ensure a standardized, controlled user interface across all managed Windows 10/11 devices.
What will you learn:
- The mechanism (XML configuration) used to deploy unique Windows policies with Mobile Guardian.
- The steps required in the Mobile Guardian Console to apply the custom Start menu and Taskbar layout.
- How to maintain visual and functional consistency for end-users.
Prerequisites
To successfully deploy custom Windows Start Menu and Taskbar policies, ensure the following is in place:
- Administrative Access: You must have a user role with permissions to deploy Configuration Profiles within the Mobile Guardian console.
- Microsoft Entra ID and Microsoft Endpoint Manager (Intune) Integration: Windows device management relies on this connection for policy deployment.
- XML Layout File: You must have a pre-configured XML file defining your desired Windows Start Menu and Taskbar layout.
- Target Devices: Devices must be enrolled Windows 10/11 Pro or higher.
Deployment Method: Custom XML Configuration
Mobile Guardian supports advanced Windows configurations, like the Start Menu and Taskbar layout policies, by enabling the import of custom settings. This process utilizes a prepared XML file that defines the desired layout, which is then deployed through a Configuration Profile.
This approach is consistent with how other unique Windows Policy Restrictions are applied via the Mobile Guardian/Intune connection.
Step-by-Step Configuration
This process requires creating a Configuration Profile in the Mobile Guardian console and uploading your prepared XML file.
Step 1: Obtain your Start Menu/Taskbar Layout XML file:
I. Generate the layout file on a reference Windows device using the Microsoft Export-StartLayout PowerShell cmdlet.
II. Verify the XML structure is correct and includes the desired pinned apps and taskbar settings.
Step 2: Navigate to the Mobile Guardian Console:
I. Go to Profiles & Configurations and select the appropriate Mobile Guardian Windows device group or profile.
II. Create or Edit an existing Configuration Profile for your Windows devices.
Step 3: Configure the Policy Settings:
I. Locate the Windows Policy Restrictions or Custom Configuration section within the profile (often labeled 'XML Import' or 'Custom OMA-URI').
II. Upload or Paste the content of your Start Menu/Taskbar Layout XML file into the designated field.
III. Save the Configuration Profile.
Step 4: Review Policy Assignment:
I. Ensure the profile is assigned to the correct Microsoft Entra ID groups containing the target Windows devices.
II. Confirm the policy has been successfully pushed and applied via the Intune console.
Windows Policy Deployment Reference
Mobile Guardian manages unique Windows policies by leveraging its integration with Microsoft Intune for configuration profiles. This method is consistent for other complex device restrictions.
| Policy Type | Deployment Mechanism | Mobile Guardian Feature Matrix Reference |
| Start Menu & Taskbar Layout | Custom XML deployed via Configuration Profile | Start Menu and Taskbar Layout Policies |
| Application Access Restrictions | XML or Configuration Profile setting | Application allowed list, Application block list |
| Device Restrictions | XML import or dedicated setting | Configure Windows Policy Restrictions (XML import) |
| Device Security (e.g., Passcode) | Configuration Profile setting | Passcode policy enforcement |
| Peripheral Control | Configuration Profile setting | Block use of camera by applications |
Impact and Confirmation
Implementing a Windows Autopilot enrollment process provides rapid, centralized deployment and management control.
- Impact on Consistency: The required applications and tools are prominently displayed in the Start menu and Taskbar, reducing the time spent by users searching for applications and minimizing IT support requests.
- Confirmation: The new layout will be visible on the assigned Windows devices after they sync with Microsoft Endpoint Manager. This confirms the Mobile Guardian Configuration Profile successfully pushed the custom XML policy to the target devices.