Share via

Intune OMA-URI: Collecting Registry Values as Extension Attributes for Dynamic Group Assignment

Shaun Silli (Admin) 0 Reputation points
2025-02-21T02:58:50.7166667+00:00

Issue:

I'm trying to configure a custom OMA-URI policy in Intune to retrieve registry values (specifically Processor Type and Device Serial Number) and store them as Extension Attributes for use in dynamic group assignments and device management.

What I’ve Done So Far:

  1. Registry Keys Exist & Are Readable by SYSTEM
  • I’ve created registry keys at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneCustom
  • Using PowerShell, I confirmed that SYSTEM (which Intune runs as) has Full Control and can read these values:
    • Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\IntuneCustom" | Select-Object DeviceSerialNumber, ProcessorType

Output:

DeviceSerialNumber : ****** # Obfuscated value for this post, but is the correct value
ProcessorType      : AMD64
  1. Configured Custom OMA-URI Settings in Intune
  • Processor Type:
    • ./Device/Vendor/MSFT/Registry/LocalMachine/SOFTWARE/Microsoft/IntuneCustom/ProcessorType
    • Device Serial Number:
    • ./Device/Vendor/MSFT/Registry/LocalMachine/SOFTWARE/Microsoft/IntuneCustom/DeviceSerialNumber

Data Type: String

Value: Set to a placeholder (as Intune UI requires input).

  1. Checked SyncML Logs
  • Intune sends a request to retrieve the values, but they aren’t appearing as Extension Attributes.
    • No clear error message in logs.

Issue / What’s Not Working:

  • The OMA-URI policy applies, but Intune doesn’t seem to retrieve the registry values.
    • No clear error messages indicating why.
    • Registry keys exist and are accessible, so this doesn’t appear to be a permissions issue.

Questions for the Community:

  1. Has anyone successfully used OMA-URI to pull registry values into Intune as Extension Attributes?
  2. Are there alternative registry paths that work better for this?
  3. Is there a known limitation with Intune reading registry values via OMA-URI?

Any guidance or troubleshooting steps would be greatly appreciated! 🚀

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
2,011 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Xenia-MSFT 4,830 Reputation points Microsoft Vendor
    2025-02-21T06:42:18.6666667+00:00

    @Shaun Silli (Admin) Thanks for posting in our Q&A.

    Honestly, I'm not familiar with using OMA-URI to pull registry values into Intune as Extension Attributes. The forum is an open platform. Let's wait for someone else share some helpful information.

    Based on my search, there is no information about "Registry CSP" under Policy CSPs article.

    In the official article, extension attributes can be synced from on-premises Window Server Active Directory or updated using Microsoft Graph.

    https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership#extension-properties-and-custom-extension-properties

    And here is the example that add extension attributes via Graph:

    https://intunestuff.com/2023/11/28/how-to-add-extension-attributes-for-aad-devices/

    Note: Non-Microsoft link, just for the reference.

    Maybe you can add extension attributes via PowerShell scripts.

    What I know is limited, hope the above information will help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.