Quite some time ago now, I published the SyncML Viewer to monitor the MDM protocol between a Windows client device and the Microsoft MDM backend (Intune). In the meantime, Microsoft brought to life the Microsoft Managed Platform Cloud (MMP-C) and uses the so-called Declared Configuration protocol which is still using the underlying OMA-DM SyncML protocol. The Declared Configuration protocol requires the device to be separately enrolled. As the name implies it is using a desired state model which is different from the normal OMA-DM MDM protocol. The Declared Configuration CSP will get the complete settings package (setting names and values) for the specific scenario and is then responsible for handling and maintaining it. It is a secure and low latency protocol and therefore very efficient for both sides, client and server. It is currently used with the Endpoint Privilege Management policies in Intune and probably also be used for other scenarios in the future.
Apple announced Declarative Device Management (DDM) in 2023 as well and uses a comparable approach which lists similar advantages.
So, the new way of handling settings will bring shorter reaction times as the sync is way more efficient (can be seen easily in the sync times with the tool) and it will also lower the processing power needed on the server side, which means in a global MDM service run by Microsoft or by Apple it will allow these vendors to scale better.
To support the new functionality in SyncML Viewer and to have a look into the data exchanged by the Declared Configuration protocol, I added support in the SyncML Viewer to trigger and monitor the new protocol.
As you can see there is a new button (MMP-C Sync) enabled to sync a device which is enrolled into the MMP-C. This will capture (as known from the normal MDM sync) the exchanged SyncML messages for the Declared Configuration protocol (remember Declared Configuration protocol still uses underlying SyncML protocol, that’s why we can easily capture it with the same method already implemented in the tool).
To enhance reading experience with the tool I added small little helpers like support for word wrapping and an option to show all characters:
In addition to this I added a message size (length) indicator. This is helpful when messages are getting truncated as the ETW buffer is limited to 64KB. So, you can easily identify if there is missing data due to buffer overflow. Also, a small jump-to-top link is now available on the right:
By request of my fellow MVP Rudy Ohms (aka @Mister_MDM) I added a Base64 decode action which can be used to translate selected Base64 text to cleartext. It is reachable via menu or via shortcut ALT + A, B.
It will translate the text and show it in a message box:
The text is best effort parsed for json content to be displayed nicely (instead of a json one liner). The result is automatically copied to the clipboard for further processing in other tools (look at the message box headline).
Content which is not word wrapped supports also rectangular selection by holding down ALT key:
As a shortcut I added options to open folders often used during the analyzing session:
And finally, I added both the Enrollment ID under MDM Diagnostics:
I hope you like the small enhancements. If there are bugs, issues or suggestions please use my GitHub repo to open issues for the tool. It is found here:
The project is maintained on GitHub here:
https://github.com/okieselbach/SyncMLViewer
Here a direct link to the zip archived program:
https://github.com/okieselbach/SyncMLViewer/tree/master/SyncMLViewer/dist
If you are curious now about all the MMP-C stuff, I really recommend checking out Rudy’s blog, he dissects every bit and byte and dives deep into the architecture. Always a great resource and very entertaining to read. I can really recommend his content on https://call4cloud.nl
Happy decoding and analyzing for ya all!
Modern IT - Cloud - Workplace 
Fantastic stuff, thanks very much for your hard work on this 👍