Let’s Explore Intune Windows Configuration Policies

Microsoft Intune Policies – Windows Configuration

We’ve covered Intune in previous posts, but a lot has been added since we last talked about it, especially around policies. You can now have separate policies for iOS, Android, Mac OS X, and Windows. You can also have software policies, as well as designate a set of common mobile device settings.

In this post, we are going to cover Windows client configuration policies. Be sure to come back over the coming weeks for posts about the other types of policies.

Windows 10 General Configuration


The Windows 10 General Configuration template has common settings that you would define for all devices. First, like anything, you will want to name your policy. There are five categories for this template – security, cloud, applications, device capabilities, and updates.


Security is broken down into three sections. The first, password, contains settings for local account passwords. Here is how I would configure this setting. Configure it to meet your organizational requirements. Your domain password policy would be a good place to start.


Next is encryption. The only setting here is whether or not to force devices to be encrypted. I would suggest not setting this. There are several constraints on this, such as hardware specifications. Also, the recovery key is saved to the user’s Microsoft Account, and you as the admin cannot recover it. For more details, see the encryption section of this TechNet article: https://technet.microsoft.com/en-us/library/mt147409.aspx.

The next section is system. You can configure the first and third options to fit your company policy. I would suggest setting option two to “No”, which will prevent users from unrolling their devices. Also, option four should be set according to your policy of shipping information to Microsoft. I set my policy to basic.

Remaining Sections

The rest of the sections are purely up to your company policy. I would pay attention to the updates section. Here you can deny your users the ability to install pre-release features. I would suggest this for your regular users.

Windows 10 Custom Configuration

I’m not going to spend a lot of time on this, other than to walk through adding a setting. There are hundreds of possible settings. A full list can be found here: https://technet.microsoft.com/en-us/library/mt126215.aspx.

To create a custom policy, select “Custom Configuration (Windows 10 Desktop and Mobile and later)” when you add a new policy. Give your policy a name, and click the “Add” button.

I am going to show disabling WiFi Sense as an example. Here’s the row from the table from the TechNet article listed above. The important parts are boxed in red with corresponding numbers:


When you add a OMA-URI setting, give it a name a description. Here is the mapping from the table above:


These values will match up with the settings defined in the table from TechNet.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.