Microsoft Endpoint Manager – Configuration Policies Overview

With Microsoft Intune you can manage hundreds of settings and features on Windows 10 enrolled into Intune. We call these group of settings you can deploy “configuration profiles”. You can create configuration profiles and assign them on different groups of devices or users. These restrictions give you a granular control of your company environment and protect access to company data.

Let me do a quick overview on how it works in Intune and what you can configure.

First, there is a list of profiles you can configure:

  • Administrative templates
  • Custom
  • Delivery Optimization
  • Device firmware
  • Device restrictions
  • Domain join
  • Edition upgrade and mode switch
  • Email
  • Endpoint protection
  • Identity protection
  • Kiosk
  • Microsoft Defender for Endpoint
  • Network boundary
  • PKCS certificate
  • PKCS imported certificate
  • SCEP certificate
  • Secure assessment (Education)
  • Shared multi-user device
  • Trusted certificate
  • VPN
  • Wi-Fi
  • Windows health monitoring

What is the difference between Templates and Settings catalog?

Settings catalog is a list of all available settings in Intune that contains thousands of settings. Settings catalog is very helpful when you want to create a policy from scratch. They are grouped by categories:

Template is a group of settings organized by functionality such as VPN, certificates, device restrictions, etc.:

If you are familiar with Active Directory GPOs, you can find Administrative Templates very similar to GPOs:

With Administrative Templates you can configure thousands of settings that controls Microsoft Office, Microsoft Edge, Control Panel, printers, and many other Windows components.

I will explain in detail Settings Catalog and Administrative templates in the next blogs. In this blog let me show you how to create the very basic configuration profile.

Go to DevicesWindowsConfiguration profiles and click Create profile. Then choose a platform –  Windows 10 and later and Profile typeTemplates. Then choose Template nameDevice restrictions and click Create:

Provide a name of configuration profile and click Next. Go to Control Panel and Settings and block Power and sleep settings modifications, Gaming and Privacy:

Go to General section and block Manual unenrollment:

Then click on Power Settings section and configure settings for Battery and Plugged in:

Click Next. On the next page we need to configure an assignment. Click Add group under Included groups

and choose a group of users you want to assign this policy on:

Click Select, then Next. On Applicability Rules page click Next, then Create.

After syncing policies from Intune lets check our restrictions. Log on the user device and open Settings. As you see Privacy and Gaming are blocked:

In MEM console go to WindowsConfiguration profiles and click on profile we have created:

At the top of the page, you see a status of your profile:

Click on View Report:

If you click on affected computer name it shows additional information with a status of every setting we configured:

In the next blogs I will show you how to manage more complex policies! In the meantime, reach out to us via Email or Phone with any questions. Our experts are online to help!

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=