Azure servicesMicrosoft Entra ID

Step-by-Step Guide: How to standardize Desktop devices using Microsoft Intune Device configuration Profiles?

In my previous blog post, I have explained how we can apply Microsoft security settings to corporate devices using Intune Security Baselines (http://www.rebeladmin.com/2019/08/step-step-guide-apply-security-baselines-windows-10-devices-using-microsoft-intune/). We can apply similar settings to on-premises devices via group policies. Apart from security settings, we use group policies to standardize device configurations in on-premises environments. As an example, we can block user access to control panel settings by using group policy.

Microsoft Intune Device configuration Profiles allow us to push similar desktop settings to cloud-managed (Azure AD + Intune) devices. This allows organizations to maintain granular control over device settings. In this demo, I am going to demonstrate how to set up and apply Microsoft Intune Device configuration Profile

Device configuration Profiles can use to standardize Android, iOS, macOS, Windows Phone 8.1, Windows 8.1, Windows 10 devices. 

You need to have your devices enrolled with Intune to use this feature. You can find more info about device enrollment using my previous blog posts http://www.rebeladmin.com/2018/11/step-step-guide-enroll-windows-10-devices-microsoft-intune-using-autopilot/ 

In my demo environment, I have Azure AD joined & Intune enrolled windows 10 device called W2003.

Using device configuration profiles, I am going to,

Disable user access to Control Panel Settings

Push corporate proxy server settings to IE (server IP 10.10.10.10 with port 8080)

To do that, 

1. Log in to Azure Portal (https://portal.azure.com) as Global Administrator and go to All services | Intune or else log in to Intune device management portal directly via https://devicemanagement.microsoft.com 

2. Then click on Device configuration | Profiles 

3. In the profiles page, click on + Create profile

4. In the new window, provide a name for the policy. Also, we can provide a policy description for easy management. 

5. Under the Platform, select Windows 10 and later

6. Then on the Profile type select Device restrictions 

7. From the settings list, click on Control panel & Settings. This shows the available configurations for control panel settings. I like to block access to control panel settings completely. So, I set Settings app to Block. Then click on OK to apply settings. 

8. To apply proxy settings, click on Network proxy. Then change Use manual proxy server to Allow and define the proxy settings. At the end click OK to apply settings. 

9. Click OK again to return to the main profile settings. 

10. Then click on Create to set up the profile. 

11. Once the profile is setup, click on Assignments to define the target. 

12. You can apply the profile easily to All users, All devices or All users & devices by using Assign to the setting. But if you have a specific target, you can use Select group to include option. In my demo, I am applying this to the sales & marketing group. You also can use Exclude option to exclude groups from the target. 

13. Once the selection is done click on Save to apply the changes. 

14. Then after a few minutes, the profile kicks in and when I log in to the PC, I can't access control panel settings anymore. 

15. I also can see the new proxy settings as expected. 

16. Also, when we go to device settings on Intune portal, we can see the applying device configurations profiles under Device configuration page. A device can have multiple device configuration profiles. 

I hope now you have a better understanding of Device configuration profiles and how it works. This marks the end of this blog post. If you have any further questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Related posts
Microsoft Entra ID

Step-by-Step: Enabling MFA for Azure Administrative Portals via Microsoft Entra ID Conditional Access

As per the recent Microsoft Digital Defense Report 2023 (available at…
Read more
Azure services

Microsoft Entra Permissions Management – Part 01 – Azure Subscription Onboarding

Today’s rapidly changing digital landscape creates new identity and access challenges. Microsoft…
Read more
Microsoft Entra ID

Step-by-Step Guide to Azure AD PIM and Conditional Access Integration (Public Preview)

In privilege identity management, we can enforce MFA verification during the activation process.
Read more
Newsletter
Become a Trendsetter

Sign up and get the best of RebelAdmin, tailored for you.

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *