05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.

md at main · MicrosoftDocs/IntuneDocs · GitHub

MicrosoftDocs / IntuneDocs Public

Code Issues 25 Pull requests 3 Actions Projects Security Ins

IntuneDocs / intune / configuration / device-profiles.md

MandiOhlinger 4 years ago

286 lines (172 loc) · 12.5 KB

Preview Code Blame

title description keywords author ms.author manage

Device Overview of MandiOhlinger mandia dougeby

features the different
and Microsoft
settings Intune device
in profiles. Get
Microsoft info on
Intune - features,
Azure | restrictions,
Microsoft email, wifi,
Docs VPN,
education,
certificates,
upgrade
Windows 10,
BitLocker and
Microsoft
Defender,
Windows
Information
Protection,
administrative
templates,
and custom
device
configuration
settings in
the Microsoft
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 1/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

title description keywords author ms.author manage

Endpoint
Manager
admin center.
Use these
profiles to
manage and
protect data
and devices
in your
company.

Apply features and settings on your

devices using device profiles in Microsoft
Intune
Microsoft Intune includes settings and features you can enable or disable on different
devices within your organization. These settings and features are added to
"configuration profiles". You can create profiles for different devices and different
platforms, including iOS/iPadOS, Android, and Windows. Then, use Intune to apply or
"assign" the profile to the devices.

As part of your mobile device management (MDM) solution, use these configuration
profiles to complete different tasks. Some profile examples include:

On Windows 10 devices, use a profile template that blocks ActiveX controls in

Internet Explorer.
On iOS/iPadOS and macOS devices, allow users to use AirPrint printers in your
organization.
Allow or prevent access to bluetooth on the device.
Create a WiFi or VPN profile that gives different devices access to your corporate
network.
Manage software updates, including when they're installed.
Run an Android device as dedicated kiosk device that can run one app, or run
many apps.

This article gives an overview of the different types of profiles you can create. Use these
profiles to allow or prevent some features on the devices.

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 2/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

Administrative templates
Administrative templates include hundreds of settings that you can configure for
Internet Explorer, OneDrive, remote desktop, Word, Excel, and other Office programs.

These templates give administrators a simplified view of settings similar to group-

policy, but they're 100% cloud-based.

This feature supports:

Windows 10 and later

Certificates
Certificates configure trusted, SCEP, and PKCS certificates that are assigned to devices.
These certificates authenticate WiFi, VPN, and email profiles.

This feature supports:

Android
Android Enterprise
iOS/iPadOS
macOS
Windows Phone 8.1
Windows 8.1
Windows 10 and later

Custom profile
Custom settings let administrators assign device settings that aren't built in to Intune.
On Android devices, you can enter OMA-URI values. For iOS/iPadOS devices, you can
import a configuration file you created in the Apple Configurator.

This feature supports:

Android
Android Enterprise
iOS/iPadOS
macOS
Windows Phone 8.1

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 3/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

Delivery optimization
Delivery optimization provides a better experience to delivery software updates. These
settings are replacing the Software Updates > Windows 10 update ring settings.

Use these settings to control how software updates are downloaded to devices in your
organization. For example, you can let users get their own updates, or get updates
using the delivery optimization cloud services in a device profile.

This feature supports:

Windows 10 and later

Device features
Device features controls features on iOS/iPadOS and macOS devices, such as AirPrint,
notifications, and lock screen messages.

This feature supports:

iOS/iPadOS
macOS

Device firmware configuration interface

Device firmware configuration interface (DFCI) allows administrators to enable or

disable UEFI (BIOS) settings using Intune. Use these settings to enhance security at the
firmware-level, which is typically more resilient to malicious attacks.

This feature supports:

Windows 10 1809 and later on supported firmware

Device restrictions
Device restrictions controls security, hardware, data sharing, and more settings on the
devices. For example, create a device restriction profile that prevents iOS/iPadOS device
users from using the device camera.

This feature supports:

Android
Android enterprise
iOS/iPadOS

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 4/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

macOS
Windows 10 and later
Windows 10 Team

Edition upgrade
Windows 10 edition upgrades automatically upgrades devices that run some versions
of Windows 10 to a newer edition.

This feature supports:

Windows 10 and later

Education
Education settings - Windows 10 configure options for the Windows Take a Test app.
When you configure these options, no other apps can run on the device until the test is
complete.

Education settings - iOS/iPadOS uses the iOS/iPadOS Classroom app to guide learning,
and control student devices in the classroom. You can configure iPad devices so many
students can share a single device.

Email

Email settings creates, assigns, and monitors Exchange ActiveSync email settings on the
devices. Email profiles help with consistency, reduce support calls, and let end-users
access company email on their personal devices, without any required setup on their
part.

This feature supports:

Android
Android Enterprise
iOS/iPadOS
Windows Phone 8.1
Windows 10 and later

Endpoint protection
Endpoint protection settings for Windows 10 configures BitLocker and Microsoft
Defender settings for Windows 10 devices.

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 5/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

To onboard Microsoft Defender Advanced Threat Protection (WDATP) with Microsoft

Intune, see Configure endpoints using Mobile Device Management (MDM) tools.

This feature supports:

Windows 10 and later

eSIM cellular - Public preview

eSIM cellular profiles lets administrators configure cellular data plans on your managed
devices for internet and data access. After getting activation codes from your mobile
operator, use Intune to import these activation codes, and then assign to your eSIM
capable devices.

This feature supports:

Windows 10 Fall Creators Update and later

Extensions
Kernel extensions allows administrators to add features or programs at the kernel-level
on macOS devices. Configure these settings to trust all extensions from a specific
developer or partner, or allow specific kernel extensions.

This feature supports:

macOS

Identity protection
Identity protection controls the Windows Hello for Business experience on Windows 10
and Windows 10 Mobile devices. Configure these settings to make Windows Hello for
Business available to users and devices, and to specify requirements for device PINs and
gestures.

This feature supports:

Windows 10 and later

Windows Holographic for Business

Kiosk
Kiosk settings profile configures a device to run one app, or run many apps. You can
also customize other features on your kiosk, including a start menu and a web browser.

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 6/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

This feature supports:

Windows 10 and later

Kiosk settings also available as device restrictions for Android, Android Enterprise, and
ios/iPadOS.

OEMConfig
OEMConfig is a standard that allows OEMs (original equipment manufacturers) and
EMMs (enterprise mobility management) to build and support OEM-specific features in
a standardized way on Android Enterprise devices. With OEMConfig, an OEM creates a
schema that defines OEM-specific management features, and embeds it in an app
uploaded to Google Play. Intune reads the schema from the app, allows Intune
administrators to configure the settings in the schema.

This feature supports:

Android Enterprise (OEMConfig)

PowerShell scripts
PowerShell scripts on Windows 10 devices uses the Intune Management Extension to
upload your PowerShell scripts in Intune, and then run these scripts on your devices.
Also see what's required to use the extension, how to add them to Intune, and other
important information.

This feature supports:

Windows 10 and later

Windows Holographic for Business

Shared multi-user device

Windows 10 and Windows Holographic for Business includes settings to manage
devices with multiple users, also known as shared devices or shared PCs. When a user
signs in to the device, you choose if the user can change the sleep options, or save files
on the device. In another example, to save space, you can create a profile that deletes
inactive credentials from Windows HoloLens devices.

These shared multi-user device settings allow an administrator to control some of the
device features, and manage these shared devices using Intune.

This feature supports:

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 7/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

Windows 10 and later

Windows Holographic for Business

Update policies
iOS/iPadOS update policies shows you how to create and assign iOS/iPadOS policies to
install software updates on your iOS/iPadOS devices. You can also review the
installation status.

For update policies on Windows devices, see Delivery optimization.

This feature supports:

iOS/iPadOS

VPN
VPN settings assigns VPN profiles to users and devices in your organization, so they
can easily and securely connect to the network.

Virtual private networks (VPNs) give users secure remote access to your company
network. Devices use a VPN connection profile to start a connection with your VPN
server.

This feature supports:

Android
Android Enterprise
iOS/iPadOS
macOS
Windows Phone 8.1
Windows 8.1
Windows 10 and later

Wi-Fi
Wi-Fi settings assigns wireless network settings to users and devices. When you assign
a WiFi profile, users get access to your corporate WiFi without having to configure it
themselves.

This feature supports:

Android
Android Enterprise
https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 8/9
05/09/2023 21:01 IntuneDocs/intune/configuration/device-profiles.md at main · MicrosoftDocs/IntuneDocs · GitHub

iOS/iPadOS
macOS
Windows 8.1 (import only)
Windows 10 and later

Windows Information Protection profile

Windows Information Protection helps protect against data leakage without interfering
with the employee experience. It also helps protect enterprise apps and data against
accidental data leaks on enterprise-owned devices and personal devices that
employees use at work. Using Windows Information Protection doesn't require changes
to your environment or other apps.

This feature supports:

Windows 10 and later

Zebra Mobility Extensions (MX)

Zebra Mobility Extensions (MX) allows administrators to use and manage Zebra devices
in Intune. You create StageNow profiles with your settings, and then use Intune to
assign and deploy these profiles to your Zebra devices. The StageNow logs and
common issues is a great resource to troubleshoot profiles, and see some potential
issues when using StageNow.

This feature supports:

Android (Mobility Extensions)

Manage and troubleshoot

Manage your profiles to check the status of devices, and the profiles assigned. Also
help resolve conflicts by seeing the settings that cause a conflict, and the profiles that
include these settings. Common issues and resolutions helps administrators work with
profiles. It describes what happens when deleting a profile, what causes notifications to
be sent to devices, and more.

Next steps
Choose your platform, and get started.

https://github.com/MicrosoftDocs/IntuneDocs/blob/main/intune/configuration/device-profiles.md 9/9