Back to Course

Intune Level 100 - Microsoft Intune - An overview for Beginners

0% Complete
0/0 Steps
  1. What is modern cloud device management?
    1 Quiz
  2. Differences between various editions of Windows
    1 Quiz
  3. Differences between shared PC and 1:1 PC configurations
    1 Quiz
  4. Configuring Azure AD and Intune for automatic device enrolment
    1 Quiz
  5. Deploying a web app to a security group
    1 Quiz
  6. Deploying a basic device restrictions configuration profile
    1 Quiz
  7. Enrolling a Windows device using Set up School PCs provisioning package
    1 Quiz
  8. Reporting on device inventory
    1 Quiz
Intune Level 100 – Microsoft Intune – An overview for Beginners Deploying a basic device restrictions configuration profile
Section 6 of 8
In Progress

Deploying a basic device restrictions configuration profile

7th December 2022

Aim: Understanding how to deploy a basic device restrictions configuration profile for Windows devices using Microsoft Intune 

Intune configuration profiles contain groups of policy settings, organized by functionality. These settings allow administrators to control a wide range of Windows user and device settings such as: 

  • Allow or block the device camera. 
  • Control access to app store and device settings. 
  • Allow or prevent backing up files to cloud and storage accounts. 
  • Set a minimum password length, and block simple passwords. 
  • Configuring the task bar and Start menu layout. 

Windows device and user settings can be deployed from Intune in a few different ways.  The simplest method is to use the wizard-based configuration profiles based on templates for common settings. 

To deploy a configuration profile, choose the appropriate platform and select a template (for example “device restrictions”) then configure the appropriate settings (such as blocking simple passwords) and finally assign the profile to a security group.  Windows devices that are members of that security group will pick up the settings the next time the device syncs with Intune.  Note that some settings are irreversible once downloaded to the device, so you are advised to test the combination of settings you want to apply to a given device before releasing those changes into production.  If the combination of settings produces unwanted behaviour on your test devices, simply change the settings in Intune, reinstall Windows on those test devices and re-enrol them for further testing. 

Intune configuration profiles such as device restrictions profiles are deployed to Windows using the new Configuration Service Provider (CSP) model.  Intune payloads based on the CSP model are similar to Group Policy client-side extensions (CSE) but unfortunately there is not a one-to-one correlation between CSP and CSE settings, which means you can’t “lift and shift” your existing settings from Group Policy Objects directly to Intune. 

Related: 

Section Content