Intune/Autopilot Free lab: Part 4 - Apply your configuration


In this post, we will see how to apply some of your company configuration to your devices (background, lockscreen, start menu...)

This is the fourth part of my blog series about how to create your own Intune\Autopilot lab for free
- Part 1: Intune Configuration
- Part 2: Autopilot in action
- Part 3: Manage your devices

Now we will see the below cases:
- What is a Device Configuration profile 
- What you can do with them
- How to deploy them
- Device restictions or OMA-URI ?
- Apply lockscreen
- Apply background
- Configure power options
- Prevent access on control panel part
- Apply start menu

Device Configuration profile 
What is Configuration profile 
Configuration profiles allows you to apply features and settings on your devices.
Those profiles allows you to achieve, for example the tasks below:
- Allow or prevent access to bluetooth on the device.
- Create a WiFi or VPN profile that gives different devices access to your corporate network.
- Apply a start menu, background or lockscreen
- Block access to control panel part, like update, network...

To get more informations about profiles see this link.

What you can do with them ?
There are many type of Configuration profile,as you can see below:
- Administrative templates
- Certificates
- Custom profile (OMA-URI)
- Delivery optimization
- Device features
- Device firmware configuration interface
- Device restrictions
- Edition upgrade
- Education
- Email
- Endpoint protection
- Identity protection
- Kiosk
- OEMConfig
- PowerShell scripts
- Shared multi-user device
- Update policies
- VPN
- WiFi
- Windows Information Protection profile




Administrative templates
This kind of profile allows you to configure settings on your devices from some template.
For now there are three kind of administrative templates:Windows, Office, Edge

1. For instance, select Windows.
2. As you can see, many, many options are available for user and device.
3. In the search bar, type powershell.
4. See below the administrative template that exists for PowerShell

5. Click on it
6. You can then choose yo enable or disable this settings.

See below another template sample:
1. In the search bar, type power.
2. See below the administrative template that exists for managing power options

3. Click on of them
4. You can then choose yo enable or disable this settings.

Device restrictions
This kind of profile allows you to configure settings on your devices from some template.
- App store
- Control Panel and Settings
- Display
- Lock screen
- Network proxy
- Password
- Personalization

See below what kind of settings you can configure depending of the settings category.

Control panel and settings

Display

Lock screen

Network proxy

Printer

Power Settings

Custom (OMA-URI)
What is OMA-URI ?
Custom settings, also  called OMA-URI, allows you to set configuration.
This kind of settings is useful when the setting you want to apply does not exist in Device Restrictions or Administrative Templates...
It can be applied on two scope, like GPO: Devices or Users.

How to find your OMA-URI setting ?
You can find a list of existing CSP here
This explain how to use CSP settings.
As with GPO, you can apply a setting on both scope: User or Device.
As mentioned above we will use links below to configure a settings depending of the scope:
./User/Vendor/MSFT/Policy/Config/AreaName/PolicyName 
./Device/Vendor/MSFT/Policy/Config/AreaName/PolicyName

You will have to find the appropriate AreaName and PolicyName.

To check a specific settings just type the key word in the search bar.
For instance type Power to search appropriate CSP to manage Power Settings.
See this link for power settings CSP. 
For instance the PolicyName to manage action when lid is closed on battery is: SelectLidCloseActionOnBattery.

In this part we have: 
- AreaName is Power
- PolicyName is SelectLidCloseActionOnBattery

See below the full CSP link for device scope:
./Device/Vendor/MSFT/Policy/Config/Power/SelectLidCloseActionOnBattery

See below available values:
- 0: Take no action
- 1: Sleep
- 2: System hibernate sleep state
- 3: System shutdown

Device restictions or OMA-URI ?
You can apply settings using different ways.
For instance to set power settings, you can use Device restrictions as well as Custom (OMA-URI) profile.
Microsoft recommends to use Device restrictions or Administrative templates before using OMA-URI meaning you should use OMA-URI for settings that does not exist in other profile type.

How to apply a configuration profile
This works in four steps:
- Add a configuration profile
- Set the configuration to apply
- Save the configuration profile
- Assign it to a group

Applying a profile to a device can be achieved in two steps:
- Create the profile
- Assign the profile to a device or a group

Create the profile
1. Go to Intune
2. Go to Device Configuration
3. Go to Profiles
4. Click on Create profile
5. Type a profile name
6. Type a profile description, if needed
7. Select a platform among those one below

8. Select a profile type (we will see them later)

9. Click on Create

Assign the profile
Once the profile has been created, to assign it to your devices, proceed as below:
1. On your profile page, click on Assignments
2. Select your group
3. Click on Save

So far, we have seen what is a device configuration profile and how to apply them.
Now let's see some configuration profiles examples.

Apply lockscreen
Using Device Restrictions
1. Create a new profile called Configure lockscreen
2. In Profile type, select Device restrictions
3. Click on Locked Screen Experience

4. Type the URL of your lockscreen in the textbox

5. Click on OK twice
6. Cick on Create
7. Assign the profile

Using Custom (OMA-URI)
1. Create a new profile called Configure lockscreen (OMA)
2. In Profile type, select Custom
3. Click on Add
4. Set settings as below:

- OMA-URI: ./Vendor/MSFT/Personalization/LockScreenImageUrl
- Data type: String
- Value: link to your picture

5. Click on OK twice
6. Cick on Create
7. Assign the profile

Apply Background
Using Device Restrictions
1. Create a new profile called Configure background
2. In Profile type, select Device restrictions
3. Click on Personalization

4. Type the URL of your background in the textbox

5. Click on OK twice
6. Cick on Create
7. Assign the profile

Using Custom (OMA-URI)
1. Create a new profile called Configure background (OMA)
2. In Profile type, select Custom
3. Click on Add
4. Set settings as below:

- OMA-URI: ./Vendor/MSFT/Personalization/DesktopImageUrl
- Data type: String
- Value: link to your picture

5. Click on OK twice
6. Click on Create
7. Assign the profile

Configure Power Options
Using Device Restrictions
1. Create a new profile called Configure Power Options
2. In Profile type, select Device restrictions
3. Click on Power settings

4. We will set settings as below:

5. Click on OK twice
6. Cick on Create
7. Assign the profile

Using Custom (OMA-URI)
1. Create a new profile called Configure Power Options (OMA)
2. In Profile type, select Custom
3. Click on Add
4. Set settings as below:

- OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Power/SelectLidCloseActionOnBattery
- Data type: Integer
- Value: 1 (for sleep mode)

5. Click on OK twice
6. Click on Create
7. Assign the profile

Control Panel restrictions
1. Create a new profile called Configure Control Panel restrictions
2. In Profile type, select Device restrictions
3. Click on Control Panel and Settings 

4. We will set settings as below:

5. Click on OK twice
6. Cick on Create
7. Assign the profile

Start menu
In this example I have customize my start menu and exported it to an XML format.
To see more about this, see this link.

1. Create a new profile called Configure SD Start menu
2. In Profile type, select Device restrictions
3. Click on Start 
4. Click on the browse button and select th XML file

5. Click on OK twice
6. Click on Create
7. Assign the profile

Share this

Related Posts

Previous
Next Post »