Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Windows 10/11 device settings to allow or restrict features using Intune
In this articleNote Intune may support more settings than the settings listed in this article. Not all settings are documented, and won’t be documented. To see the settings you can configure, create a device configuration profile, and select Settings Catalog. For more information, see Settings catalog. This article describes some of the settings you can control on Windows client devices. As part of your mobile device management (MDM) solution, use these settings to allow or disable features, set password rules, customize the lock screen, use Microsoft Defender, and more. These settings apply to:
These settings are added to a device configuration profile in Intune, and then assigned or deployed to your Windows client devices. Note Some settings are only available on specific Windows editions, such as Enterprise. To see the supported editions, refer to the policy CSPs (opens another Microsoft web site). In a Windows 10/11 device restrictions profile, most configurable settings are deployed at the device level using device groups. Policies deployed to user groups apply to targeted users. The policies also apply to users who have an Intune license, and users that sign in to that device. Before you beginCreate a Windows 10/11 device restrictions profile. App StoreThese settings use the ApplicationManagement policy CSP, which also lists the supported Windows editions.
Cellular and ConnectivityThese settings use the connectivity policy and Wi-Fi policy CSPs, which also list the supported Windows editions.
BluetoothThese settings use the Bluetooth policy CSP, which also lists the supported Windows editions.
Cloud and StorageThese settings use the accounts policy CSP, which also lists the supported Windows editions. Important Blocking or disabling these Microsoft account settings can impact enrollment scenarios that require users to sign in to Azure AD. For example, you're using Autopilot pre-provisioned (previously called white glove). Typically, users are shown an Azure AD sign in window. When these settings are set to Block or Disable, the Azure AD sign in option may not show. Instead, users are asked to accept the EULA, and create a local account, which may not be what you want.
Cloud PrinterThese settings use the EnterpriseCloudPrint policy CSP, which also lists the supported Windows editions.
Control Panel and Settings
DisplayThese settings use the display policy CSP, which also lists the supported Windows editions. GDI DPI scaling enables applications that aren't DPI aware to become per monitor DPI aware.
You can also Import a .csv file with the list of apps. GeneralThese settings use the experience policy CSP, which also lists the supported Windows editions.
Locked screen experience
MessagingThese settings use the messaging policy CSP, which also lists the supported Windows editions.
Microsoft Edge Legacy (Version 45 and older)These settings use the browser policy CSP, which also lists the supported Windows editions. Use Microsoft Edge kiosk modeThe available settings change depending on what you choose. Your options:
This device restrictions profile is directly related to the kiosk profile you create using the Windows kiosk settings. To summarize:
Important Be sure to assign this Microsoft Edge profile to the same devices as your kiosk profile (Windows kiosk settings). ConfigureKioskMode CSP Start experience
Favorites and search
Privacy and security
Additional
Network proxyThese settings use the NetworkProxy policy CSP, which also lists the supported Windows editions.
PasswordThese settings use the DeviceLock policy CSP, which also lists the supported Windows editions.
Per-app privacy exceptionsAdd apps that should have a different privacy behavior from what you define in "Default privacy".
Exceptions
PersonalizationThese settings use the personalization policy CSP, which also lists the supported Windows editions.
Printer
PrivacyThese settings use the privacy policy CSP, which also lists the supported Windows editions.
You can configure information that all apps on the device can access. Also, define exceptions on a per-app basis using Per-app privacy exceptions. Exceptions
ProjectionThese settings use the WirelessDisplay policy CSP, which also lists the supported Windows editions.
Reporting and telemetryFor information about recent changes for Windows Telemetry, see Changes to Windows diagnostic data collection.
SearchThese settings use the search policy CSP, which also lists the supported Windows editions.
StartThese settings use the start policy CSP, which also lists the supported Windows editions.
Microsoft Defender SmartScreen
Windows SpotlightThese settings use the experience policy CSP, which also lists the supported Windows editions.
Microsoft Defender AntivirusThese settings use the defender policy CSP, which also lists the supported Windows editions.
Microsoft Defender Antivirus ExclusionsYou can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. Generally, you shouldn't need to apply exclusions. Microsoft Defender Antivirus includes a number of automatic exclusions based on known OS behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. Warning Defining exclusions lowers the protection offered by Microsoft Defender Antivirus. Always evaluate the risks that are associated with implementing exclusions. Only exclude files you know aren't malicious.
Power settingsThese settings use the power policy CSP, which also lists the supported Windows editions. Battery
PluggedIn
Next stepsFor additional technical details on each setting and what editions of Windows are supported, see Windows 10/11 Policy CSP Reference Assign the profile, and monitor its status. FeedbackSubmit and view feedback for What is a PRI Update?Another update you might get is a PRI update that stands for Product Release Instructions. The PRI contains radio settings, which might be ID numbers, network codes, country codes, and other important information that allows your phone to connect to the right mobile provider's network.
What is mobile device and explain types of mobile devices in detail?A mobile device is a small hand-held device that has a display screen with touch input and/or a QWERTY keyboard and may provide users with telephony capabilities. Mobile devices are used interchangeably (phones, tablets) throughout this document.
What is mobile device PRI?A PRI phone system uses the Primary Rate Interface (PRI) standard on an Integrated Services Digital Network (ISDN) to enable multiple voice and data lines to connect to a business' private branch exchange system or PBX.
Which component of the mobile communications process is responsible for storing user information and for identifying a device on the?A SIM card (full form Subscriber Identity Module or Subscriber Identification Module) is an integrated circuit (IC) intended to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephony devices (such as ...
|