In my previous blog post, I have explained how we can apply Microsoft security settings to corporate devices using Intune Security Baselines (http://www.rebeladmin.com/2019/08/step-step-guide-apply-security-baselines-windows-10-devices-using-microsoft-intune/). We can apply similar settings to on-premises devices via group policies. Apart from security settings, we use group policies to standardize device configurations in on-premises environments. As an example, we can block user access to control panel settings by using group policy.
Microsoft Intune Device configuration Profiles allow us to push similar desktop settings to cloud-managed (Azure AD + Intune) devices. This allows organizations to maintain granular control over device settings. In this demo, I am going to demonstrate how to set up and apply Microsoft Intune Device configuration Profile.
• Device configuration Profiles can use to standardize Android, iOS, macOS, Windows Phone 8.1, Windows 8.1, Windows 10 devices.
• You need to have your devices enrolled with Intune to use this feature. You can find more info about device enrollment using my previous blog posts http://www.rebeladmin.com/2018/11/step-step-guide-enroll-windows-10-devices-microsoft-intune-using-autopilot/
In my demo environment, I have Azure AD joined & Intune enrolled windows 10 device called W2003.
Using device configuration profiles, I am going to,
• Disable user access to Control Panel Settings
• Push corporate proxy server settings to IE (server IP 10.10.10.10 with port 8080)
To do that,
1. Log in to Azure Portal (https://portal.azure.com) as Global Administrator and go to All services | Intune or else log in to Intune device management portal directly via https://devicemanagement.microsoft.com
2. Then click on Device configuration | Profiles
3. In the profiles page, click on + Create profile