Ensure Safe User Sign-ins through Healthy Providers Required for Register using Intune policy

Today we are discussing how to ensure safe user sign-ins through the Healthy Providers Required For Register using Intune policy. As we all know, the Settings Catalog is one of the most important features in Microsoft Intune.

It allows administrators to easily find, configure, and deploy various policies to manage devices and user experiences. By using this policy, organizations can make sure that users can only sign in when healthy storage locations are available, helping to protect data and maintain a smooth login process.

This policy in FSLogix Cloud Cache defines how many healthy Cloud Cache (CCD) locations must be available before a user is allowed to sign in. This setting helps organizations maintain stability and avoid profile corruption during the login process.

By default, the policy value is set to 0, which means users can sign in even if no CCD locations are currently available. In this case, FSLogix assumes that one or more CCD locations will become available later during the user’s active session. So, in this post let’s look how this policy to be deployed in MS Intune.

Sign up to get the best of How To Manage Devices straight to your inbox!

Ensure Safe User Sign-ins through Healthy Providers Required for Register using Intune policy

By enforcing a minimum number of healthy CCD locations, administrators can guarantee safe access to user profiles. it prevents users from logging in when storage paths are offline or unstable. This avoids issues like, missing data, or login delays that can occur when no healthy provider is available.

First, log in to Microsoft Intune with your credentials. Then, go to Device >Configurations and click on the + Create >New Policy option. A new window called Create a Profile will appear. Here, you need to select the Platform and Profile Type, and then click on the Create button.

• FIX Teams Icon is Missing from the Start Menu FSLogix Issue
• TeamsTfwStartupTask Registry Key is not Roamed with FSLogix ODFC Containers
• How to Block App Location Access in Windows using Intune Policy

Basic Details

Adding basic details is necessary and important in policy creation. It gives an identity for the settings you will select to create the policy. The policy name and description is useful for identifying the policy purpose. After adding this, click on the Next button.

Configuration Settings- Settings Picker

After completing the Basics tab, you will move to the Configuration Settings. To add a setting, click on the Add Setting hyperlink. A Settings Picker window will appear. Here, select the FSLogix category, and then click on the dropdown arrow.

From the dropdown, choose ODFC Containers, and another dropdown will appear with Cloud Cache options. In the Cloud Cache options, you will see different policies. Select the Healthy Providers Required for Register .

Disable By Default

If you want to disable the policy, drag the toggle from right to left. In this mode, the toggle will turn gray, and the status will show as Disabled. This means the policy will not be applied to users. You can then click on Next to continue in the disabled mode.

If the policy is disabled users are allowed to sign in regardless of whether healthy CCD locations are available. While this allows flexible access even during storage outages, it can increase the risk of profile corruption, login failures.

When Healthy Providers Required For Register is enabled, users can only sign in if the required number of healthy CCD (Cloud Cache) locations are available. When setting Healthy Providers Required For Register to anything other than 0, then Prevent Login With Failure and/or Prevent Login With Temp Profile should be used in order to create the desired user experience.

Registry Entry: HKLM\SOFTWARE\Policies\FSLogix\ODFC\HealthyProvidersRequiredForRegister Type: DWORD Values: Min = 0, Max = 4

• Here I enable this policy and give the value as 2
• Then click on the Next to Continue

Importance of Scope Tags

Now you are on the Scope tags section. Scope tags are used to assign policies to specific admin groups for better management and filtering. If needed, you can add a scope tag here. However, for this policy, I chose to skip this section.

Assigning Specific Groups

To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.

Know about the Review + Create Tab

Review + Create Tab helps you recheck all the details of the policy you entered on all the tabs. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.

Device and User Check in Status

After creating a policy, we have to monitor that whether the policy was created successfully or not. To check this, you can either wait for up to 8 hours for the policy to apply automatically, or you can reduce the waiting time by manually syncing the policy through the Company Portal.

• To do this, go to Devices > Configuration Profiles.
• In the Configuration policy section, search for the name of the policy you created.
• Then you can get the details below from that Policy
• It will show is this error successfully deployed or not

Client Side Verification

To confirm the policy is successful or not, you can use the Event Viewer. First, open Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. Look for Event IDs 813 or 814, as these typically contain policy-related information.

How to Delete the Policy that you created

To delete a policy in Microsoft Intune, first sign in to the Microsoft Intune Admin Center. Navigate to Devices and then select Configuration. Locate and select the specific policy you want to remove. Once you’re on the policy details page, click the 3 -dot menu in the top right corner and choose Delete from the available options.

• Here, I search for the Policy Name “Healthy Providers Required for Register” then I got the results.

For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.

How to Remove Policy

After creating the policy, if you want to remove the group that you previously selected, you can easily do that. First, go to Devices > Configuration policies. In the Configuration policy section, search for the policy, In the policy section When you Scroll down the page, and you will see sections like Basic Details and Assignment Details.

• In the Assignment section, you will find an Edit option and click on it.
• When you click Edit, you will enter the Assignment page.
• Click on Remove, then proceed by clicking Review + Save.

For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows,  Cloud PC, Windows, Entra, Microsoft Security, Career, etc.