Today we are discussing on How to Control App Access Notifications Policy for Windows using Intune. As we all know that settings catalog will help the admins to deploy diffrent kind of policy through MS Intune.
Privacy settings are very effective for Windows. Because with those policy admin can manage their organisation with more effective and secure.This policy setting determines whether Windows applications can access notifications on a device.
It provides administrators with control over how apps interact with the notification system, ensuring a balance between usability and privacy within the organization.If the policy is disabled or left not configured, the control falls back to the end user.
Employees can again use the Settings > Privacy panel to decide whether to allow or deny notification access for their apps. This is the least restrictive approach and relies on user choice. In this post let’s look how to Control App Access Notifications Policy for Windows using Intune.
Table of Contents
How this Policy Helpful to the Organizations?
This policy is helpful to organizations because it allows them to control how Windows apps access notifications, ensuring a balance between security, privacy, and productivity
How to Control App Access Notifications Policy for Windows using Intune
Above we discussed an overall view on the topic of How to Control App Access Notifications. Now we have to concentrate how this policy to be deployed through MS Intune. First log in to the Intune admin center with your credentials. Then Navigate through Devices> Configuration> + Create New Policy.
- Select New policy, and this will open a new window titled Create a profile.
- Here, you need to enter the Platform and Profile type details.
- After that, click Create.
- How to Create Intune Settings Catalog Policy
- Easy way to Enable Education Themes via Setting Catalog in Intune
- Enable Disable Search to Use Location Policy using Intune
What is Basics
Adding basic details is necessary and important in policy creation. It gives an identity for the settings you will select to create the policy. The policy name and description is useful for identifying the policy purpose. After adding this, click on the Next button.
- The platform is set to Windows by default, so you can proceed without making changes to it.
- Click on the Next.
Configuration Settings
We are discussing Configuration Settings, which is a very important stage in policy deployment. Here, you need to select the Add settings option.In the Add settings window, navigate to Privacy, and under Privacy, click on the Let apps access notifications option.
Defaulted Modes for Policy
Another very important section is when you select the policy name. At this point, you are on the Configuration Settings page. Here, you can see that the default option is already set to User in control. You can change this setting to Force Allow, Force Deny, or keep it as User in control, depending on your organization’s needs.
| Modes | Information |
|---|---|
| User is in control | If you choose the “User is in control” option, employees in your organization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. |
| Force Allow | If you choose the “Force Allow” option, Windows apps are allowed to access notifications and employees in your organization can’t change it. |
| Force Deny | If you choose the “Force Deny” option, Windows apps aren’t allowed to access notifications and employees in your organization can’t change it. |
Force Deny Mode
If you want to set this as the policy you can easily select that. In this option I stroghly want to If you choose the “Force Deny” option, Windows apps aren’t allowed to access notifications and employees in your organization can’t change it.
- Then Click on the Next.
Scope Tags
Now your are on the Scope tags section. Scope tags are used to assign policies to specific admin groups for better management and filtering. If needed, you can add a scope tag here. However, for this policy, I chose to skip this section.
What are Assignments
Next, you’ll reach the Assignments section, which is a very important step. This is where you decide which user or device groups should receive the policy. In this case, I selected the specific group I wanted to apply the policy to. After selecting the group, click Next to continue.
Review + Create
The final step is the Review + Create tab, also known as the Summary tab. Here, you’ll find a complete overview of all the details and settings you’ve configured for the policy. Take a moment to review everything carefully. If everything looks fine, click Create to complete the process.
Monitoring Status
After creating a policy, we have to monitor that whether the policy was created successfully or not. To check this, you can either wait for up to 8 hours for the policy to apply automatically, or you can reduce the waiting time by manually syncing the policy through the Company Portal.
- After syncing, you can check the policy’s status through the Intune Portal.
- To do this, go to Devices > Configuration Profiles.
- In the Configuration policy section, search for the name of the policy you created.
- Then you can get the details below from that Policy
- It will show is this error successfully deployed or not.
Client Side Verification
You can verify the confirmation in the Event Viewer by looking for Event ID 813 or 814. To access this, open Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows >Device Management Enterprise Diagnostic Provider > Admin.
- You can see a list of policy-related events now.
- I found the policy details in the Event ID 814.
Delete the Policy Permanently
To delete a policy in Microsoft Intune, first sign in to the Microsoft Intune Admin Center. Navigate to Devices and then select Configuration. Locate and select the specific policy you want to remove. Once you’re on the policy details page, click the 3 -dot menu in the top right corner and choose Delete from the available options.
Remove Groups from Polices
If you want to remove a policy group from the organization, you can do this through the Configuration section. First, select the policy you created, and then go to the Monitoring status page. Scroll down the window until you find the Assignments section and click Edit. From here, you can remove the policy group. Finally, click on Review + Save to apply the changes.
CSP Details for the Policy
The policy Configuration Service Provider (CSP) is a tool for businesses to manage settings on Windows 10 and 11 devices. It details each policy’s function (Description Framework Properties), available choices (Allowed Values), and how it relates to older Group Policy settings (Group Policy Mapping details).
- Description Framework Properties
- Format – int
- Access Type – Add, Delete, Get, Replace
- Default Value – 0
- Allowed Values
- 0 – (Default)
User in control.
1 – Force allow.
2 – Force deny.
- 0 – (Default)
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.