Hey there, Let’s discuss how to allow or disallow the FIPS Algorithm Policy using Intune Setting Catalog. Are we familiar with the term FIPS? The Federal Information Processing Standards (FIPS) are standards for federal computer systems developed by the National Institute of Standards and Technology (NIST).
The National Institute of Standards and Technology is a renowned U.S. Department of Commerce agency. FIPS outlines essential security requirements for various information technology products’ cryptographic modules.
By adhering to FIPS, organizations can safeguard sensitive information against unauthorized access and other Cyber threats. The FIPS algorithm policy embodies the toughest standards established by the Federal Information Processing Standards (FIPS), which take control of the cryptographic algorithms employed by U.S. government agencies.
These standards ensure that the security measures are trustworthy and safeguard sensitive information. In this post, we will discuss how to allow or disallow the FIPS Algorithm Policy using the Intune Setting Catalog.
Table of Contents
What is the FIPS Code?
A FIPS code is a numeric code that uniquely identifies geographic areas in the United States. The number of digits in FIPS codes varies depending on the level of geography.
Allows or Disallows the FIPS Algorithm Policy- CSP Details
Windows implements these (FIPS) certified algorithms to comply with the requirements and standards for cryptographic modules used by departments and agencies of the United States federal government. The screenshot below will help us understand the CSP details of the policy.
./Device/Vendor/MSFT/Policy/Config/Cryptography/AllowFipsAlgorithmPolicy
In this CSP section, we can also see the policy’s Description framework properties. Two columns give us information about the property name and property values. Let’s have a look at the table given below.
| Property Name | Property Value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Next we can see the Group policy mapping details ie, Name- System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. And the Path– Window Settings> Security Settings> Local Policies> Security Options.
Creating a Profile
To create a profile, sign in to the Microsoft Intune admin center. Go to Devices, then click Configuration, and select Create New Policy. The below screenshot shows more details.
A new window will open where you can select the platform and profile type. Here we can choose “Windows 10 and Later.” Next, we must select the profile type; I selected “Settings Catalog” from the list. Finally, I clicked on the “Create” option.
The next section to be filled is Basics. we must give a name for the policy and a description, which is mandatory. Give a better description for the policy and select the platform; Windows is already selected by default.
Configuration Settings
In the Configuration settings section, click on +Add settings to continue creating the profile. This section allows us to choose the settings we wish to configure. This section is required and must be completed.
The Settings Picker window will open, allowing us to search for our desired policy. In this case, the keyword is “Allow Fips Algorith Policy.” Click the Search button to proceed. Afterwards, we can browse by category and select “Cryptography” In that category, we can find “Allow Fips Algorithm Policy.”
When we click on the “i” button, we can see the details of the policy. Here, we can see “Allow or Disallows the Federal Information Processing Standards (FIPS) Policy” as more information.
Configuration Settings
In the configuration window, we have the ability to either block or allow our policy settings. This interface allows us to customize and manage our policy preferences effectively
- We can select the option allow or Block “Allows FIPS Algorithm policy”.
- We need to click the toggle button to “Allow” the policy.
- Then Click on the Next.
Scope Tags
Scope tag is a value that determines which objects admins can see and manage. We can skip this section, or we can add Scope Tags to your profile if we wish. Adding Scope Tags is optional. If we decide to skip this section, simply click the “Next” button to continue.
Assignments
Next, we move on to the Assignments section. In this area, we can add groups to Allows FIPS Algorithm Policy Click on the “Add Group” option under the “Include Groups” section. A new window will appear, allowing us to select a group. After selecting a group, click the “Select” button and then click on the “Next” button to proceed.
Review + Create
The “Review + Create” is the final step in the policy creation process. In this stage, we will see a summary of the policy we are deploying, including the policy name, descriptions, platform, and other details. All the policy settings we entered will be displayed for our review.
After clicking the Create button, we will be notified on the Intune Portal that the “Allows FIPS Algorithm policy″ has been “created successfully“. We can quickly check the Created policy in the Intune Portal.
Device and User Check-in Status
Monitoring status is very important because it will show the deployment status whether the policy was created successfully or not. When we click on the Policy, another window will appear, and we can see an elaborate view of the policy details.
Client-Side Verification
We can use the Event Viewer to check the client-side verification. To open it, go to Applications and Services Logs > Microsoft > Windows > Devicemanagement-Enterprise-Diagnostics-Provider > Admin.
The Intune event ID 813 or 814 ensures that a string policy is applied to Windows 11 or 10 devices. We can also see the exact value of the policy being applied on those devices.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.