Key Takeaways
- This policy controls logging for the OneSettings service.
- If enabled, Windows records connection attempts.
- Logs are saved in the Privacy-Auditing EventLog.
- If disabled, no connection attempts are recorded.
Hey, let’s discuss about how to Control One Settings Service Logging in Windows using Intune. This policy decides whether Windows keeps a record of connection attempts made to the One Settings service. When this setting is turned on, Windows logs every attempt to connect to the One Settings service in a specific Event Viewer channel: Microsoft\Windows\Privacy-Auditing\Operational. This can help administrators monitor system activity and track privacy-related events more effectively.
Table of Contents
Table of Contents
Control One Settings Service Logging in Windows using Intune
If the policy is turned off or not configured, Windows will not create any log entries for these connection attempts. In that case, there will be no record available in the EventLog to review or audit One Settings service connections.
- How to Enable or Disable Energy Saver Always-on Mode in Intune Settings Catalog
- How to Enable or Disable Region Settings Policy using Intune
- How to Configure Files, Folders and Registry Keys Access Auditing Application Policy in Intune
Policy Creation in Intune
Previously, we discussed various aspects of enabling and disabling the Screen Saver Lock Timing using Intune Policy. First, sign in to the Microsoft Intune admin center. Then navigate to Devices > Configuration > + Create. You will see a window titled Create a Profile.
| Platform | Profile Type |
|---|---|
| Windows 10 and later | Settings Catalog |
Define the Policy Name and Description
To configure a policy in Intune, start with the Basics step, enter a clear and meaningful name such as Enable One Settings Auditing and provide a short description (such as “To Enable One Settings Auditing“). Then click Next to continue.
Configure One Setting Auditing
In the Configuration settings, you can see the Add settings button. Click the Add Settings to browse or search the catalog for the settings you want to configure. In the Settings picker, you can search for the Settings quickly. Here, I choose the System category, select Enable One Settings Auditing to configure it, and then close the Settings Picker window.
Once you have selected One Settings Auditing and closed the Settings picker. You will see it on the Configuration page. This setting is disabled by default. If you want to continue with this you can click on the next.
Enable One Settings Auditing
If we enable or configure this policy, you can allow the One Settings Audit policy by toggling the switch from left to right.Then, you can click the Next button to proceed.
Scope Tags
Scope tags are used to control which administrators can see and manage this policy in the Intune admin center. In the Scope tags section, you can assign one or more scope tags to the policy so that only specific IT teams or administrators have access to it. To add a scope tag, click Select scope tags, choose the required tag, and then click Next.
Assign the Policy to Groups
In the Assignments section, click Add groups under Included groups and select the required user or device groups. Assigning the policy ensures it is applied only to the intended users or devices, such as test groups or production environments. Then click on the Next.
Review and Deploy the Policy
At the final Review + Create step, we see a summary of all configured settings for the new profile; after reviewing the details and making any necessary changes by clicking Previous. We click Create to finish, and a notification confirms that the “Enable One Settings Auditing created successfully”.
Monitor Policy Deployment Status
To check whether the policy is successfully applied, sign in to the Microsoft Intune admin center and go to Devices > Configuration profiles. Select the One Settings Auditing policy from the list. This opens the policy overview page, where you can see a quick summary of its deployment status.
Client Side Verification
To confirm if a policy has been applied, use the Event Viewer on the client device. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. Use the Filter Current Log option and search for Intune event 813.
MDM PolicyManager: Set policy int, Policy: EnableOneSettingsAuditing Area: (System),
EnrollmentlD requestinq merqe: (EB427D85-802F-46D9-A3E2-D5B414587F63), Current User:
(Device), Int: (0x1), Enrollment Type: (0x6), Scope: (0x0).
How to Remove Assigned Group from One Settings Auditing Policy
If you want to stop the policy from applying to certain users or devices, you can remove the assigned groups. Go to Devices > Configuration profiles, select the policy, and open Assignments. Under Included groups or Excluded groups, select the group you want to remove and delete it from the assignment list. Once the group is removed, the policy will no longer apply to those users or devices after the next Intune sync.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete One Settings Auditing Policy from Intune
If the policy is no longer required, you can delete it completely from Intune. Navigate to Devices > Configuration profiles, select the policy you want to remove, and click Delete. Confirm the deletion when prompted. Deleting the policy permanently removes it from Intune and stops it from applying to all devices.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Windows Configuration Service Provider (CSP)
The Policy Configuration Service Provider (CSP) is a feature used by organisations to manage and control settings on Windows 10 and 11 devices. It explains what each policy does, what settings or values can be used, and how it connects to older Group Policy settings (Group Policy Mapping details).
| Value | Description |
|---|---|
| 0(Default) | Disable |
| 1 | Enable |
Description framework properties
- Format – Int
- Access type – Add, Delete, Get, Replace
- Default value – 0
Group Policy Mapping
| Name | Value |
|---|---|
| Name | EnableOneSettingsAuditing |
| Friendly Name | Enable OneSettings Auditing |
| Location | Computer Configuration |
| Path | WindowsComponents > Data Collection and Preview Builds |
| Registry Key Name | Software\Policies\Microsoft\Windows\DataCollection |
| ADMX File Name | DataCollection.admx |
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community and WhatsApp Channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc