Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices Endpoint Manager? Intune configuration restriction policies are very important in modern device management strategy. Intune device restriction policy is the security settings applied on your Windows 10 CYOD device.
As part of your organization’s security policies, you may need to lock down mobile devices or Windows devices that have access to corporate data and app. yes, Intune configuration restriction policies help you lock down Windows devices as per your organization’s security requirements.
Related post – Intune SCEP HTTP Errors Troubleshooting Made Easy With Joy – #5 (anoopcnair.com)
Create Intune Device Restriction Policy for Windows 10 Devices
You can create Intune device restriction policy for Windows 10 from Microsoft Intune – Device Configuration – Profiles – Create New Profile. I selected Windows 10 as the platform, and the Selection of the platform is very important.
Also, it would be best if you had to select the profile type while creating Intune Configuration Restriction policy. In my scenario, it’s the Device restriction policy. The name of the policy is “Windows 10 CYOD Restrictions“. Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices Endpoint Manager?
Windows platform Intune device restriction policy out of box Settings is segregated into 16 sections, as you can see below. This list is very comprehensive, and we can lock down Windows 10 machines as per the requirement.
Is this Intune device restriction policy a replacement for group policies? No, it’s still not a replacement for AD group policies. Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices Endpoint Manager?
- General
- Password
- Personalization
- Locked screen experience
- App Store
- Edge Browser
- Search
- Cloud and Storage
- Cellular and Connectivity
- Control Panel and Settings
- Defender
- Defender Exclusions
- Network proxy
- Windows Spotlight
- Display
- Start
Deploy Windows 10 Intune Device Restriction Policy
You can deploy Windows 10 Intune Device Restriction Policy to either Windows 10 CYOD dynamic devices or Windows 10 users group. Intune Create Device Restriction Policy Profiles Deploy Security Policies to Windows 10 Devices Endpoint Manager?
Dynamic device groups are still in preview, and those typos of groups are not stable at times. So at least for the next two months, I will prefer to deploy policies to user groups rather than dynamic device groups.
Windows 10 End-user experience of Intune Device Restriction Policy
As you can see in the video tutorial at the top of this post or here, I’ve enabled the time settings to disable the option as part of the initial Windows 10 device restriction policy. The end-user logged to Windows 10 machine can’t change the time on the system.
After that, I changed the windows time setting policy again, and after applying the new policy, the user can change the time on Windows 10 system.
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
How to test device restrictions policy on user or client ?
Manual enrollment? https://www.anoopcnair.com/windows-11-intune-enrollment-process-manual/ to test the BYOD block setting for example … same is applicable for iOS and Android as well.