Intune Settings Rundown - 2024-06-20
Introducing a new (semi) regular feature to document interesting new or updated Intune policy settings and UI changes in an easily digestible format!
Note: UI changes can sometimes take time so may not be visible immediately in your tenant.
Updated Nav Bar UI
Hot on the heels of the (somewhat contentious) Azure Portal navigation updates, the left hand navigation bar sections can now be collapsed:
Autopilot Device Preparation
Autopilot Device Prep (ADP) is seeing some (much needed) tooltip updates to make it clearer what various settings do.
Deployment mode
"Deployment mode controls if a user needs to provide credentials in order to provision the device."
Deployment type
"Devices are associated with the user enrolling the device and user credentials are required to provision the device"
Join type
"Specify how devices join an identity provider in your organization."
Additionally, "Azure AD joined" has been renamed to "Microsoft Entra joined" and has the below description which is only viewable in the JSON:
"Cloud-only without an on-premises Windows Server Active Directory"
User account type
"Specify whether users are administrators or standard users on the device. Note that this setting does not apply to Global Administrator or Company Administrator accounts. These accounts cannot be standard users because they have access to all administrative features in Microsoft Entra ID."
Custom error message
"This message will be displayed if an error occurs during deployment."
Allow users to skip setup after multiple attempts
"Allow users to continue to desktop if deployment fails."
Show link to diagnostics
"A link will be displayed for users to collect diagnostic logs if deployment fails."
Microsoft Edge
Some new policies added for Edge v125:
ImageEditorServiceEnabled
Policy Name:
Enable the Designer for Image Editor feature
Settings Catalog Location:
Microsoft Edge
Policy Tooltip:
Lets users access and use the Designer for Image Editor feature to edit an image they select. If you enable or don't configure this policy, users can access and use the Designer for Image Editor feature in Microsoft Edge. If you disable this policy, users can't access and use the Designer for Image Editor feature in Microsoft Edge.
Settings:
Enable / Disable
Separate User Scope Policy Available?
Yes
QRCodeGeneratorEnabled
Policy Name:
Enable QR Code Generator
Settings Catalog Location:
Microsoft Edge
Policy Tooltip:
This policy enables the QR Code generator feature in Microsoft Edge. If you enable this policy or don't configure it, the QR Code Generator feature is enabled. If you disable this policy, the QR Code Generator feature is disabled.
Settings:
Enable / Disable
Separate User Scope Policy Available?
Yes
Microsoft Defender
Updated Device Control Settings
As noted in the In Development page:
New file-level Device Control settings are available via:
Endpoint Security > Attack Surface Reduction > Device Control
Important to note that these settings will work on servers managed by MDE!
DisableCoreServiceTelemetry
A new configuration available via Settings Catalog or Endpoint Security>Antivirus.
Description:
Turn off OneDsCollector telemetry for Defender core service.
Settings:
- 0x0 (Default) - The Defender core service will use the OneDsCollector framework to rapidly collect telemetry.
- 0x1 - The Defender core service stops using the OneDsCollector framework to rapidly collect telemetry, impacting Microsoft's ability to quickly recognize and address poor performance, false positives, and other problems.
Note that this option is microsoftSense enabled if deployed via the Endpoint Security blade and can impact servers.
Thanks for reading, and stay tuned!
