Managing settings for Windows 10 with Microsoft Intune might be challenging because of the many different configuration profiles which are available today in Intune. To manage all settings we often need to make use of different configuration profiles and even use a custom profile to get the job done. With the introduction of the windows 10 Settings Catalog profile (in Preview), this might come to an end!
The Windows 10 Settings Catalog is a new option to start from scratch and select settings from the library of available Windows 10 settings. Settings Catalog profile is the first step to bring the settings together from multiple, existing configuration profiles and provide a better configuration experience for Intune admins.
At the moment of writing in the new profile, settings are available which are currently found in for example the Device Restrictions profile and expanded with existing Policy CSP settings which aren`t found in a current configuration profile.
It is expected that the ADMX-backed settings which were made available (for Windows Insider builds) in the past months are added to the configuration profile in the near future. At this moment if we want to configure these settings, we need to use a custom configuration profile. And also the ADMX-ingested settings (Office, OneDrive, Edge Chromium) will most likely find their way to the new profile.
Besides the single point of view for Windows 10 settings, also a better understanding of the configuration options of a setting has the focus of Microsoft.
In the below example, the value description is changed when switching the setting for Require private store only so it becomes more clear to what value the setting is actually configured.
As it might look for, again, another way to manage settings in Intune, in the end it should make our Intune admin lives a bit easier when this profile gets the General Availablibilty state and replaces the current list of different profiles.
Configure Settings Catalog profile
Let`s have a look at how this new Settings Catalog profile can be configured.
- Sign-in to the Endpoint Manager admin center
- Browse to Devices – Windows – Configuration profiles
- Click Create Profile
- Choose Windows 10 and later as Platform
- Choose Settings Catalog as Profile
- Click Create
- Give the profile a Name
- Enter a Description (Optional)
- Click Next
On the Configuration Settings tab on the right side, we find all available settings, which are grouped in categories. We can scroll through the list with available settings to find the settings we like to configure.
On the left side, all configured settings will be shown.
Besides scrolling through the list of settings, we can also use the search box (yes, to search for a setting). When we enter a word it shows all related settings.
There is also a filter available. With the filter, we can filter out settings based on applicability. Settings that are not applicable are hidden from the list.
To configure a setting, check the setting on the right. On the left side make your choice and flip the switch to the needed value.
When there are multiple configuration options, pick the required value from the drop-down menu.
For my feeling, the information found when we click on the information icon is much more extensive as seen in already existing configuration profiles.
And on the right of the setting, we have a button to remove a setting from the profile, or even remove the whole category at once.
As we`re finished we have a long list of configured setting on the left side.
And of course, don`t forget to assign the profile to a security group of choice.
New reporting
With the introduction of the Settings Catalog profile, we also see a new reporting experience.
If we open the profile, the Device status is shown at the top of the page. Here you have a direct overview of the number of devices with their different status.
When we click on View report, we get an overview of the actual devices with their Deployment status and the Last status update.
And when we click on a device, we get an overview on the settings level with their corresponding Setting status.
Short conclusion
As it indeed looks like an extra profile to manage our Windows 10 devices with Intune, I assume the Settings Catalog profile will eventually replace all the separate configuration profiles. In the very first Preview release, the profile contains about 2000 settings, but eventually to will be expanded with thousands of settings.
If this indeed replaces all different other profiles and we have all these existing and more settings available, that`s a great step forward in my opinion.
The way we can pick settings from the list of settings works just fine. Definitely, the option to search for a setting is a great additional option.
And the changing description at some settings is a welcome change, that makes it more clear to what value the setting is actually configured.
Great job Microsoft!
So pick a few pilot devices, and start testing this profile.
And if you`re also managing macOS Device, also have a look at Settings Catalog for Mac.
Thanks for reading and happy testing!
5 Comments
Hello Peter,
is there anything for Onedrive in Settings Catalog?
I tried a search of course, but I miss the option “Silently sign in…” and so on and at least “Prevent users from moving their Windows known folders to OneDrive”
Is the setting catalog something completly new and has not all options from earlier “administrative templates”?
Ty
And Kan
Hi And Kan,
Yes, it’s correct OneDrive settings are not (yet) available in Settings Catalog.
It’s a preview feature and settings might still be missing and you might find settings that are available for Insider builds, but not yet for the current Windows builds.
Settings Catalog is the way forward, but not yet complete.
Regards,
Peter
Hey Peter,
For Intune management with settings catalogs. Would you work the same way as with templates where you split them up with every profile focused on 1 setting, or would you throw them all together into 1 catalog containing all the default settings and then other catalogs with specific settings for 1 type of device ?
Hi Michiel,
What I usually do is create one Settings Catalog profile, for the Windows security baseline, one for the Office suite and one for Edge. Or split that up and a device and an user profile.
And depending on your needs create a separate profile for the other settings which are not related to one of the security baselines.
If you have for example different business units, or countries which need a separate set of setting, also create separate profiles with these additional settings.
So in the end, we still have multiple profiles.
Regards,
Peter
Hi Peter,
Thanks for your reply.
Thanks for giving me your insight into how you create profiles.
I was definitely struggling with myself whether to do the documentation approach where you create a big amount of profiles for every specific feature ( e.g. profile for bitlocker, profile for device restrictions, profile for shared device…) or whether to throw it all together but try keep it tidy
We do indeed have multiple device types. A personal, a shared device , a locked down device and android work phones that are locked down.