Knowledge Base ​ > ​ ​Windows 10 Device Management ​ > ​ ​Getting Started on Windows ​ > ​   Windows Device Profile

Windows Device Profile

Updated 3 months ago by Sriram Kakarala

Device Profile is a feature that helps you to group your policies together. Once a profile is created, you can apply it to multiple devices. Any change that you make in device profile will be automatically applied to all the devices. You can also apply a Device Profile to a Device Group so that you can easily group your devices and manage their settings as well.

In this guide we will see how to create a Windows Device Profile and the various settings that can be used.

Before You Begin

  1. Make sure to Sign In to ScaleFusion Dashboard.
  2. As per our observation we have seen that not all the features work on the various versions of Windows 10 and some do not work at all although as per the Windows 10 protocol they are supposed to work. The iconography below indicates the feature compatibility,

Indicates that the feature works as expected.

Indicates that the feature is supported by Windows 10 protocol, but DOES NOT work as intended.

Indicates that the feature does not work.

Creating and Configuring a Profile

  1. Navigate to Device Profiles & Policies > Device Profiles and click CREATE NEW PROFILE button.
  2. In the create profile dialog select Windows tab. Enter a name for your profile and click on SUBMIT.
  3. The Profile Creator wizard will be launched. The device profile creation is divided into 4 sections,
    1. Select Apps: Section to configure your application policy.
    2. Whitelist Websites: Section to whitelist websites to be used with Google Chrome.
    3. Chrome/Edge Configurations: Additional settings for Google Chrome and Edge.
    4. Settings: Section to configure additional settings based on categories.
  4. Select Apps: The first step is to configure the application policy. Choose an application policy and click NEXT

    Feature

    Description

    Supported on

    Application Blacklisting

    Block selected windows applications from being allowed to run. You can block/blacklist UWP apps, Win32 apps or apps installed from Windows store. Use Device Profile to select the apps to block.

    For the Win32 apps that are not available in the app list, you can add them through Add Win32 App button, enter the app name, path there and Save. The application gets added and is available in the list of apps. Now you can block/blacklist it.

    Win 10 Pro

    Win 10 Enterprise

    Skip Configuring Apps

    Select this option if you do not want to define an application policy for your windows devices.

    Win 10 Pro

    Win 10 Enterprise

    Application Whitelisting

    Select the list of applications that should be allowed. You can whitelist both UWP and Win32 apps. For more details, click here

    Win 10 Pro

    Win 10 Enterprise

  5. Whitelist Websites: Configure the URLs that a user is allowed to browser on Google Chrome or Windows Kiosk Browser app, by following our guide here.
  6. Google Chrome and Microsoft Edge Configurations: Use this section to configure Google Chrome settings. Please refer to our help document here.
  7. Settings > Kiosk App: Use this option to set an application to run always and set the Windows Device in Kiosk app mode. Please refer to our help document here.
  8. Settings > Branding

    Feature

    Description

    Supported on

    Home & Lock Screen Wallpaper

    Branding allows you to apply a home and/or lock screen wallpaper to your enterprise devices. You can create a custom branding under Device Management > Branding section and then apply it in Device Profile. You will be able to select branding that is compatible with Windows.

    Win 10 Pro

    Win 10 Enterprise

  9. Settings > Wifi & Network

    Feature

    Description

    Supported on

    Allow Device to connect Wifi

    Choose to allow or restrict users to connect to Wifi.
    Note - Use this feature with extreme caution as if this is disabled,
    then users cannot connect to Wifi. The only option is to connect
    via LAN or USB tether to get the latest policy and if there is no
    connectivity then device might have to be hard reset.

    Win 10 Pro

    Win 10 Enterprise

    Auto Configuring a Wifi

    If you have created a Wifi configuration, then you can apply it to a Device Profile.
    a. Automatic or Manual connection to Configured Wifi.
    b. Define Proxy rules for the Wifi.

    Win 10 Pro

    Win 10 Enterprise

    Allow users to configure Wifi

    Use this option to allow/deny the end users to configure new Wifi connection on device.

    Win 10 Pro

    Win 10 Enterprise

    Allow Auto Connect to WifiSense

    Control if Wifi Sense should be used and connect automatically to shared networks or not.

    Win 10 Pro

    Win 10 Enterprise

    Allow VPN Connections

    Control if user is allowed to connect to VPN connections

    Win 10 Pro

    Win 10 Enterprise

    Allow VPN usage on Cellular Data

    Control if cellular data should be used  to connect to VPN connections

    Win 10 Pro

    Win 10 Enterprise

    Allow VPN roaming on Cellular Data

    Control if VPN should be allowed on roaming Cellular data.

    Win 10 Pro

    Win 10 Enterprise

  10. Settings > Edge Browser
    These are for the legacy Microsoft Edge. For the settings to take effect, Microsoft Edge needs to be restarted.

    Feature

    Description

    Supported on

    Cookie Policy

    Choose a cookie Policy for Microsoft Edge. You can either allow the user to control or define strict policy for cookies.

    Win 10 Pro

    Win 10 Enterprise

    Start Page URL

    Specify a start URL that will be launched whenever the Edge browser is opened.

    Win 10 Pro

    Win 10 Enterprise

    Auto Fill

    Allow: Forces the autofill featureRestrict: Prevents using Autofill.User-Control: Lets  users choose to use the Autofill feature to populate the form fields automatically.

    Win 10 Pro

    Win 10 Enterprise

    Pop Ups

    Allow: Force pop-ups on all sites and turn off Pop-up blocker.

    Restrict: Turn-on Pop-up Blocker which will block all the pop-ups.

    User-Control: Let users control the Pop-up blocker.

    Win 10 Pro

    Win 10 Enterprise

    Address Bar Dropdown

    Allow:  Let Edge shows the address bar drop down list.Restrict: Minimizes network connections from Edge to Microsoft service, and hide the functionality of the Address bar drop-down list. It also disables the Show search and site suggestions as I type toggle in Settings.

    Win 10 Pro

    Win 10 Enterprise

    Browser Extension

    Allow: Let users to add or personalize extensions in Edge.Restrict: Prevent users from adding or personalizing extensions.

    Win 10 Pro

    Win 10 Enterprise

    Clear Browsing history on Close

    Allow: Clear the browsing history on exit.Restrict: Do not clear the browsing history on exit.User-Control: Let users configure the setting.

    Win 10 Pro

    Win 10 Enterprise

    Allow accessing “about:flags”

    Allow:  Lets users access the about:flags page in Edge, which is used to change developer settings and enable experimental features. ChooseRestrict: Prevents users from accessing the about:flags page.

    Win 10 Pro

    Win 10 Enterprise

    Allow Flash

    Allow: Allow Adobe flash to run.Restrict: Prevent Adobe flash to run.User-Control: Let users control on a per-site basis.

    Win 10 Pro

    Win 10 Enterprise

    Autorun Flash

    Allow: If Adobe flash is allowed then auto-run the flash files.Restrict:  If Adobe flash is allowed then prevent flash files from auto-running

    Win 10 Pro

    Win 10 Enterprise

    Developer Tools

    Allow: Allow users to use the F12 key and view the developer tools.Restrict: Prevent users to use the F12 key and view the developer tools.

    Win 10 Pro

    Win 10 Enterprise

    In-Private Browsing

    Allow: Allow in-private browsing.Restrict: Prevent in-private browsing.User-Control: Same as Allow

    Win 10 Pro

    Win 10 Enterprise

    Save Passwords Locally

    Allow: Lets Edge use Password manager to store passwords locally.Restrict: Prevent Edge from storing passwords locally.User-Control: Let users control when to save passwords locally.

    Win 10 Pro

    Win 10 Enterprise

    Search suggestions in Address bar

    Allow: Show search suggestions

    Restrict: Block search suggestionsUser-Control: Let user control the search suggestion behaviour.

    Win 10 Pro

    Win 10 Enterprise

    Force Fraudulent Website Warning

    Allow: Force Windows Defender Smartscreen protection to prevent potential threats and prevent users from turning it off.Restrict: Turn off Windows Defender Smartscreen protection, leaves the user vulnerable to potential threats.User-Control: Let users choose if they want to use Windows Defender Smartscreen protection.

    Win 10 Pro

    Win 10 Enterprise

    Override Fraudulent Websites warning

    Allow: Let user’s ignore the warning and proceed to the site.Restrict: Does not allow users to ignore the warning and proceed to the site.User-Control: Same as allow..

    Win 10 Pro

    Win 10 Enterprise

    Override malicious file warning

    Allow: Allow users to download a potential malicious file or files from unverified sources.Restrict: Restrict users to download a potential malicious file or files from unverified sources.User-Control:Same as allow.

    Win 10 Pro

    Win 10 Enterprise

    Allow "Do Not Track" request

    Allow: Force Edge to send tracking information.Restrict: Prevent Edge from send tracking information.User-Control: Users can choose to send tracking information to sites they visit.

    Win 10 Pro

    Win 10 Enterprise

  11. Settings > Exchange Settings, Settings > Email Settings

    Feature

    Description

    Supported on

    Exchange Settings

    Select the Exchange Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.

    Win 10 Pro

    Win 10 Enterprise

    Email Settings

    Select the Email Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.

    Win 10 Pro

    Win 10 Enterprise

  12. Settings > General Settings
    Most of the settings here are supported as per the protocol but in our testing they were not working. We have retained them for future use.

    Feature

    Description

    Supported on

    Allow USB Connections & SD Card

    Use this setting to allow or restrict USB connections and external storage card.

    Win 10 Pro

    Win 10 Enterprise

    Microsoft Feedback Notifications

    Use this setting to enable or disable Microsoft feedback notifications.

    Win 10 Pro

    Win 10 Enterprise

    Modify Data & Time

    Use this setting to allow or restrict users from changing the device date & time.Note: There is a workaround where users can launch the legacy Date & Time dialog and change the settings.

    Win 10 Pro

    Win 10 Enterprise

    Allow Bluetooth

    Use this setting to allow or restrict bluetooth connections from the device.

    Win 10 Pro

    Win 10 Enterprise

    Allow Bluetooth Pre-pairing

    Enable this setting to automatically pair with devices that were previously connected.

    Win 10 Pro

    Win 10 Enterprise

    Allow Bluetooth Services Advertisement

    Control the bluetooth services advertisement behaviour.

    Win 10 Pro

    Win 10 Enterprise

    Install Non-Store Apps

    Allow or Restrict users to install/sideload applications from unknown sources.

    Win 10 Pro

    Win 10 Enterprise

    Store App Data in Device Memory

    Force the applications to store the data in device memory.

    Win 10 Pro

    Win 10 Enterprise

    Install Apps in Device Memory

    Force the applications to be installed in Device memory..

    Win 10 Pro

    Win 10 Enterprise

    Scalefusion Sync Interval

    Select an interval on how often should ScaleFusion poll for Device Info. This polling helps in,1. Updating the device Location.2. Updating the Inactivity time.3. Syncing the latest policies.4. Getting vital Device Information

    Win 10 Pro

    Win 10 Enterprise

General Settings > Start Layout Settings

These settings are unchecked by default
The settings are supported on Windows 10 Pro and Enterprise Edition

Feature

Description

Hide Switch Account

Use this setting to hide Switch user account option that is present on the left side of the Start menu

Hide Sign out

Use this setting to hide the Sign Out button that is present on the left side of the Start menu, under the Accounts icon (or picture)

Hide User tile

Tiling enables users to view each of their open programs or windows within a program simultaneously, rather than having to switch back and forth. Use this setting to hide start menu tiles for all users

Hide Change Account Settings

Accounts Settings allows you to manage your Microsoft Account, set your user picture, change sign-in options, change password, change PIN, connect your PC to work or school etc. It is present on the left side of the Start menu.

Use this setting to hide Change Account Settings option

Hide People Bar

The People feature adds a special icon to the notification area of your taskbar and allows pinning your contacts directly to the taskbar, so you can start messaging, call or compose an email just with one click.

Using this option, the People bar can be hidden.

Hide Lock

This option which is present under Switch Account, locks the computer but keep all the user's programs running. Hide the Lock feature through this setting.

Hide Hibernate

Hibernate option which is present in Start > Power, saves the current state of your PC—open programs and documents—to your hard disk and then turns off your PC. This feature can be hidden using Hide Hibernate settings.

Hide Sleep

Sleep feature present in Start > Power puts your system into a low-power state and turning off your display when you're not using it. Use this setting to Hide Sleep setting.

Hide Restart

This restarts your system. Use this setting to hide Restart

Hide Power Options

Hide all the power options present in Start menu, with this setting.

Hide Shutdown

The Shutdown feature which shuts down your system, can be hidden using this option.

Allow End Task

Allow or disallow End Task feature in Task Manager.

By default this option is checked.

General Settings > Display Settings

The settings are supported on Windows 10 Pro and Enterprise Edition
These settings can be configured separately for device plugged in or running on battery

Feature

Description

Configure Display Off Timeout

Display off timeout is the amount of minutes Windows will wait idle with no activity while on the lock screen, before timing out and automatically turning off the display.

Configure the duration after which the display should timeout, through this setting

Configure Hibernate Timeout

Specify the duration of time after sleep that the system automatically wakes and enters hibernation.

Configure Unattended Sleep Timeout

The System unattended sleep timeout power setting is the idle timeout before the system returns to a low power sleep state after waking unattended. Specify a period of time before the system automatically enters sleep after waking from sleep in an unattended state.

Allow Stand By Device Sleep

Control your device's stand by behavior by choosing one of the options:

  • User Control - Default option
  • Enabled - If Enabled, the configure stand by timeout is active where you can configure the standby timeout duration
  • Disabled - Disables stand by mode

Choose Lid Close Behavior

Select what the behavior should be when system lid is closed

Choose Sleep Button Behavior

Select what the behavior should be when Sleep button is pressed

Choose Power Button Behavior

Select what the behavior should be when Power button is pressed

For Lid Close, Sleep button and Power button behaviours, following options are available to choose from:
- User Control
- Take No Action
- Sleep
- Hibernate
- Shut Down

General Settings > Folder Settings

These settings let admin control the following folders from start layout, that is, whether they should be pinned or disabled from the Start menu:

  • File Explorer
  • Documents
  • Downloads
  • Music
  • Videos
  • Pictures
  • Personal
  • Network
  • Settings

For the above folders, following options are available to choose from:

  • User Control - Selected by default. This lets user control the behavior of a folder
  • Show - Shows the folder
  • Hide - Hides the folder
  1. Once you have configured the various settings, click on UPDATE PROFILE . Once the profile is saved, it will appear in the list of Device Profiles.

Applying a Device Profile to Windows 10 Devices

Once a device profile is created, you can easily apply to the devices. You have the following options,

  1. Applying a Device Profile at Enrollment: If you are looking to apply a device profile right when the device enrolls, then create an Enrollment Configuration and in the Group/Profile section select Windows Profile that you want the devices to enroll it. Use the enrollment link to enroll the devices.
  2. Changing a Device Profile after Enrollment: Follow the steps below to change the device profile,
    1. Navigate to Device Management > Device Profile and select Device Profile to which the device belongs.
    2. Click on the APPLY button on the actions panel on right side.
    3. You will be shown a dialog with all the Device Groups & Devices which are not associated with a device profile currently. Select the Device Group(s) or navigate to the Devices tab, select the devices and click APPLY
  3. Applying a Windows Profile via Device Group: If you intent to use Device Groups, then you can add/modify a Windows Profile to a windows group. The selected Windows Profile will be applied to all the devices in this group.

Removing a Device Profile from Windows 10 Devices

If you want to move the device to a different device profile, then first you have to remove it from its existing profile. Follow the steps below to do so,

  1. Navigate to Device Management > Device Profile and select Device Profile to which the device belongs.
  2. Click on the Remove button from the actions panel on right and select Remove Devices.
  3. You will see a dialog with all the devices where this profile is applied. Select the devices and click on REMOVE.

Frequently Asked Questions

Question: In Device Profile, under the Select Apps section, I don't see the applications that are installed on the enrolled devices?

Answer: ScaleFusion can collect the information only about the UWP applications or the applications installed from Windows Store. ScaleFusion collects this information when a new device enrolls and every 2 hours after enrollment. If the list is still not updated then you can do the following,

  • Navigate to Devices section.
  • Click on the Device that has the application installed.
  • On the bottom panel and next to the Windows frame, click on Sync Apps option.

Question: We see quite a few settings marked as .Why does ScaleFusion allow control of the settings that are not working?

Answer: We had contemplated not adding these settings. However these are the ones that Windows MDM protocol claims to be supported and still not marked deprecated. Hence we have retained them with the assumption that it will work in future versions. Once the Windows documentation marks them deprecated or unsupported, we will remove them.

Question: The Exchange/Email settings are not removed from the device when we remove it from a Device Profile?

Answer: This is the intended behavior. As Exchange/Email are critical business information and is data intensive operation, we have not removed it when the devices are merely removed from Device Profile. This is based on the assumption that you would move the device to a different profile which will have the same exchange/email configuration.

Question: None of profile settings are removed from the device when we remove it from a Device Profile?

Answer: Yes. Removing a device retains its last profile/policy settings. We are in the process of adding a feature that lets you apply/remove policy that will allow you to temporary relax the policies on the device. However if you want to completely Unenroll the device, please use the Delete Device option.

How did we do?

Powered by HelpDocs (opens in a new tab)