Windows Profile Settings
Settings section in Device Profile, lets IT Admins configure additional settings which can then be applied to managed Windows devices. This document briefs all the Settings that can be configured in a Windows Device Profile.
Before You Begin
- Windows Device Profile should be created on Scalefusion Dashboard. To create a windows device profile, please visit Windows Device Profile
- Windows OS 7 and 8.1 devices should be enrolled with Scalefusion MDM agent.
- Iconography - The settings which work on both modes, that is, Modern Management and Agent based, are identified by iconography where windows icon is for modern management and Scalefusion icon is for Agent enrolled devices.
No iconography against a setting would mean it is supported only on modern management mode.
Settings
- Create a new Windows Device Profile or edit an existing one and click on + sign next to Settings on the left panel.
- All Settings can be accessed under different headings.
These are described below:
Single/Kiosk App Mode
Use this option to set an application to run always and set the Windows Device in Kiosk app mode. Please refer to our help document here.
Device Management

Branding
Branding allows you to apply a home and/or lock screen wallpaper to your enterprise devices.
Feature | Description | Supported on |
Home & Lock Screen Wallpaper | You can create a custom branding under Device Profiles & Policies > Branding section and then apply it in Device Profile. You will be able to select branding that is compatible with Windows. Only Home screen wallpaper can be set on Win OS 7 and 8.1 devices | Win 10 Pro Win 10 Enterprise Win 7 Win 8.1 |
Email & Exchange
From here, you can configure Exchange ActiveSync settings for your profile.

Feature
Description
Supported on
Exchange Settings
Select the Exchange Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.
Win 10 Pro
Win 10 Enterprise
Email Settings
Select the Email Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.
Win 10 Pro
Win 10 Enterprise
Certificates
All the certificates configured via Device Profiles & Policies > Certificate Management are listed here and admin can select the ones that have to be associated with this Device profile.
Security Settings

With these policies you can secure your Windows devices
Setting | Description |
Bitlocker | BitLocker is Microsoft’s built-in full volume encryption feature which is designed to protect data by providing encryption for the hard disk volumes. To configure BitLocker settings and apply these settings to the Windows 10 managed devices, click here. |
Windows Information Protector | Scalefusion helps you protect enterprise data on managed Windows 10 devices by providing Windows Information Protection policies or Enterprise Data Protection policies as they were earlier called. To know more about creating a Windows Information Protection Policy, click here |
Windows Hello | Windows Hello for Business lets users access their device(s) using a PIN or Biometric authentication. To learn more about how Windows Hello settings can be configured and applied onto end user's devices, please click here. |
Windows Defender | Microsoft's Windows Defender, now known as Microsoft Defender Antivirus provides real-time protection of Windows devices against software threats like viruses, malware, and spyware across email, apps, cloud, and the web. To configure Windows Defender policies, please click here. |
Windows Updates

Scalefusion lets the IT Admins configure the OS update policy on the managed Windows 10 devices so that they can ensure that the rollouts are controlled. There are two ways in which OS updates can be configured and controlled. To learn about the various policies on offer around OS updates, please follow these:
- Scalefusion Agent Based Settings: Configured from OS & Update Patch Management and applicable if you have installed Scalefusion MDM agent.
- Windows MDM Based Settings: These are based on Windows MDM CSP
Network Settings

Wifi & Network
Feature | Description | Supported on |
Allow Device to connect Wifi | Choose to allow or restrict users to connect to Wifi. | Win 10 Pro Win 10 Enterprise |
Auto Configuring a Wifi | If you have created a Wifi configuration, then you can apply it to a Device Profile. | Win 10 Pro Win 10 Enterprise |
Allow users to configure Wifi | Use this option to allow/deny the end users to configure new Wifi connection on device. | Win 10 Pro Win 10 Enterprise |
Allow Auto Connect to WifiSense | Control if Wifi Sense should be used and connect automatically to shared networks or not. | Win 10 Pro Win 10 Enterprise |
Allow VPN Connections | Control if user is allowed to connect to VPN connections | Win 10 Pro Win 10 Enterprise |
Allow VPN usage on Cellular Data | Control if cellular data should be used to connect to VPN connections | Win 10 Pro Win 10 Enterprise |
Allow VPN roaming on Cellular Data | Control if VPN should be allowed on roaming Cellular data. | Win 10 Pro Win 10 Enterprise |
VPN
Scalefusion provides the necessary mechanisms to remotely configure the VPN and publish to the Windows devices managed by Scalefusion. To learn about the VPN settings, please visit this document
Custom Settings
By using the Custom Settings feature, IT Admins can use a top-notch XML editor and push a CSP directly to the devices. To understand how to configure and push a custom settings payload to the device, please click here.
Scalefusion Agent Settings
Under this, you can configure settings which will take effect only if Scalefusion MDM agent has been installed on the device.
Management Settings
Setting | Description |
Remove Local Admin Privileges for Enrolled User | Enabling this setting removes admin privileges for the enrolled user and makes the user a standard user with no admin rights. The enrolled user cannot perform any of the admin actions then. This is an irreversible action. Once the user account is downgraded it cannot be revoked. Therefore, it is recommended to create an admin account first from Utilities > Global Settings > Windows Settings Scalefusion MDM agent v5.0.0 or above should be installed on device If the enrolled user is a built-in administrator then that account cannot be downgraded, that is, admin privileges cannot be removed.
|
Auto Enroll to Modern Management | Enable this option if you are enrolling your devices via Agent based enrollment and want the devices to automatically enroll into Scalefusion modern management. This allows you to leverage both agent and modern management features on an agent enrolled Windows device. |
Remove/Migrate device from 3rd party MDM (Modern Management). | A sub-setting of the above setting, this helps you easily migrate from your existing/older MDM solution. Enable this to remove the modern management of your older MDM and migrate them to Scalefusion completely. Please note,
We recommend deleting your device from your previous MDM to remove all the agents and other apps from your other MDM. |
Kiosk Settings
Setting | Description |
Show System Tray | Enable this to show a custom system tray panel with basic indicators of time, network and volume. Please note that this panel does not display 3rd party apps. |
Location Settings
Configure Location Settings on the device profile which get applied to the devices on which the profile is applied. When configured, they override the settings which have been set through Location & Geofencing > Location Settings on Dashboard.
Setting | Description |
Override Global Location Settings | If this is enabled, the settings which have been set through Location & Geofencing > Location Settings on Dashboard, get overridden. This also enables the rest of Location settings and makes them configurable. |
Attempt to automatically Enable Location | With this setting toggled on, Scalefusion attempts to automatically enable location if it is set to off on the Windows device. |
Enable/Disable Location Tracking | Enable this setting to turn on Location tracking and set other configurations. |
Location Tracking Mode | There are three modes for tracking Location:
|
Location Collection Frequency | Choose a frequency in which the locations should be synced with server and reflected on dashboard. Frequencies differ on the basis of the Location Tracking Mode you have chosen |
Select Location API | Select the preferred location method which will be used to capture location, from the following:
|
Important Notes on Location Settings:
a. On Windows OS 7 & 8.1 machines, following Location APIs will work:
API Type | Windows 7 | Windows 8.1 |
.Net API | - | Yes |
WinRT API | - | - |
Google Maps API | Yes | Yes |
WebKit API | Yes | Yes |
b. Location Services in Device Profile (Advanced Settings > General Settings > Security & Search) should be either set to Allow or None.
General
Setting | Description | Supported Devices |
Scalefusion Sync Interval | Select the frequency in which Scalefusion syncs and updates the Device Info. The frequency levels can be:
| NA |
Enable Broadcast Messages View | Enable this to be able to send one-way messages to managed Windows devices. With having this setting enabled IT admins can send Broadcast messages to Windows devices from Utilities > Broadcast Messages section on Dashboard. Broadcast messages can also be sent over to devices which have apps set as allowed or the devices are set up in kiosk mode. | NA |
USB Peripheral Settings | Check the following USB device types if you want to block the user from connecting and using them:
|
|
Advanced Settings

Policy Targets
Certain policies can be applied at Device level that is for all users or only the enrolled user. There may be cases where you want to block Google Chrome browsing only for the enrolled user and not other users. This is possible for supported policies by choosing a Policy Target between Device or Enrolled User. The supported policies are as below,
- Allowed Websites
- Chrome/Edge Configurations
- VPN Policy
- Settings App Policies
Select target (Device or enrolled user) from the drop-down on which you want to apply the target.

Configure Settings App
Under Configure Settings App IT Admins can control the Settings app granularly. That is within Settings app they can choose which options to show or hide. Each section can be completely hidden or part of it can be hidden.
To configure:
- Toggle on the Setting Configure Settings Options. Only then rest of the settings will get enabled.
- Once you set Configure Settings Options to ON, choose one of the following options:
- Show Selected Settings: Shows the selected applications and items underneath, in the Settings app
- Hide Selected Settings: Hides the selected applications and items underneath, in the Settings app
- The applications and settings are listed as follows. Select the ones which you want to show/hide on the managed devices.To select all, check the box on the right of the Setting's name
- Accounts
- Apps
- Cortana
- Devices
- Ease of access
- Extras
- Gaming
- Home page
- Mixed reality
- Network and internet
- Personalization
- Privacy
- Surface Hub
- System
- Time and language
- Update and security
- User accounts
Edge Browser
Feature | Description | Supported on |
Cookie Policy | Choose a cookie Policy for Microsoft Edge. You can either allow the user to control or define strict policy for cookies. | Win 10 Pro Win 10 Enterprise |
Start Page URL | Specify a start URL that will be launched whenever the Edge browser is opened. | Win 10 Pro Win 10 Enterprise |
Auto Fill | Allow: Forces the autofill featureRestrict: Prevents using Autofill.User-Control: Lets users choose to use the Autofill feature to populate the form fields automatically. | Win 10 Pro Win 10 Enterprise |
Pop Ups | Allow: Force pop-ups on all sites and turn off Pop-up blocker. Restrict: Turn-on Pop-up Blocker which will block all the pop-ups. User-Control: Let users control the Pop-up blocker. | Win 10 Pro Win 10 Enterprise |
Address Bar Dropdown | Allow: Let Edge shows the address bar drop down list.Restrict: Minimizes network connections from Edge to Microsoft service, and hide the functionality of the Address bar drop-down list. It also disables the Show search and site suggestions as I type toggle in Settings. | Win 10 Pro Win 10 Enterprise |
Browser Extension | Allow: Let users to add or personalize extensions in Edge.Restrict: Prevent users from adding or personalizing extensions. | Win 10 Pro Win 10 Enterprise |
Clear Browsing history on Close | Allow: Clear the browsing history on exit.Restrict: Do not clear the browsing history on exit.User-Control: Let users configure the setting. | Win 10 Pro Win 10 Enterprise |
Allow accessing “about:flags” | Allow: Lets users access the about:flags page in Edge, which is used to change developer settings and enable experimental features. ChooseRestrict: Prevents users from accessing the about:flags page. | Win 10 Pro Win 10 Enterprise |
Allow Flash | Allow: Allow Adobe flash to run.Restrict: Prevent Adobe flash to run.User-Control: Let users control on a per-site basis. | Win 10 Pro Win 10 Enterprise |
Autorun Flash | Allow: If Adobe flash is allowed then auto-run the flash files.Restrict: If Adobe flash is allowed then prevent flash files from auto-running | Win 10 Pro Win 10 Enterprise |
Developer Tools | Allow: Allow users to use the F12 key and view the developer tools.Restrict: Prevent users to use the F12 key and view the developer tools. | Win 10 Pro Win 10 Enterprise |
In-Private Browsing | Allow: Allow in-private browsing.Restrict: Prevent in-private browsing.User-Control: Same as Allow | Win 10 Pro Win 10 Enterprise |
Save Passwords Locally | Allow: Lets Edge use Password manager to store passwords locally.Restrict: Prevent Edge from storing passwords locally.User-Control: Let users control when to save passwords locally. | Win 10 Pro Win 10 Enterprise |
Search suggestions in Address bar | Allow: Show search suggestions Restrict: Block search suggestionsUser-Control: Let user control the search suggestion behaviour. | Win 10 Pro Win 10 Enterprise |
Force Fraudulent Website Warning | Allow: Force Windows Defender Smartscreen protection to prevent potential threats and prevent users from turning it off.Restrict: Turn off Windows Defender Smartscreen protection, leaves the user vulnerable to potential threats.User-Control: Let users choose if they want to use Windows Defender Smartscreen protection. | Win 10 Pro Win 10 Enterprise |
Override Fraudulent Websites warning | Allow: Let user’s ignore the warning and proceed to the site.Restrict: Does not allow users to ignore the warning and proceed to the site.User-Control: Same as allow.. | Win 10 Pro Win 10 Enterprise |
Override malicious file warning | Allow: Allow users to download a potential malicious file or files from unverified sources.Restrict: Restrict users to download a potential malicious file or files from unverified sources.User-Control:Same as allow. | Win 10 Pro Win 10 Enterprise |
Allow "Do Not Track" request | Allow: Force Edge to send tracking information.Restrict: Prevent Edge from send tracking information.User-Control: Users can choose to send tracking information to sites they visit. | Win 10 Pro Win 10 Enterprise |
General Settings
General Settings: The settings can be configured under following heads:
- System Settings
- Start Layout Settings
- Display Settings
- Folder Settings
- Application Settings
- Scalefusion Sync Interval
- Enable Broadcast Messages View
- Security & Search
System Settings
Feature
Description
Supported on
Allow USB Connections & SD Card
Use this setting to allow or restrict USB connections and external storage card.
Win 10 Pro
Win 10 Enterprise
Microsoft Feedback Notifications
Use this setting to enable or disable Microsoft feedback notifications.
Win 10 Pro
Win 10 Enterprise
Modify Data & Time
Use this setting to allow or restrict users from changing the device date & time.Note: There is a workaround where users can launch the legacy Date & Time dialog and change the settings.
Win 10 Pro
Win 10 Enterprise
Allow Bluetooth
Use this setting to allow or restrict bluetooth connections from the device.
Win 10 Pro
Win 10 Enterprise
Allow Bluetooth Pre-pairing
Enable this setting to automatically pair with devices that were previously connected.
Win 10 Pro
Win 10 Enterprise
Allow Bluetooth Services Advertisement
Control the bluetooth services advertisement behaviour.
Win 10 Pro
Win 10 Enterprise
Install Non-Store Apps
Allow or Restrict users to install/sideload applications from unknown sources.
Win 10 Pro
Win 10 Enterprise
Store App Data in Device Memory
Force the applications to store the data in device memory.
Win 10 Pro
Win 10 Enterprise
Install Apps in Device Memory
Force the applications to be installed in Device memory..
Win 10 Pro
Win 10 Enterprise
Scalefusion Sync Interval
Select an interval on how often should ScaleFusion poll for Device Info. This polling helps in,1. Updating the device Location.2. Updating the Inactivity time.3. Syncing the latest policies.4. Getting vital Device Information
Start Layout Settings
These settings are applicable on both Modern Managed and Scalefusion Agent enrolled devices. Few settings in particular can only be applied on Modern Managed devices and hence marked with windows icon only.
Feature | Description |
Hide Switch Account | Use this setting to hide Switch user account option that is present on the left side of the Start menu |
Hide Sign out | Use this setting to hide the Sign Out button that is present on the left side of the Start menu, under the Accounts icon (or picture) |
Hide User tile | Tiling enables users to view each of their open programs or windows within a program simultaneously, rather than having to switch back and forth. Use this setting to hide start menu tiles for all users |
Hide Change Account Settings | Accounts Settings allows you to manage your Microsoft Account, set your user picture, change sign-in options, change password, change PIN, connect your PC to work or school etc. It is present on the left side of the Start menu. Use this setting to hide Change Account Settings option |
Hide People Bar | The People feature adds a special icon to the notification area of your taskbar and allows pinning your contacts directly to the taskbar, so you can start messaging, call or compose an email just with one click. Using this option, the People bar can be hidden. |
Hide Lock | This option which is present under Switch Account, locks the computer but keep all the user's programs running. Hide the Lock feature through this setting. |
Hide Hibernate | Hibernate option which is present in Start > Power, saves the current state of your PC—open programs and documents—to your hard disk and then turns off your PC. This feature can be hidden using Hide Hibernate settings. |
Hide Sleep | Sleep feature present in Start > Power puts your system into a low-power state and turning off your display when you're not using it. Use this setting to Hide Sleep setting. |
Hide Restart | This restarts your system. Use this setting to hide Restart |
Hide Power Options | Hide all the power options present in Start menu, with this setting. |
Hide Shutdown | The Shutdown feature which shuts down your system, can be hidden using this option. |
Allow End Task | Allow or disallow End Task feature in Task Manager. By default this option is checked. |

Display Settings
These settings can be configured separately for device plugged in or running on battery
Feature | Description |
Configure Display Off Timeout | Display off timeout is the amount of minutes Windows will wait idle with no activity while on the lock screen, before timing out and automatically turning off the display. Configure the duration after which the display should timeout, through this setting |
Configure Hibernate Timeout | Specify the duration of time after sleep that the system automatically wakes and enters hibernation. |
Configure Unattended Sleep Timeout | The System unattended sleep timeout power setting is the idle timeout before the system returns to a low power sleep state after waking unattended. Specify a period of time before the system automatically enters sleep after waking from sleep in an unattended state. |
Allow Stand By Device Sleep | Control your device's stand by behavior by choosing one of the options:
|
Choose Lid Close Behavior | Select what the behavior should be when system lid is closed |
Choose Sleep Button Behavior | Select what the behavior should be when Sleep button is pressed |
Choose Power Button Behavior | Select what the behavior should be when Power button is pressed |
- User Control
- Take No Action
- Sleep
- Hibernate
- Shut Down
Configure Ctrl + Alt + Del options for Enrolled user
With this, you can control the options displayed in the Ctrl + Alt + Del menu for an enrolled user. The options are:
- Disable Task Manager
- Disable Change Password
- Disable Log Off
- Disable Lock Computer
By default, all the options are unchecked.
Folder Settings
These settings let admin control the following folders from start layout, that is, whether they should be pinned or disabled from the Start menu:
- File Explorer
- Documents
- Downloads
- Music
- Videos
- Pictures
- Personal
- Network
- Settings
For the above folders, following options are available to choose from:
- User Control - Selected by default. This lets user control the behavior of a folder
- Show - Shows the folder
- Hide - Hides the folder
Security & Search
The applications and Services which admin can allow / restrict on managed devices.
- Camera
- Cortana
- Microsoft account Connection
- Add Non Microsoft Accounts
- Sync Settings across Devices
- Reset Device
- Developer Unlock
- Location Services
For Developer Unlock and Location Services, following are the settings to choose from:
- Allow
- Deny
- None
Once you have configured the settings, click on UPDATE PROFILE. For further steps like applying a device profile to Windows 10 devices, please visit the document Windows Device Profile