Windows Profile Settings

Settings section in Device Profile, lets IT Admins configure additional settings which can then be applied to managed Windows devices. This document briefs all the Settings that can be configured in a Windows Device Profile.

Before You Begin

  1. Windows Device Profile should be created on Scalefusion Dashboard. To create a windows device profile, please visit Windows Device Profile

Settings

  1. Create a new Windows Device Profile or edit an existing one and click on Settings tab (last one)
  1. All Settings can be accessed by clicking on the headings on the left bar.

These are described below:

Kiosk App

Use this option to set an application to run always and set the Windows Device in Kiosk app mode. Please refer to our help document here.

Branding

Branding allows you to apply a home and/or lock screen wallpaper to your enterprise devices.

Feature

Description

Supported on

Home & Lock Screen Wallpaper

You can create a custom branding under Device Profiles & Policies > Branding section and then apply it in Device Profile. You will be able to select branding that is compatible with Windows.

Win 10 Pro

Win 10 Enterprise

Wifi & Network

Wifi & Network

Feature

Description

Supported on

Allow Device to connect Wifi

Choose to allow or restrict users to connect to Wifi.

Win 10 Pro

Win 10 Enterprise

Auto Configuring a Wifi

If you have created a Wifi configuration, then you can apply it to a Device Profile.

Win 10 Pro

Win 10 Enterprise

Allow users to configure Wifi

Use this option to allow/deny the end users to configure new Wifi connection on device.

Win 10 Pro

Win 10 Enterprise

Allow Auto Connect to WifiSense

Control if Wifi Sense should be used and connect automatically to shared networks or not.

Win 10 Pro

Win 10 Enterprise

Allow VPN Connections

Control if user is allowed to connect to VPN connections

Win 10 Pro

Win 10 Enterprise

Allow VPN usage on Cellular Data

Control if cellular data should be used  to connect to VPN connections

Win 10 Pro

Win 10 Enterprise

Allow VPN roaming on Cellular Data

Control if VPN should be allowed on roaming Cellular data.

Win 10 Pro

Win 10 Enterprise

VPN

Scalefusion provides the necessary mechanisms to remotely configure the VPN and publish to the Windows devices managed by Scalefusion. To learn about the VPN settings, please visit this document

Configure Settings App

Under Configure Settings App IT Admins can control the Settings app granularly. That is within Settings app they can choose which options to show or hide. Each section can be completely hidden or part of it can be hidden.

These settings are for all Windows versions so some options may not be seen on certain models
In Whitelisted profile the Settings app needs to be enabled for this to work.

To configure:

  1. Toggle on the Setting Configure Settings Options. Only then rest of the settings will get enabled.
  2. Once you set Configure Settings Options to ON, choose one of the following options:
  • Show Selected Settings: Shows the selected applications and items underneath, in the Settings app
  • Hide Selected Settings: Hides the selected applications and items underneath, in the Settings app
  1. The applications and settings are listed as follows. Select the ones which you want to show/hide on the managed devices.
    To select all, check the box on the right of the Setting's name
    1. Accounts
    2. Apps
    3. Cortana
    4. Devices
    5. Ease of access
    6. Extras
    7. Gaming
    8. Home page
    9. Mixed reality
    10. Network and internet
    11. Personalization
    12. Privacy
    13. Surface Hub
    14. System
    15. Time and language
    16. Update and security
    17. User accounts

Email & Exchange

From here, you can configure Exchange ActiveSync settings for your profile.

  1. Feature

    Description

    Supported on

    Exchange Settings

    Select the Exchange Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.

    Win 10 Pro

    Win 10 Enterprise

    Email Settings

    Select the Email Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.

    Win 10 Pro

    Win 10 Enterprise

Security Settings

With these policies you can secure your Windows devices

Setting

Description

Bitlocker

BitLocker is Microsoft’s built-in full volume encryption feature which is designed to protect data by providing encryption for the hard disk volumes. To configure BitLocker settings and apply these settings to the Windows 10 managed devices, click here.

Data Protection

Scalefusion helps you protect enterprise data on managed Windows 10 devices by providing Windows Information Protection policies or Enterprise Data Protection policies as they were earlier called. To know more about creating a Windows Information Protection Policy, click here

Windows Hello

Windows Hello for Business lets users access their device(s) using a PIN or Biometric authentication. To learn more about how Windows Hello settings can be configured and applied onto end user's devices, please click here.

Windows Defender

Microsoft's Windows Defender, now known as Microsoft Defender Antivirus provides real-time protection of Windows devices against software threats like viruses, malware, and spyware across email, apps, cloud, and the web. To configure Windows Defender policies, please click here.

Windows Updates

Scalefusion lets the IT Admins configure the OS update policy on the managed Windows 10 devices so that they can ensure that the rollouts are controlled. To learn about the various policies on offer around OS updates, please visit here.

Certificates

All the certificates configured via Device Profiles & Policies > Certificate Management are listed here and admin can select the ones that have to be associated with this Device profile.

Custom Settings

By using the Custom Settings feature, IT Admins can use a top-notch XML editor and push a CSP directly to the devices. To understand how to configure and push a custom settings payload to the device, please click here.

General Settings

General Settings: The settings can be configured under following heads:

  • System Settings
  • Start Layout Settings
  • Display Settings
  • Folder Settings
  • Application Settings
  • Scalefusion Sync Interval
  • Enable Broadcast Messages View
  • Security & Search

System Settings
  1. Feature

    Description

    Supported on

    Allow USB Connections & SD Card

    Use this setting to allow or restrict USB connections and external storage card.

    Win 10 Pro

    Win 10 Enterprise

    Microsoft Feedback Notifications

    Use this setting to enable or disable Microsoft feedback notifications.

    Win 10 Pro

    Win 10 Enterprise

    Modify Data & Time

    Use this setting to allow or restrict users from changing the device date & time.Note: There is a workaround where users can launch the legacy Date & Time dialog and change the settings.

    Win 10 Pro

    Win 10 Enterprise

    Allow Bluetooth

    Use this setting to allow or restrict bluetooth connections from the device.

    Win 10 Pro

    Win 10 Enterprise

    Allow Bluetooth Pre-pairing

    Enable this setting to automatically pair with devices that were previously connected.

    Win 10 Pro

    Win 10 Enterprise

    Allow Bluetooth Services Advertisement

    Control the bluetooth services advertisement behaviour.

    Win 10 Pro

    Win 10 Enterprise

    Install Non-Store Apps

    Allow or Restrict users to install/sideload applications from unknown sources.

    Win 10 Pro

    Win 10 Enterprise

    Store App Data in Device Memory

    Force the applications to store the data in device memory.

    Win 10 Pro

    Win 10 Enterprise

    Install Apps in Device Memory

    Force the applications to be installed in Device memory..

    Win 10 Pro

    Win 10 Enterprise

    Scalefusion Sync Interval

    Select an interval on how often should ScaleFusion poll for Device Info. This polling helps in,1. Updating the device Location.2. Updating the Inactivity time.3. Syncing the latest policies.4. Getting vital Device Information

Start Layout Settings
These settings are unchecked by default
The settings are supported on Windows 10 Pro and Enterprise Edition

Feature

Description

Hide Switch Account

Use this setting to hide Switch user account option that is present on the left side of the Start menu

Hide Sign out

Use this setting to hide the Sign Out button that is present on the left side of the Start menu, under the Accounts icon (or picture)

Hide User tile

Tiling enables users to view each of their open programs or windows within a program simultaneously, rather than having to switch back and forth. Use this setting to hide start menu tiles for all users

Hide Change Account Settings

Accounts Settings allows you to manage your Microsoft Account, set your user picture, change sign-in options, change password, change PIN, connect your PC to work or school etc. It is present on the left side of the Start menu.

Use this setting to hide Change Account Settings option

Hide People Bar

The People feature adds a special icon to the notification area of your taskbar and allows pinning your contacts directly to the taskbar, so you can start messaging, call or compose an email just with one click.

Using this option, the People bar can be hidden.

Hide Lock

This option which is present under Switch Account, locks the computer but keep all the user's programs running. Hide the Lock feature through this setting.

Hide Hibernate

Hibernate option which is present in Start > Power, saves the current state of your PC—open programs and documents—to your hard disk and then turns off your PC. This feature can be hidden using Hide Hibernate settings.

Hide Sleep

Sleep feature present in Start > Power puts your system into a low-power state and turning off your display when you're not using it. Use this setting to Hide Sleep setting.

Hide Restart

This restarts your system. Use this setting to hide Restart

Hide Power Options

Hide all the power options present in Start menu, with this setting.

Hide Shutdown

The Shutdown feature which shuts down your system, can be hidden using this option.

Allow End Task

Allow or disallow End Task feature in Task Manager.

By default this option is checked.

Display Settings
The settings are supported on Windows 10 Pro and Enterprise Edition
These settings can be configured separately for device plugged in or running on battery

Feature

Description

Configure Display Off Timeout

Display off timeout is the amount of minutes Windows will wait idle with no activity while on the lock screen, before timing out and automatically turning off the display.

Configure the duration after which the display should timeout, through this setting

Configure Hibernate Timeout

Specify the duration of time after sleep that the system automatically wakes and enters hibernation.

Configure Unattended Sleep Timeout

The System unattended sleep timeout power setting is the idle timeout before the system returns to a low power sleep state after waking unattended. Specify a period of time before the system automatically enters sleep after waking from sleep in an unattended state.

Allow Stand By Device Sleep

Control your device's stand by behavior by choosing one of the options:

  • User Control - Default option
  • Enabled - If Enabled, the configure stand by timeout is active where you can configure the standby timeout duration
  • Disabled - Disables stand by mode

Choose Lid Close Behavior

Select what the behavior should be when system lid is closed

Choose Sleep Button Behavior

Select what the behavior should be when Sleep button is pressed

Choose Power Button Behavior

Select what the behavior should be when Power button is pressed

For Lid Close, Sleep button and Power button behaviours, following options are available to choose from:
- User Control
- Take No Action
- Sleep
- Hibernate
- Shut Down

Folder Settings

These settings let admin control the following folders from start layout, that is, whether they should be pinned or disabled from the Start menu:

  • File Explorer
  • Documents
  • Downloads
  • Music
  • Videos
  • Pictures
  • Personal
  • Network
  • Settings

For the above folders, following options are available to choose from:

  • User Control - Selected by default. This lets user control the behavior of a folder
  • Show - Shows the folder
  • Hide - Hides the folder

Scalefusion Sync Interval

Here you can select the frequency in which Scalefusion syncs and updates the Device Info. The frequency levels can be:

  • 15 minutes
  • 30 minutes
  • 1 hour
  • 2 hours
Enable Broadcast Messages View

Enable this to be able to send one-way messages to managed Windows devices.

With having this setting enabled IT admins can send Broadcast messages to Windows devices from Utilities > Broadcast Messages section on Dashboard.

Important Points:

  • Scalefusion MDM Agent version 2.0.0 should be installed on devices
  • Broadcast messages can also be sent over to devices which have apps set as whitelisted or the devices are set up in kiosk mode.

The applications and Services which admin can allow / restrict on managed devices.

  • Camera
  • Cortana
  • Microsoft account Connection
  • Add Non Microsoft Accounts
  • Sync Settings across Devices
  • Reset Device
  • Developer Unlock
  • Location Services

For Developer Unlock and Location Services, following are the settings to choose from:

  • Allow
  • Deny
  • None

Edge Browser

These are for the legacy Microsoft Edge. For the settings to take effect, Microsoft Edge needs to be restarted.

Feature

Description

Supported on

Cookie Policy

Choose a cookie Policy for Microsoft Edge. You can either allow the user to control or define strict policy for cookies.

Win 10 Pro

Win 10 Enterprise

Start Page URL

Specify a start URL that will be launched whenever the Edge browser is opened.

Win 10 Pro

Win 10 Enterprise

Auto Fill

Allow: Forces the autofill featureRestrict: Prevents using Autofill.User-Control: Lets  users choose to use the Autofill feature to populate the form fields automatically.

Win 10 Pro

Win 10 Enterprise

Pop Ups

Allow: Force pop-ups on all sites and turn off Pop-up blocker.

Restrict: Turn-on Pop-up Blocker which will block all the pop-ups.

User-Control: Let users control the Pop-up blocker.

Win 10 Pro

Win 10 Enterprise

Address Bar Dropdown

Allow:  Let Edge shows the address bar drop down list.Restrict: Minimizes network connections from Edge to Microsoft service, and hide the functionality of the Address bar drop-down list. It also disables the Show search and site suggestions as I type toggle in Settings.

Win 10 Pro

Win 10 Enterprise

Browser Extension

Allow: Let users to add or personalize extensions in Edge.Restrict: Prevent users from adding or personalizing extensions.

Win 10 Pro

Win 10 Enterprise

Clear Browsing history on Close

Allow: Clear the browsing history on exit.Restrict: Do not clear the browsing history on exit.User-Control: Let users configure the setting.

Win 10 Pro

Win 10 Enterprise

Allow accessing “about:flags”

Allow:  Lets users access the about:flags page in Edge, which is used to change developer settings and enable experimental features. ChooseRestrict: Prevents users from accessing the about:flags page.

Win 10 Pro

Win 10 Enterprise

Allow Flash

Allow: Allow Adobe flash to run.Restrict: Prevent Adobe flash to run.User-Control: Let users control on a per-site basis.

Win 10 Pro

Win 10 Enterprise

Autorun Flash

Allow: If Adobe flash is allowed then auto-run the flash files.Restrict:  If Adobe flash is allowed then prevent flash files from auto-running

Win 10 Pro

Win 10 Enterprise

Developer Tools

Allow: Allow users to use the F12 key and view the developer tools.Restrict: Prevent users to use the F12 key and view the developer tools.

Win 10 Pro

Win 10 Enterprise

In-Private Browsing

Allow: Allow in-private browsing.Restrict: Prevent in-private browsing.User-Control: Same as Allow

Win 10 Pro

Win 10 Enterprise

Save Passwords Locally

Allow: Lets Edge use Password manager to store passwords locally.Restrict: Prevent Edge from storing passwords locally.User-Control: Let users control when to save passwords locally.

Win 10 Pro

Win 10 Enterprise

Search suggestions in Address bar

Allow: Show search suggestions

Restrict: Block search suggestionsUser-Control: Let user control the search suggestion behaviour.

Win 10 Pro

Win 10 Enterprise

Force Fraudulent Website Warning

Allow: Force Windows Defender Smartscreen protection to prevent potential threats and prevent users from turning it off.Restrict: Turn off Windows Defender Smartscreen protection, leaves the user vulnerable to potential threats.User-Control: Let users choose if they want to use Windows Defender Smartscreen protection.

Win 10 Pro

Win 10 Enterprise

Override Fraudulent Websites warning

Allow: Let user’s ignore the warning and proceed to the site.Restrict: Does not allow users to ignore the warning and proceed to the site.User-Control: Same as allow..

Win 10 Pro

Win 10 Enterprise

Override malicious file warning

Allow: Allow users to download a potential malicious file or files from unverified sources.Restrict: Restrict users to download a potential malicious file or files from unverified sources.User-Control:Same as allow.

Win 10 Pro

Win 10 Enterprise

Allow "Do Not Track" request

Allow: Force Edge to send tracking information.Restrict: Prevent Edge from send tracking information.User-Control: Users can choose to send tracking information to sites they visit.

Win 10 Pro

Win 10 Enterprise

Once you have configured the various settings, click on UPDATE PROFILE. For further steps like applying a device profile to Windows 10 devices, please visit the document Windows Device Profile


How did we do?


Powered by HelpDocs (opens in a new tab)