Windows Profile Settings
Settings section in Device Profile, lets IT Admins configure additional settings which can then be applied to managed Windows devices. This document briefs all the Settings that can be configured in a Windows Device Profile.
Before You Begin
- Windows Device Profile should be created on Scalefusion Dashboard. To create a windows device profile, please visit Windows Device Profile
Settings
- Create a new Windows Device Profile or edit an existing one and click on Settings tab (last one)
- All Settings can be accessed by clicking on the headings on the left bar.
These are described below:
Kiosk App
Use this option to set an application to run always and set the Windows Device in Kiosk app mode. Please refer to our help document here.
Branding
Branding allows you to apply a home and/or lock screen wallpaper to your enterprise devices.
Feature | Description | Supported on |
Home & Lock Screen Wallpaper | You can create a custom branding under Device Profiles & Policies > Branding section and then apply it in Device Profile. You will be able to select branding that is compatible with Windows. | Win 10 Pro Win 10 Enterprise |
Wifi & Network
Wifi & Network
Feature | Description | Supported on |
Allow Device to connect Wifi | Choose to allow or restrict users to connect to Wifi. | Win 10 Pro Win 10 Enterprise |
Auto Configuring a Wifi | If you have created a Wifi configuration, then you can apply it to a Device Profile. | Win 10 Pro Win 10 Enterprise |
Allow users to configure Wifi | Use this option to allow/deny the end users to configure new Wifi connection on device. | Win 10 Pro Win 10 Enterprise |
Allow Auto Connect to WifiSense | Control if Wifi Sense should be used and connect automatically to shared networks or not. | Win 10 Pro Win 10 Enterprise |
Allow VPN Connections | Control if user is allowed to connect to VPN connections | Win 10 Pro Win 10 Enterprise |
Allow VPN usage on Cellular Data | Control if cellular data should be used to connect to VPN connections | Win 10 Pro Win 10 Enterprise |
Allow VPN roaming on Cellular Data | Control if VPN should be allowed on roaming Cellular data. | Win 10 Pro Win 10 Enterprise |
VPN
Scalefusion provides the necessary mechanisms to remotely configure the VPN and publish to the Windows devices managed by Scalefusion. To learn about the VPN settings, please visit this document
Configure Settings App
Under Configure Settings App IT Admins can control the Settings app granularly. That is within Settings app they can choose which options to show or hide. Each section can be completely hidden or part of it can be hidden.
To configure:
- Toggle on the Setting Configure Settings Options. Only then rest of the settings will get enabled.
- Once you set Configure Settings Options to ON, choose one of the following options:
- Show Selected Settings: Shows the selected applications and items underneath, in the Settings app
- Hide Selected Settings: Hides the selected applications and items underneath, in the Settings app
- The applications and settings are listed as follows. Select the ones which you want to show/hide on the managed devices.To select all, check the box on the right of the Setting's name
- Accounts
- Apps
- Cortana
- Devices
- Ease of access
- Extras
- Gaming
- Home page
- Mixed reality
- Network and internet
- Personalization
- Privacy
- Surface Hub
- System
- Time and language
- Update and security
- User accounts
Email & Exchange
From here, you can configure Exchange ActiveSync settings for your profile.
Feature
Description
Supported on
Exchange Settings
Select the Exchange Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.
Win 10 Pro
Win 10 Enterprise
Email Settings
Select the Email Configuration(s) that you have created in Windows Utilities section so that they will be published to the devices in this Profile.
Win 10 Pro
Win 10 Enterprise
Security Settings
With these policies you can secure your Windows devices
Setting | Description |
Bitlocker | BitLocker is Microsoft’s built-in full volume encryption feature which is designed to protect data by providing encryption for the hard disk volumes. To configure BitLocker settings and apply these settings to the Windows 10 managed devices, click here. |
Data Protection | Scalefusion helps you protect enterprise data on managed Windows 10 devices by providing Windows Information Protection policies or Enterprise Data Protection policies as they were earlier called. To know more about creating a Windows Information Protection Policy, click here |
Windows Hello | Windows Hello for Business lets users access their device(s) using a PIN or Biometric authentication. To learn more about how Windows Hello settings can be configured and applied onto end user's devices, please click here. |
Windows Defender | Microsoft's Windows Defender, now known as Microsoft Defender Antivirus provides real-time protection of Windows devices against software threats like viruses, malware, and spyware across email, apps, cloud, and the web. To configure Windows Defender policies, please click here. |
Windows Updates
Scalefusion lets the IT Admins configure the OS update policy on the managed Windows 10 devices so that they can ensure that the rollouts are controlled. To learn about the various policies on offer around OS updates, please visit here.
Certificates
All the certificates configured via Device Profiles & Policies > Certificate Management are listed here and admin can select the ones that have to be associated with this Device profile.
Custom Settings
By using the Custom Settings feature, IT Admins can use a top-notch XML editor and push a CSP directly to the devices. To understand how to configure and push a custom settings payload to the device, please click here.
Policy Targets
Certain policies can be applied at Device level that is for all users or only the enrolled user. There may be cases where you want to block Google Chrome browsing only for the enrolled user and not other users. This is possible for supported policies by choosing a Policy Target between Device or Enrolled User. The supported policies are as below,
- Allowed Websites
- Chrome/Edge Configurations
- VPN Policy
- Settings App Policies
Select target (Device or enrolled user) from the drop-down on which you want to apply the target.
General Settings
General Settings: The settings can be configured under following heads:
- System Settings
- Start Layout Settings
- Display Settings
- Folder Settings
- Application Settings
- Scalefusion Sync Interval
- Enable Broadcast Messages View
- Security & Search
System Settings
Feature
Description
Supported on
Allow USB Connections & SD Card
Use this setting to allow or restrict USB connections and external storage card.
Win 10 Pro
Win 10 Enterprise
Microsoft Feedback Notifications
Use this setting to enable or disable Microsoft feedback notifications.
Win 10 Pro
Win 10 Enterprise
Modify Data & Time
Use this setting to allow or restrict users from changing the device date & time.Note: There is a workaround where users can launch the legacy Date & Time dialog and change the settings.
Win 10 Pro
Win 10 Enterprise
Allow Bluetooth
Use this setting to allow or restrict bluetooth connections from the device.
Win 10 Pro
Win 10 Enterprise
Allow Bluetooth Pre-pairing
Enable this setting to automatically pair with devices that were previously connected.
Win 10 Pro
Win 10 Enterprise
Allow Bluetooth Services Advertisement
Control the bluetooth services advertisement behaviour.
Win 10 Pro
Win 10 Enterprise
Install Non-Store Apps
Allow or Restrict users to install/sideload applications from unknown sources.
Win 10 Pro
Win 10 Enterprise
Store App Data in Device Memory
Force the applications to store the data in device memory.
Win 10 Pro
Win 10 Enterprise
Install Apps in Device Memory
Force the applications to be installed in Device memory..
Win 10 Pro
Win 10 Enterprise
Scalefusion Sync Interval
Select an interval on how often should ScaleFusion poll for Device Info. This polling helps in,1. Updating the device Location.2. Updating the Inactivity time.3. Syncing the latest policies.4. Getting vital Device Information
Start Layout Settings
The settings are supported on Windows 10 Pro and Enterprise Edition
Feature | Description |
Hide Switch Account | Use this setting to hide Switch user account option that is present on the left side of the Start menu |
Hide Sign out | Use this setting to hide the Sign Out button that is present on the left side of the Start menu, under the Accounts icon (or picture) |
Hide User tile | Tiling enables users to view each of their open programs or windows within a program simultaneously, rather than having to switch back and forth. Use this setting to hide start menu tiles for all users |
Hide Change Account Settings | Accounts Settings allows you to manage your Microsoft Account, set your user picture, change sign-in options, change password, change PIN, connect your PC to work or school etc. It is present on the left side of the Start menu. Use this setting to hide Change Account Settings option |
Hide People Bar | The People feature adds a special icon to the notification area of your taskbar and allows pinning your contacts directly to the taskbar, so you can start messaging, call or compose an email just with one click. Using this option, the People bar can be hidden. |
Hide Lock | This option which is present under Switch Account, locks the computer but keep all the user's programs running. Hide the Lock feature through this setting. |
Hide Hibernate | Hibernate option which is present in Start > Power, saves the current state of your PC—open programs and documents—to your hard disk and then turns off your PC. This feature can be hidden using Hide Hibernate settings. |
Hide Sleep | Sleep feature present in Start > Power puts your system into a low-power state and turning off your display when you're not using it. Use this setting to Hide Sleep setting. |
Hide Restart | This restarts your system. Use this setting to hide Restart |
Hide Power Options | Hide all the power options present in Start menu, with this setting. |
Hide Shutdown | The Shutdown feature which shuts down your system, can be hidden using this option. |
Allow End Task | Allow or disallow End Task feature in Task Manager. By default this option is checked. |
Display Settings
These settings can be configured separately for device plugged in or running on battery
Feature | Description |
Configure Display Off Timeout | Display off timeout is the amount of minutes Windows will wait idle with no activity while on the lock screen, before timing out and automatically turning off the display. Configure the duration after which the display should timeout, through this setting |
Configure Hibernate Timeout | Specify the duration of time after sleep that the system automatically wakes and enters hibernation. |
Configure Unattended Sleep Timeout | The System unattended sleep timeout power setting is the idle timeout before the system returns to a low power sleep state after waking unattended. Specify a period of time before the system automatically enters sleep after waking from sleep in an unattended state. |
Allow Stand By Device Sleep | Control your device's stand by behavior by choosing one of the options:
|
Choose Lid Close Behavior | Select what the behavior should be when system lid is closed |
Choose Sleep Button Behavior | Select what the behavior should be when Sleep button is pressed |
Choose Power Button Behavior | Select what the behavior should be when Power button is pressed |
- User Control
- Take No Action
- Sleep
- Hibernate
- Shut Down
Folder Settings
These settings let admin control the following folders from start layout, that is, whether they should be pinned or disabled from the Start menu:
- File Explorer
- Documents
- Downloads
- Music
- Videos
- Pictures
- Personal
- Network
- Settings
For the above folders, following options are available to choose from:
- User Control - Selected by default. This lets user control the behavior of a folder
- Show - Shows the folder
- Hide - Hides the folder
Security & Search
The applications and Services which admin can allow / restrict on managed devices.
- Camera
- Cortana
- Microsoft account Connection
- Add Non Microsoft Accounts
- Sync Settings across Devices
- Reset Device
- Developer Unlock
- Location Services
For Developer Unlock and Location Services, following are the settings to choose from:
- Allow
- Deny
- None
Edge Browser
Feature | Description | Supported on |
Cookie Policy | Choose a cookie Policy for Microsoft Edge. You can either allow the user to control or define strict policy for cookies. | Win 10 Pro Win 10 Enterprise |
Start Page URL | Specify a start URL that will be launched whenever the Edge browser is opened. | Win 10 Pro Win 10 Enterprise |
Auto Fill | Allow: Forces the autofill featureRestrict: Prevents using Autofill.User-Control: Lets users choose to use the Autofill feature to populate the form fields automatically. | Win 10 Pro Win 10 Enterprise |
Pop Ups | Allow: Force pop-ups on all sites and turn off Pop-up blocker. Restrict: Turn-on Pop-up Blocker which will block all the pop-ups. User-Control: Let users control the Pop-up blocker. | Win 10 Pro Win 10 Enterprise |
Address Bar Dropdown | Allow: Let Edge shows the address bar drop down list.Restrict: Minimizes network connections from Edge to Microsoft service, and hide the functionality of the Address bar drop-down list. It also disables the Show search and site suggestions as I type toggle in Settings. | Win 10 Pro Win 10 Enterprise |
Browser Extension | Allow: Let users to add or personalize extensions in Edge.Restrict: Prevent users from adding or personalizing extensions. | Win 10 Pro Win 10 Enterprise |
Clear Browsing history on Close | Allow: Clear the browsing history on exit.Restrict: Do not clear the browsing history on exit.User-Control: Let users configure the setting. | Win 10 Pro Win 10 Enterprise |
Allow accessing “about:flags” | Allow: Lets users access the about:flags page in Edge, which is used to change developer settings and enable experimental features. ChooseRestrict: Prevents users from accessing the about:flags page. | Win 10 Pro Win 10 Enterprise |
Allow Flash | Allow: Allow Adobe flash to run.Restrict: Prevent Adobe flash to run.User-Control: Let users control on a per-site basis. | Win 10 Pro Win 10 Enterprise |
Autorun Flash | Allow: If Adobe flash is allowed then auto-run the flash files.Restrict: If Adobe flash is allowed then prevent flash files from auto-running | Win 10 Pro Win 10 Enterprise |
Developer Tools | Allow: Allow users to use the F12 key and view the developer tools.Restrict: Prevent users to use the F12 key and view the developer tools. | Win 10 Pro Win 10 Enterprise |
In-Private Browsing | Allow: Allow in-private browsing.Restrict: Prevent in-private browsing.User-Control: Same as Allow | Win 10 Pro Win 10 Enterprise |
Save Passwords Locally | Allow: Lets Edge use Password manager to store passwords locally.Restrict: Prevent Edge from storing passwords locally.User-Control: Let users control when to save passwords locally. | Win 10 Pro Win 10 Enterprise |
Search suggestions in Address bar | Allow: Show search suggestions Restrict: Block search suggestionsUser-Control: Let user control the search suggestion behaviour. | Win 10 Pro Win 10 Enterprise |
Force Fraudulent Website Warning | Allow: Force Windows Defender Smartscreen protection to prevent potential threats and prevent users from turning it off.Restrict: Turn off Windows Defender Smartscreen protection, leaves the user vulnerable to potential threats.User-Control: Let users choose if they want to use Windows Defender Smartscreen protection. | Win 10 Pro Win 10 Enterprise |
Override Fraudulent Websites warning | Allow: Let user’s ignore the warning and proceed to the site.Restrict: Does not allow users to ignore the warning and proceed to the site.User-Control: Same as allow.. | Win 10 Pro Win 10 Enterprise |
Override malicious file warning | Allow: Allow users to download a potential malicious file or files from unverified sources.Restrict: Restrict users to download a potential malicious file or files from unverified sources.User-Control:Same as allow. | Win 10 Pro Win 10 Enterprise |
Allow "Do Not Track" request | Allow: Force Edge to send tracking information.Restrict: Prevent Edge from send tracking information.User-Control: Users can choose to send tracking information to sites they visit. | Win 10 Pro Win 10 Enterprise |
Scalefusion Agent Settings
Under this, you can configure settings which will take effect only if Scalefusion MDM agent has been installed on the device.
Setting | Description |
Scalefusion Sync Interval | Select the frequency in which Scalefusion syncs and updates the Device Info. The frequency levels can be:
|
Enable Broadcast Messages View | Enable this to be able to send one-way messages to managed Windows devices. With having this setting enabled IT admins can send Broadcast messages to Windows devices from Utilities > Broadcast Messages section on Dashboard. Broadcast messages can also be sent over to devices which have apps set as allowed or the devices are set up in kiosk mode. |
Remove Local Admin Privileges for Enrolled User | Enabling this setting removes admin privileges for the enrolled user and makes the user a standard user with no admin rights. The enrolled user cannot perform any of the admin actions then. This is an irreversible action. Once the user account is downgraded it cannot be revoked. Therefore, it is recommended to create an admin account first from Utilities > Global Settings > Windows Settings Scalefusion MDM agent v5.0.0 or above should be installed on device
|
USB Peripheral Settings | Check the following USB device types if you want to block the user from connecting and using them:
|
Once you have configured the settings, click on UPDATE PROFILE. For further steps like applying a device profile to Windows 10 devices, please visit the document Windows Device Profile
