Intune Device Configuration Profiles: Complete Guide

Device configuration profiles in Microsoft Intune allow you to configure settings, features, and policies on your managed devices. These profiles enable you to control device behavior, security settings, and user experience across Windows, iOS/iPadOS, Android, and macOS platforms.

Understanding Device Configuration Profiles

Device configuration profiles in Intune are templates that contain settings you want to apply to devices. You can create profiles using templates or the settings catalog, depending on your platform and requirements.

Profile Types

Intune supports two main profile types:

1. Templates: Pre-configured groups of settings for specific features (Email, VPN, Wi-Fi, etc.)
2. Settings Catalog: Complete list of all available settings for a platform

For an overview, see Apply features and settings on your devices using device profiles in Microsoft Intune.

Creating Device Configuration Profiles

Step 1: Access Configuration Profiles

1. Sign in to the Microsoft Intune admin center
2. Navigate to Devices > Manage devices > Configuration
3. Select Create > New policy

Step 2: Select Platform

Choose the platform:

• Android device administrator
• Android (AOSP)
• Android Enterprise
• iOS/iPadOS
• macOS
• Windows 10 and later
• Windows 8.1 and later

Step 3: Choose Profile Type

Depending on the platform, choose:

Templates - Pre-configured settings groups:

• Administrative templates
• Custom (OMA-URI)
• Delivery Optimization
• Device features
• Device restrictions
• Email
• Endpoint protection
• Kiosk
• VPN
• Wi-Fi
• And more...

Settings Catalog - All available settings:

• Search and filter settings
• Configure individual settings
• Available for Windows, macOS, iOS/iPadOS, and Android Enterprise

For Windows, see Use the settings catalog to configure settings on Windows and macOS devices.

Step 4: Configure Basics

1. Name: Enter a descriptive name
2. Description: Optional description
3. Select Next

Step 5: Configure Settings

Configure the settings based on your chosen template or settings catalog:

For Templates:

• Expand setting categories
• Configure individual settings
• Review default values
• Customize as needed

For Settings Catalog:

• Search for specific settings
• Filter by category
• Configure settings individually
• Review setting descriptions

Step 6: Assign Scope Tags (Optional)

1. Select + Select scope tags
2. Choose scope tags to organize profiles
3. Select Next

Step 7: Assign to Groups

1. Select + Select groups to include
2. Choose user or device groups
3. Optionally exclude specific groups
4. Select Next

Best Practice: Use device groups for device-specific settings and user groups for user-specific settings.

Step 8: Review and Create

1. Review all settings
2. Select Create to save the profile

For step-by-step guidance, see Create a device configuration profile in Microsoft Intune.

Common Profile Types

Administrative Templates

Administrative templates provide Group Policy-like settings for Windows and macOS:

Windows:

• Control Panel settings
• Windows Components
• System settings
• Network settings

macOS:

• System Preferences
• Application settings
• Security settings

For details, see Use administrative templates in Intune.

Settings Catalog

The settings catalog provides access to all available settings:

Windows Settings Catalog includes:

• Microsoft Edge settings
• OneDrive settings
• Office settings
• Windows Update settings
• And hundreds more

Benefits:

• Search and filter capabilities
• Detailed setting descriptions
• Similar to Group Policy experience
• 100% cloud-based

Wi-Fi Profiles

Configure Wi-Fi network access:

1. Network name (SSID): Network identifier
2. Security type: WPA2, WPA3, Enterprise, etc.
3. Authentication method: Certificate, username/password
4. Proxy settings: Configure proxy if needed

For Windows, see Configure Wi-Fi settings for Windows devices in Intune.

VPN Profiles

Configure VPN connections:

1. Connection name: VPN connection identifier
2. VPN type: IKEv2, IPsec, PPTP, etc.
3. Server address: VPN server FQDN or IP
4. Authentication: Certificate, username/password

For Windows, see Configure VPN settings for Windows devices in Intune.

Email Profiles

Configure email access:

1. Email server: Exchange server address
2. Account name: Display name for email account
3. Username: Email address or UPN
4. Authentication: Certificate or password

For Windows, see Configure email settings for Windows devices in Intune.

Endpoint Protection

Configure security settings:

• Windows Defender: Antivirus settings
• Firewall: Firewall rules and configuration
• BitLocker: Encryption settings
• App Control: Application restrictions

For Windows, see Add Endpoint protection settings in Intune.

Monitoring Device Configuration Profiles

View Profile Status

1. Go to Devices > Manage devices > Configuration
2. Select a profile
3. Review Device and user check-in status

Status Types

• Succeeded: Profile applied successfully
• Error: Profile failed to apply
• Conflict: Conflicting settings detected
• Pending: Device hasn't checked in yet
• Not applicable: Setting doesn't apply to device

Per-Setting Status

View compliance for individual settings:

1. Select a profile
2. Go to Device and user check-in status
3. Select Per setting status
4. Review individual setting compliance

For monitoring guidance, see View and monitor device configuration policies in Microsoft Intune.

Best Practices

1. Use Descriptive Names

Name profiles clearly:

• Include platform (e.g., "Windows -")
• Include purpose (e.g., "Wi-Fi Profile")
• Include scope (e.g., "All Devices")

2. Test Before Broad Deployment

• Deploy to pilot groups first
• Monitor profile status
• Verify settings apply correctly
• Adjust as needed before broader deployment

3. Avoid Conflicts

• Review all assigned profiles
• Check for overlapping settings
• Understand conflict resolution
• Use scope tags to organize

4. Use Scope Tags

Organize profiles by:

• Department
• Geographic location
• Device type
• Security tier

5. Document Settings

• Document profile purpose
• Record assigned groups
• Note any exceptions
• Maintain change history

Troubleshooting

Common Issues

1. Profile Not Applying

   • Verify device enrollment
   • Check device check-in status
   • Review profile assignments
   • Ensure device meets requirements

2. Settings Conflicts

   • Review all assigned profiles
   • Check for conflicting settings
   • Understand conflict resolution rules
   • Resolve conflicts by adjusting profiles

3. Settings Not Working as Expected

   • Verify setting compatibility
   • Check platform requirements
   • Review setting documentation
   • Test with different configurations

Using Troubleshoot Pane

Use Intune's built-in troubleshooting:

1. Go to Troubleshooting + support > Troubleshoot
2. Select user having issues
3. Review device configuration status
4. Check for conflicts or errors

For troubleshooting guidance, see Troubleshooting policies and profiles in Microsoft Intune.

Additional Resources

• Create a device configuration profile in Microsoft Intune
• Apply features and settings on your devices using device profiles in Microsoft Intune
• Use the settings catalog to configure settings on Windows and macOS devices
• View and monitor device configuration policies in Microsoft Intune
• Deployment guide: Manage devices running Windows

Conclusion

Device configuration profiles are essential for managing settings and features across your organization's devices. By following these best practices:

✅ Use descriptive profile names
✅ Test before broad deployment
✅ Avoid setting conflicts
✅ Use scope tags for organization
✅ Monitor profile status regularly

You can effectively configure and manage device settings while maintaining security and user productivity.

Remember: Device configuration profiles work alongside compliance policies. Understand how they interact and resolve conflicts appropriately to ensure consistent device management across your organization.