Create a device profile in Microsoft Intune
Devices profiles allow you to add and configure settings, and then push these settings to devices in your organization. Apply features and settings on your devices using device profiles goes into more detail, including what you can do.
- Lists the steps to create a profile.
- Shows you how to add a scope tag to "filter" the profile.
- Lists the check-in refresh cycle times when devices receive profiles and any profile updates.
Create the profile
In the Azure portal, select All Services > filter on Intune > select Intune.
Select Device configuration. You have the following options:
- Overview: Lists the status of your profiles, and provides additional details on the profiles you assigned to users and devices.
- Manage: Create device profiles, upload custom PowerShell scripts to run within the profile, and add data plans to devices using eSIM.
- Monitor: Check the status of a profile for success or failure, and also view logs on your profiles.
- Setup: Add a SCEP or PFX certificate authority, or enable Telecom Expense Management in the profile.
Select Profiles > Create Profile. Enter the following properties:
Name: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is WP email profile for entire company.
Description: Enter a description for the profile. This setting is optional, but recommended.
Platform: Choose the platform of your devices. Your options:
- Android enterprise
- Windows Phone 8.1
- Windows 8.1 and later
- Windows 10 and later
Profile type: Select the type of settings you want to create. The list shown depends on the platform you choose.
Settings: The following articles describe the settings for each profile type:
- Administrative templates
- Delivery optimization
- Device features
- Device restrictions
- Edition upgrade and mode switch
- Endpoint protection
- Identity protection
- PKCS certificate
- SCEP certificate
- Trusted certificate
- Update policies
- Windows Defender ATP
- Windows Information Protection
For example, if you select iOS for the platform, your profile type options look similar to the following profile:
When finished, select OK > Create to save your changes. The profile is created, and shown in the list.
After you add the settings, you can also add a scope tag to the profile. Scope tags assign and filter policies to specific groups, such as HR or All US-NC employees.
For more information about scope tags, and what you can do, see Use RBAC and scope tags for distributed IT.
Add a scope tag
- Select Scope (Tags).
- Select Add to create a new scope tag. Or, select an existing scope tag from the list.
- Select OK to save your changes.
Refresh cycle times
Intune uses the following refresh cycles to check for updates to configuration profiles:
|iOS||Every 6 hours|
|macOS||Every 6 hours|
|Android||Every 8 hours|
|Windows 10 PCs enrolled as devices||Every 8 hours|
|Windows Phone||Every 8 hours|
|Windows 8.1||Every 8 hours|
If the device recently enrolled, the check-in runs more frequently:
|iOS||Every 15 minutes for 6 hours, and then every 6 hours|
|macOS||Every 15 minutes for 6 hours, and then every 6 hours|
|Android||Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then every 8 hours|
|Windows 10 PCs enrolled as devices||Every 3 minutes for 30 minutes, and then every 8 hours|
|Windows Phone||Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then every 8 hours|
|Windows 8.1||Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then every 8 hours|
At any time, users can open the Company Portal app, and sync the device to immediately check for profile updates.
Send feedback about: