What are Microsoft Intune device profiles?

Microsoft Intune includes settings and features that you can enable or disable on different devices within your organization. These settings and features are managed using profiles. Some profile examples include:

  • A WiFi profile that gives different devices access to your corporate WiFi
  • A VPN profile that gives different devices access to your VPN server within your corporate network

This article provides an overview of the different profiles you can create for your devices. Use these profiles to allow and or prevent some features on the devices.

Before you begin

To see the available features, open the Azure portal, and open your Intune resource.

Device configuration includes the following options:

  • Overview: Lists the status of your profiles, and provides additional details on the profiles you assigned to users and devices
  • Manage: Create device profiles, and upload custom PowerShell scripts to run within the profile
  • Monitor: Check the status of a profile for success or failure, and also view logs on your profiles
  • Setup: Add a certificate authority (SCEP or PFX), or enable Telecom Expense Management to the profile

Create the profile

Create device profiles provides step-by-step guidance to create a profile.

Device features - iOS and macOS

Device features controls features on iOS and macOS devices, such as AirPrint, notifications, and shared device configurations.

This feature supports:

  • iOS
  • macOS

Device restrictions

Device restrictions controls security, hardware, data sharing, and more settings on the devices. For example, create a device restriction profile that prevents iOS device users from using the device camera.

This feature supports:

  • Android
  • iOS
  • macOS
  • Windows 10
  • Windows 10 Team

Endpoint protection

Endpoint protection settings for Windows 10 configures BitLocker and Windows Defender settings for Windows 10 devices.

To onboard Windows Defender Advanced Threat Protection (WDATP) with Microsoft Intune, see Configure endpoints using Mobile Device Management (MDM) tools.

This feature supports:

  • Windows 10 and later

Kiosk

Kiosk settings profile configures a device to run one app, or run multiple apps. You can also customize other features on your kiosk, including a start menu and a web browser.

This feature supports:

  • Windows 10 and later

Email

Email settings profile creates, assigns, and monitors Exchange ActiveSync email settings on the devices. Email profiles help ensure consistency, reduce support calls, and let end-users access company email on their personal devices, without any required setup on their part.

This feature supports:

  • Android
  • iOS
  • Windows Phone 8.1
  • Windows 10

VPN

VPN settings assigns VPN profiles to users and devices in your organization, so they can easily and securely connect to the network.

Virtual private networks (VPNs) give users secure remote access to your company network. Devices use a VPN connection profile to start a connection with your VPN server.

This feature supports:

  • Android
  • iOS
  • macOS
  • Windows Phone 8.1
  • Windows 8.1
  • Windows 10

Wi-Fi

Wi-Fi settings assigns wireless network settings to users and devices. When you assign a WiFi profile, users get access to your corporate WiFi without having to configure it themselves.

This feature supports:

  • Android
  • iOS
  • macOS
  • Windows 8.1 (import only)

Education

Education settings - Windows 10 configure options for the Windows Take a Test app. When you configure these options, no other apps can run on the device until the test is complete.

Education settings - iOS uses the iOS Classroom app to guide learning, and control student devices in the classroom. You can configure iPad devices to multiple students can share a single device.

Edition upgrade

Windows 10 edition upgrades automatically upgrades devices that run some versions of Windows 10 to a newer edition.

This feature supports:

  • Windows 10 and later

Update policies

iOS update policies shows you how to create and assign iOS policies to install software updates on your iOS devices. You can also review the installation status.

This feature supports:

  • iOS

Certificates

Certificates configures trusted, SCEP, and PKCS certificates that can be assigned to devices, and used to authenticate WiFi, VPN, and email profiles.

This feature supports:

  • Android
  • iOS
  • Windows Phone 8.1
  • Windows 8.1
  • Windows 10

Windows Information Protection profile

Windows Information Protection helps protect against data leakage without interfering with the employee experience. It also helps to protect enterprise apps and data against accidental data leaks on enterprise-owned devices and personal devices that employees use at work. It does this without requiring changes to your environment or other apps.

This feature supports:

  • Windows 10 and later

Custom profile

Custom settings includes the ability to assign device settings that are not built-into Intune. For example, on Android devices, you can enter OMA-URI values. For iOS devices, you can import a configuration file you created in the Apple Configurator.

This feature supports:

  • Android
  • iOS
  • macOS
  • Windows Phone 8.1

Manage and troubleshoot

Manage your profiles to check the status of devices, and the profiles assigned. Also help resolve conflicts by seeing the settings that cause a conflict, and the profiles that contains these settings. Common issues and resolutions provides a Q&A list to help work with profiles, including what happens when a profile is deleted, what causes notifications to be sent to devices, and more.