Use custom settings for Windows 10/11 client devices in Intune
Intune may support more settings than the settings listed in this article. Not all settings are documented, and won’t be documented. To see the settings you can configure, create a device configuration profile, and select Settings Catalog. For more information, see Settings catalog.
This article describes some of the different custom settings you can control on Windows client devices. As part of your mobile device management (MDM) solution, use these settings to configure settings that aren't built-in to Intune.
For more information on custom profiles, see Create a profile with custom settings.
These settings are added to a device configuration profile in Intune, and then assigned or deployed to your Windows client devices.
This feature applies to:
- Windows 11
- Windows 10
Windows client custom profiles use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure different features. These settings are typically used by mobile device manufacturers to control features on the device.
Windows client makes many Configuration Service Provider (CSP) settings available, such as Policy Configuration Service Provider (Policy CSP).
If you're looking for a specific setting, remember that the Windows 10/11 device restriction profile includes many built-in settings. So, you may not need to enter custom values.
Before you begin
Add: Enter the following settings:
Name: Enter a unique name for the OMA-URI setting to help you identify it in the list of settings.
Description: Enter a description that gives an overview of the setting, and any other important details.
OMA-URI (case sensitive): Enter the OMA-URI you want to use as a setting.
Data type: Select the data type you'll use for this OMA-URI setting. Your options:
- Base64 (file)
- String (XML file)
- Date and time
- Floating point
Value: Enter the data value you want to associate with the OMA-URI you entered. The value depends on the data type you selected. For example, if you select Date and time, select the value from a date picker.
After you add some settings, you can select Export. Export creates a list of all the values you added in a comma-separated values (.csv) file.
Find the policies you can configure
There's a complete list of all configuration service providers (CSPs) that Windows client supports in the Configuration service provider reference.
Not all settings are compatible with all Windows client versions. Configuration service provider reference tells you which versions are supported for each CSP.
Additionally, Intune doesn't support all the settings listed in Configuration service provider reference. To find out if Intune supports the setting you want, open the article for that setting. Each setting page shows its supported operation. To work with Intune, the setting must support the Add, Replace, and Get operations. If the value returned by the Get operation doesn't match the value supplied by the Add or Replace operations, then Intune reports a compliance error.
For settings that were created by using a string, base64, or XML data type, the stored value is obscured. If the user who is accessing the value has any of the following permissions or roles, they can see the value:
- Create, Read, and Update permissions in a Microsoft Endpoint Manager role-based access control (RBAC) role.
- Intune Service Administrator.
- Global Administrator Azure Active Directory role.
For more information, see RBAC with Microsoft Intune.