I’m trying to document Intune Settings Catalog Policies. Let’s see a list of cloud group policies. You can read Step by step guide to create & deploy Intune settings catalog. There are thousands of settings available in the settings catalog. This post covers some parts of settings catalog policies. The best way to find the latest list of policies is from Intune portal.
The ADMX policy templates are also included in settings catalog policies. I recommend using the settings catalog for setting up the configuration profiles for Windows 10/Windows 10 devices. This type of policy is supported for macOS devices as well.
Windows-based settings are based on Windows CSP policies. As the Windows team adds or exposes more CSP settings to MDM providers, these settings are added without much delay to Microsoft Intune for you to configure. More details list of Intune Administrative Template Settings| User | Device.
List of Local Security Policies
You can see the list of local security policies in the following table. You can find more details about the latest policies of the settings catalog.
- Sign in to the Microsoft Endpoint Manager admin center
- Select Devices > Configuration profiles > Create profile.
- Select Windows 10 or later.
- Select Settings catalog (preview).
- Click on Create button.
NOTE! – All the Intune catalog settings policies are not covered in this post. The latest list of policies can be found by searching by clicking on + Add settings from the settings catalog.
| Category of Policies | Intune Settings Catalog Details |
|---|---|
| Local Policies Security | Accounts Block Microsoft Accounts |
| Local Policies Security | Accounts Enable Administrator Account Status |
| Local Policies Security | Accounts Enable Guest Account Status |
| Local Policies Security | Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only |
| Local Policies Security | Accounts Rename Administrator Account |
| Local Policies Security | Accounts Rename Guest Account |
| Local Policies Security | Devices Allow Undock Without Having To Logon |
| Local Policies Security | Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers |
| Local Policies Security | Interactive Logon Display User Information When The Session Is Locked |
| Local Policies Security | Interactive Logon Do Not Display Last Signed In |
| Local Policies Security | Interactive Logon Do Not Display Username At Sign In |
| Local Policies Security | Interactive Logon Do Not Require CTRLALTDEL |
| Local Policies Security | Interactive Logon Machine Inactivity Limit |
| Local Policies Security | Interactive Logon Message Text For Users Attempting To Log On |
| Local Policies Security | Interactive Logon Message Title For Users Attempting To Log On |
| Local Policies Security | Interactive Logon Smart Card Removal Behavior |
| Local Policies Security | Microsoft Network Client Digitally Sign Communications Always |
| Local Policies Security | Microsoft Network Client Digitally Sign Communications If Server Agrees |
| Local Policies Security | Microsoft Network Client Send Unencrypted Password To Third-Party SMB Servers |
| Local Policies Security | Microsoft Network Server Digitally Sign Communications Always |
| Local Policies Security | Microsoft Network Server Digitally Sign Communications If Client Agrees |
| Local Policies Security | Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts |
| Local Policies Security | Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares |
| Local Policies Security | Network Access Restrict Anonymous Access To Named Pipes And Shares |
| Local Policies Security | Network Access Restrict Clients Allowed To Make Remote Calls To SAM |
| Local Policies Security | Network Security Allow PKU2U Authentication Requests |
| Local Policies Security | Network Security Do Not Store LAN Manager Hash Value On Next Password Change |
| Local Policies Security | Network Security LAN Manager Authentication Level |
| Local Policies Security | Network Security Minimum Session Security For NTLMSSP Based Clients |
| Local Policies Security | Network Security Minimum Session Security For NTLMSSP Based Servers |
| Local Policies Security | Shutdown Allow System To Be Shut Down Without Having To Log On |
| Local Policies Security | Shutdown Clear Virtual Memory Page File |
| Local Policies Security | User Account Control Allow UI Access Applications To Prompt For Elevation |
| Local Policies Security | User Account Control Behavior Of The Elevation Prompt For Administrators |
| Local Policies Security | User Account Control Behavior Of The Elevation Prompt For Standard Users |
| Local Policies Security | User Account Control Detect Application Installations And Prompt For Elevation |
| Local Policies Security | User Account Control Only Elevate Executable Files That Are Signed And Validated |
| Local Policies Security | User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations |
| Local Policies Security | User Account Control Run All Administrators In Admin Approval Mode |
| Local Policies Security | User Account Control Switch To The Secure Desktop When Prompting For Elevation |
| Local Policies Security | User Account Control Use Admin Approval Mode |
| Local Policies Security | User Account Control Virtualize File And Registry Write Failures To Per User Locations |
Microsft Access 2016 security policies available in Intune Settings Catalog Policies are listed below the table.
| Microsoft Access 2016 | Intune Settings Catalog Details |
|---|---|
| Application Settings – General | Followed hyperlink color (User) |
| Application Settings – General | Hyperlink color (User) |
| Application Settings – General | Underline hyperlinks (User) |
| Application Settings – International | Cursor movement (User) |
| Application Settings – International | Default direction (User) |
| Application Settings – International | General Alignment (User) |
| Security – Cryptography | Configure CNG cipher chaining mode (User) |
| Security – Cryptography | Set CNG cipher algorithm (User) |
| Security – Cryptography | Set CNG cipher key length (User) |
| Security – Cryptography | Set CNG password spin count (User) |
| Security – Cryptography | Set parameters for CNG context (User) |
| Security – Cryptography | Specify CNG hash algorithm (User) |
| Security – Cryptography | Specify CNG random number generator algorithm (User) |
| Security – Cryptography | Specify CNG salt length (User) |
| Security – Cryptography | Specify encryption compatibility (User) |
| Trust Center – Trusted Locations | Allow Trusted Locations on the network (User) |
| Trust Center – Trusted Locations | Disable all trusted locations (User) |
| Trust Center – Trusted Locations | Trusted Location #1 (User) |
| Predefined | Disable commands (User) |
| Predefined | Disable shortcut keys (User) |
| Workgroup Administrator | Path to shared Workgroup information file for secured MDB files (User) |
Firewall Policies
The list of firewall policies available as part of Intune Settings Catalog Policies is listed down.
| Category of Policy | Intune Settings Catalog Details |
|---|---|
| Firewall | Firewall Rule Name |
| Firewall | Certificate revocation list verification |
| Firewall | Disable Stateful Ftp |
| Firewall | Enable Domain Network Firewall |
| Firewall | Enable Packet Queue |
| Firewall | Enable Private Network Firewall |
| Firewall | Enable Public Network Firewall |
| Firewall | IPsec Exceptions |
| Firewall | Opportunistically Match Auth Set Per KM |
| Firewall | Preshared Key Encoding |
| Firewall | Security association idle time |
| Games | Allow Advanced Gaming Services |
| Handwriting | Panel Default Mode Docked |
| Kerberos | UPN Name Hints |
| Kios Browser | Blocked Url Exceptions |
| Kios Browser | Blocked Url Exceptions (User) |
| Kios Browser | Blocked Urls |
| Kios Browser | Blocked Urls (User) |
| Kios Browser | Default URL |
| Kios Browser | Default URL (User) |
| Kios Browser | Enable End Session Button |
| Kios Browser | Enable End Session Button (User) |
| Kios Browser | Enable Home Button |
| Kios Browser | Enable Home Button (User) |
| Kios Browser | Enable Navigation Buttons |
| Kios Browser | Enable Navigation Buttons (User) |
| Kios Browser | Restart On Idle Time |
| Kios Browser | Restart On Idle Time (User) |
| Lanman Workstation | Enable Insecure Guest Logons |
| Licensing | Allow Windows Entitlement Reactivation |
| Licensing | Disallow KMS Client Online AVS Validation |
| Loader Override Settings | Configure the location of the browser executable folder |
| Loader Override Settings | Configure the location of the browser executable folder (User) |
| Loader Override Settings | Set the release channel search order preference |
| Loader Override Settings | Set the release channel search order preference (User) |
Lock Down, Maps, Memory Dump related policies
Let’s find more details of LockDown, Maps, Memory Dump-related policies.
| Lock Down, Maps, Memory Dump related policies | Intune Settings Catalog Details |
|---|---|
| Lock Down | Allow Edge Swipe |
| Maps | Allow Offline Maps Download Over Metered Connection |
| Maps | Enable Offline Maps Auto Update |
| Memory Dump | Allow Crash Dump (Windows Insiders only) |
| Memory Dump | Allow Live Dump (Windows Insiders only) |
Microsoft App Store Security Policies
Let’s find more details about the Microsoft app store security policies.
| Microsoft App Store Related Policies | Intune Settings Catalog Details |
|---|---|
| Microsoft App Store | Allow All Trusted Apps |
| Microsoft App Store | Allow apps from the Microsoft app store to auto-update |
| Microsoft App Store | Allow Developer Unlock |
| Microsoft App Store | Allow Game DVR |
| Microsoft App Store | Allow Shared User App Data |
| Microsoft App Store | Block Non-Admin User Install |
| Microsoft App Store | Disable Store Originated Apps |
| Microsoft App Store | Launch App After Log On |
| Microsoft App Store | MSI Allow User Control Over Install |
| Microsoft App Store | MSI Always Install With Elevated Privileges |
| Microsoft App Store | MSI Always Install With Elevated Privileges (User) |
| Microsoft App Store | Require Private Store Only |
| Microsoft App Store | Require Private Store Only (User) |
| Microsoft App Store | Restrict App Data To System Volume |
| Microsoft App Store | Restrict App To System Volume |
Microsoft Edge Related Policies
Let’s find out Microsoft Edge Related Policies Intune Settings Catalog Policies.
| Microsoft Edge Related Policies | Intune Settings Catalog Details |
|---|---|
| Application Guard Settings | Application Guard Container Proxy |
| Application Guard Settings | Application Guard Container Proxy (User) |
| Cast | Enable Google Cast |
| Cast | Enable Google Cast (User) |
| Cast | Show the cast icon in the toolbar |
| Cast | Show the cast icon in the toolbar (User) |
| Content Settings | Allow cookies on specific sites |
| Content Settings | Allow cookies on specific sites (User) |
| Content Settings | Allow images on these sites |
| Content Settings | Allow images on these sites (User) |
| Content Settings | Allow insecure content on specified sites |
| Content Settings | Allow insecure content on specified sites (User) |
| Content Settings | Allow JavaScript on specific sites |
| Content Settings | Allow JavaScript on specific sites (User) |
| Content Settings | Allow notifications on specific sites |
| Content Settings | Allow notifications on specific sites (User) |
| Content Settings | Allow pop-up windows on specific sites |
| Content Settings | Allow pop-up windows on specific sites (User) |
| Content Settings | Allow read access via the File System API on these sites |
| Content Settings | Allow read access via the File System API on these sites (User) |
| Content Settings | Allow the Adobe Flash plug-in on specific sites |
| Content Settings | Allow the Adobe Flash plug-in on specific sites (User) |
| Content Settings | Allow WebUSB on specific sites |
| Content Settings | Allow WebUSB on specific sites (User) |
| Content Settings | Allow write access to files and directories on these sites |
| Content Settings | Allow write access to files and directories on these sites (User) |
| Content Settings | Automatically select client certificates for these sites |
| Content Settings | Automatically select client certificates for these sites (User) |
| Content Settings | Block cookies on specific sites |
| Content Settings | Block cookies on specific sites (User) |
| Content Settings | Block images on specific sites |
| Content Settings | Block images on specific sites (User) |
| Content Settings | Block insecure content on specified sites |
| Content Settings | Block insecure content on specified sites (User) |
| Content Settings | Block JavaScript on specific sites |
| Content Settings | Block JavaScript on specific sites (User) |
| Content Settings | Block notifications on specific sites |
| Content Settings | Block notifications on specific sites (User) |
| Content Settings | Block pop-up windows on specific sites |
| Content Settings | Block pop-up windows on specific sites (User) |
| Content Settings | Block read access via the File System API on these sites |
| Content Settings | Block the Adobe Flash plug-in on specific sites |
| Content Settings | Block the Adobe Flash plug-in on specific sites (User) |
| Content Settings | Block WebUSB on specific sites |
| Content Settings | Block WebUSB on specific sites (User) |
| Content Settings | Block write access to files and directories on these sites |
| Content Settings | Block write access to files and directories on these sites (User) |
| Content Settings | Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft |
| Content Settings | Configure cookies |
| Content Settings | Configure cookies (User) |
| Content Settings | Control use of insecure content exceptions |
| Content Settings | Control use of insecure content exceptions (User) |
| Content Settings | Control use of the File System API for reading |
| Content Settings | Control use of the File System API for reading (User) |
| Content Settings | Control use of the File System API for writing |
| Content Settings | Control use of the File System API for writing (User) |
| Content Settings | Control use of the Web Bluetooth API |
| Content Settings | Control use of the Web Bluetooth API (User) |
| Content Settings | Default Adobe Flash setting |
| Content Settings | Default Adobe Flash setting (User) |
| Content Settings | Default geolocation setting |
| Content Settings | Default geolocation setting (User) |
| Content Settings | Default images setting |
| Content Settings | Default images setting (User) |
| Content Settings | Default JavaScript setting |
| Content Settings | Default JavaScript setting (User) |
| Content Settings | Default notification setting |
| Content Settings | Default notification setting (User) |
| Content Settings | Default pop-up window setting |
| Content Settings | Default pop-up window setting (User) |
| Content Settings | Enable default legacy SameSite cookie behavior setting |
| Content Settings | Enable default legacy SameSite cookie behavior setting (User) |
| Content Settings | Grant access to specific sites to connect to specific USB devices |
| Content Settings | Grant access to specific sites to connect to specific USB devices (User) |
| Content Settings | Limit cookies from specific websites to the current session |
| Content Settings | Limit cookies from specific websites to the current session (User) |
| Content Settings | Revert to legacy SameSite behavior for cookies on specified sites |
| Content Settings | Revert to legacy SameSite behavior for cookies on specified sites (User) |
| Default Search Provider | Configure the new tab page search box experience |
| Default Search Provider | Configure the new tab page search box experience (User) |
| Default Search Provider | Default search provider encodings |
| Default Search Provider | Default search provider encodings (User) |
| Default Search Provider | Default search provider keyword |
| Default Search Provider | Default search provider keyword (User) |
| Default Search Provider | Default search provider name |
| Default Search Provider | Default search provider name (User) |
| Default Search Provider | Default search provider search URL |
| Default Search Provider | Default search provider search URL (User) |
| Default Search Provider | Default search provider URL for suggestions |
| Default Search Provider | Default search provider URL for suggestions (User) |
| Default Search Provider | Enable the default search provider |
| Default Search Provider | Enable the default search provider (User) |
| Default Search Provider | Parameters for an image URL that uses POST |
| Default Search Provider | Parameters for an image URL that uses POST (User) |
| Default Search Provider | Specifies the search-by-image feature for the default search provider |
| Default Search Provider | Specifies the search-by-image feature for the default search provider (User) |
| Extensions | Allow specific extensions to be installed |
| Extensions | Allow specific extensions to be installed (User) |
| Extensions | Blocks external extensions from being installed |
| Extensions | Blocks external extensions from being installed (User) |
| Extensions | Configure allowed extension types |
| Extensions | Configure allowed extension types (User) |
| Extensions | Configure extension and user script install sources |
| Extensions | Configure extension and user script install sources (User) |
| Extensions | Configure extension management settings |
| Extensions | Configure extension management settings (User) |
| Extensions | Control which extensions are installed silently |
| Extensions | Control which extensions are installed silently (User) |
| Extensions | Control which extensions cannot be installed |
| Extensions | Control which extensions cannot be installed (User) |
| HTTP Authentication | Allow Basic authentication for HTTP (User) |
| HTTP Authentication | Allow cross-origin HTTP Basic Auth prompts |
| HTTP Authentication | Allow cross-origin HTTP Basic Auth prompts (User) |
| HTTP Authentication | Configure list of allowed authentication servers |
| HTTP Authentication | Configure list of allowed authentication servers (User) |
| HTTP Authentication | Disable CNAME lookup when negotiating Kerberos authentication |
| HTTP Authentication | Disable CNAME lookup when negotiating Kerberos authentication (User) |
| HTTP Authentication | Include non-standard port in Kerberos SPN |
| HTTP Authentication | Include non-standard port in Kerberos SPN (User) |
| HTTP Authentication | Specifies a list of servers that Microsoft Edge can delegate user credentials to |
| HTTP Authentication | Specifies a list of servers that Microsoft Edge can delegate user credentials to (User) |
| HTTP Authentication | Supported authentication schemes |
| HTTP Authentication | Supported authentication schemes (User) |
| Kios Mode Settings | Configure address bar editing for kiosk mode public browsing experience |
| Kios Mode Settings | Configure address bar editing for kiosk mode public browsing experience (User) |
| Kios Mode Settings | Delete files downloaded as part of kiosk session when Microsoft Edge closes |
| Kios Mode Settings | Delete files downloaded as part of kiosk session when Microsoft Edge closes (User) |
| Manageability | Mobile App Management Enabled |
| Manageability | Mobile App Management Enabled (User) |
| Native Messaging | Allow user-level native messaging hosts (installed without admin permissions) |
| Native Messaging | Allow user-level native messaging hosts (installed without admin permissions) (User) |
| Native Messaging | Configure native messaging block list |
| Native Messaging | Configure native messaging block list (User) |
| Native Messaging | Control which native messaging hosts users can use |
| Native Messaging | Control which native messaging hosts users can use (User) |
| Password Manager and Protection | Allow users to be alerted if their passwords are found to be unsafe |
| Password Manager and Protection | Allow users to be alerted if their passwords are found to be unsafe (User) |
| Password Manager and Protection | Configure password protection warning trigger |
| Password Manager and Protection | Configure password protection warning trigger (User) |
| Password Manager and Protection | Configure the change password URL |
| Password Manager and Protection | Configure the change password URL (User) |
| Password Manager and Protection | Configure the list of enterprise login URLs where password protection service should capture the fingerprint of the password |
| Password Manager and Protection | Configure the list of enterprise login URLs where password protection service should capture a fingerprint or password (User) |
| Password Manager and Protection | Enable saving passwords to the password manager |
| Password Manager and Protection | Enable saving passwords to the password manager (User) |
| Performance | Enable startup boost |
| Performance | Enable startup boost (User) |
| Printing | Default background graphics printing mode |
| Printing | Default background graphics printing mode (User) |
| Printing | Default printer selection rules |
| Printing | Default printer selection rules (User) |
| Printing | Default printing page size |
| Printing | Default printing page size (User) |
| Printing | Disable printer types on the deny list |
| Printing | Disable printer types on the deny list (User) |
| Printing | Enable printing |
| Printing | Enable printing (User) |
| Printing | Print headers and footers |
| Printing | Print headers and footers (User) |
| Printing | Print using system print dialog |
| Printing | Print using system print dialog (User) |
| Printing | Restrict background graphics printing mode |
| Printing | Restrict background graphics printing mode (User) |
| Printing | Set the system default printer as the default printer |
| Printing | Set the system default printer as the default printer (User) |
| Proxy Server | Default background graphics printing mode |
| Proxy Server | Default background graphics printing mode (User) |
| Proxy Server | Default printer selection rules |
| Proxy Server | Default printer selection rules (User) |
| Proxy Server | Default printing page size |
| Proxy Server | Default printing page size (User) |
| Proxy Server | Disable printer types on the deny list |
| Proxy Server | Disable printer types on the deny list (User) |
| Proxy Server | Enable printing |
| Proxy Server | Enable printing (User) |
| Proxy Server | Print headers and footers |
| Proxy Server | Print headers and footers (User) |
| Proxy Server | Print using system print dialog |
| Proxy Server | Print using system print dialog (User) |
| Proxy Server | Restrict background graphics printing mode |
| Proxy Server | Restrict background graphics printing mode (User) |
| Proxy Server | Set the system default printer as the default printer |
| Proxy Server | Set the system default printer as the default printer (User) |
| Sleeping Tabs Settings | Block Sleeping Tabs on specific sites |
| Sleeping Tabs Settings | Block Sleeping Tabs on specific sites (User) |
| Sleeping Tabs Settings | Configure Sleeping Tabs |
| Sleeping Tabs Settings | Configure Sleeping Tabs (User) |
| Sleeping Tabs Settings | Set the background tab inactivity timeout for Sleeping Tabs |
| Sleeping Tabs Settings | Set the background tab inactivity timeout for Sleeping Tabs (User) |
| SmartScreen Settings | Configure Microsoft Defender SmartScreen |
| SmartScreen Settings | Configure Microsoft Defender SmartScreen (User) |
| SmartScreen Settings | Configure Microsoft Defender SmartScreen to block potentially unwanted apps |
| SmartScreen Settings | Configure Microsoft Defender SmartScreen to block potentially unwanted apps (User) |
| SmartScreen Settings | Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings |
| SmartScreen Settings | Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings (User) |
| SmartScreen Settings | Force Microsoft Defender SmartScreen checks on downloads from trusted sources |
| SmartScreen Settings | Force Microsoft Defender SmartScreen checks on downloads from trusted sources (User) |
| SmartScreen Settings | Prevent bypassing Microsoft Defender SmartScreen prompts for sites |
| SmartScreen Settings | Prevent bypassing Microsoft Defender SmartScreen prompts for sites (User) |
| SmartScreen Settings | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads |
| SmartScreen Settings | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (User) |
| Startup, Home page, and new tab page | Configure Microsoft Defender SmartScreen |
| Startup, Home page, and new tab page | Configure Microsoft Defender SmartScreen (User) |
| Startup, Home page, and new tab page | Configure Microsoft Defender SmartScreen to block potentially unwanted apps |
| Startup, Home page, and new tab page | Configure Microsoft Defender SmartScreen to block potentially unwanted apps (User) |
| Startup, Home page, and new tab page | Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings |
| Startup, Home page, and new tab page | Configure the list of domains for which Microsoft Defender SmartScreen won’t trigger warnings (User) |
| Startup, Home page, and new tab page | Force Microsoft Defender SmartScreen checks on downloads from trusted sources |
| Startup, Home page, and new tab page | Force Microsoft Defender SmartScreen checks on downloads from trusted sources (User) |
| Startup, Home page, and new tab page | Prevent bypassing Microsoft Defender SmartScreen prompts for sites |
| Startup, Home page, and new tab page | Prevent bypassing Microsoft Defender SmartScreen prompts for sites (User) |
| Startup, Home page, and new tab page | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads |
| Startup, Home page, and new tab page | Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (User) |
Microsoft Edge Update – Intune Settings Catalog Policies
Intune Settings Catalog Policies related to Microsoft Edge Update are given below.
| Microsoft Edge Update | Intune Settings Catalog Details |
|---|---|
| Applications | Allow installation default |
| Applications | Allow Microsoft Edge Side by Side browser experience |
| Applications | Prevent Desktop Shortcut creation upon install default |
| Applications | Update policy override the default |
| Microsoft Edge | Allow installation |
| Microsoft Edge | Prevent Desktop Shortcut creation upon install |
| Microsoft Edge | Rollback to Target version |
| Microsoft Edge | Target version override |
| Microsoft Edge | Update policy override |
| Microsoft Edge Beta | Allow installation |
| Microsoft Edge Beta | Prevent Desktop Shortcut creation upon install |
| Microsoft Edge Beta | Rollback to Target version |
| Microsoft Edge Beta | Target version override |
| Microsoft Edge Beta | Update policy override |
| Microsoft Edge Canary | Allow installation |
| Microsoft Edge Canary | Prevent Desktop Shortcut creation upon install |
| Microsoft Edge Canary | Rollback to Target version |
| Microsoft Edge Canary | Target version override |
| Microsoft Edge Canary | Update policy override |
| Microsoft Edge Dev | Allow installation |
| Microsoft Edge Dev | Prevent Desktop Shortcut creation upon install |
| Microsoft Edge Dev | Rollback to Target version |
| Microsoft Edge Dev | Target version override |
| Microsoft Edge Dev | Update policy override |
| Microsoft Edge WebView | Allow installation |
| Microsoft Edge WebView | Update policy override |
| Preferences | Auto-update check period override |
| Preferences | Time period in each day to suppress auto-update check |
| Proxy Server | Address or URL of proxy server |
| Proxy Server | Choose how to specify proxy server settings |
| Proxy Server | URL to a proxy .pac file |
More Microsoft edge related to Intune Settings Catalog Policies.
| Microsoft Edge – Default Settings | |
| Microsoft Edge – Default Settings (users can override) | Allow download restrictions |
| Microsoft Edge – Default Settings (users can override) | Allow download restrictions (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of autofill form data |
| Microsoft Edge – Default Settings (users can override) | Allow importing of autofill form data (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of browser settings |
| Microsoft Edge – Default Settings (users can override) | Allow importing of browser settings (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of browsing history |
| Microsoft Edge – Default Settings (users can override) | Allow importing of browsing history (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of Cookies |
| Microsoft Edge – Default Settings (users can override) | Allow importing of Cookies (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of extensions |
| Microsoft Edge – Default Settings (users can override) | Allow importing of extensions (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of favorites |
| Microsoft Edge – Default Settings (users can override) | Allow importing of favorites (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of open tabs |
| Microsoft Edge – Default Settings (users can override) | Allow importing of open tabs (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of payment info |
| Microsoft Edge – Default Settings (users can override) | Allow importing of payment info (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of saved passwords |
| Microsoft Edge – Default Settings (users can override) | Allow importing of saved passwords (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of search engine settings |
| Microsoft Edge – Default Settings (users can override) | Allow importing of search engine settings (User) |
| Microsoft Edge – Default Settings (users can override) | Allow importing of shortcuts |
| Microsoft Edge – Default Settings (users can override) | Allow importing of shortcuts (User) |
| Microsoft Edge – Default Settings (users can override) | Allow suggestions from local providers |
| Microsoft Edge – Default Settings (users can override) | Allow suggestions from local providers (User) |
| Microsoft Edge – Default Settings (users can override) | Block smart actions for a list of services |
| Microsoft Edge – Default Settings (users can override) | Block smart actions for a list of services (User) |
| Microsoft Edge – Default Settings (users can override) | Block third party cookies |
| Microsoft Edge – Default Settings (users can override) | Block third party cookies (User) |
| Microsoft Edge – Default Settings (users can override) | Clear browsing data when Microsoft Edge closes |
| Microsoft Edge – Default Settings (users can override) | Clear browsing data when Microsoft Edge closes (User) |
| Microsoft Edge – Default Settings (users can override) | Clear cached images and files when Microsoft Edge closes |
| Microsoft Edge – Default Settings (users can override) | Clear cached images and files when Microsoft Edge closes (User) |
| Microsoft Edge – Default Settings (users can override) | Continue running background apps after Microsoft Edge closes |
| Microsoft Edge – Default Settings (users can override) | Continue running background apps after Microsoft Edge closes (User) |
| Microsoft Edge – Default Settings (users can override) | Disable synchronization of data using Microsoft sync services |
| Microsoft Edge – Default Settings (users can override) | Disable synchronization of data using Microsoft sync services (User) |
| Microsoft Edge – Default Settings (users can override) | Enable AutoFill for addresses |
| Microsoft Edge – Default Settings (users can override) | Enable AutoFill for addresses (User) |
| Microsoft Edge – Default Settings (users can override) | Enable AutoFill for credit cards |
| Microsoft Edge – Default Settings (users can override) | Enable AutoFill for credit cards (User) |
| Microsoft Edge – Default Settings (users can override) | Enable favorites bar |
| Microsoft Edge – Default Settings (users can override) | Enable favorites bar (User) |
| Microsoft Edge – Default Settings (users can override) | Enable network prediction |
| Microsoft Edge – Default Settings (users can override) | Enable network prediction (User) |
| Microsoft Edge – Default Settings (users can override) | Enable resolution of navigation errors using a web service |
| Microsoft Edge – Default Settings (users can override) | Enable resolution of navigation errors using a web service (User) |
| Microsoft Edge – Default Settings (users can override) | Enable search suggestions |
| Microsoft Edge – Default Settings (users can override) | Enable search suggestions (User) |
| Microsoft Edge – Default Settings (users can override) | Enable Translate |
| Microsoft Edge – Default Settings (users can override) | Enable Translate (User) |
| Microsoft Edge – Default Settings (users can override) | Manage Search Engines |
| Microsoft Edge – Default Settings (users can override) | Manage Search Engines (User) |
| Microsoft Edge – Default Settings (users can override) | Redirect incompatible sites from Internet Explorer to Microsoft Edge |
| Microsoft Edge – Default Settings (users can override) | Redirect incompatible sites from Internet Explorer to Microsoft Edge (User) |
| Microsoft Edge – Default Settings (users can override) | Set application locale |
| Microsoft Edge – Default Settings (users can override) | Set application locale (User) |
| Microsoft Edge – Default Settings (users can override) | Set download directory |
| Microsoft Edge – Default Settings (users can override) | Set download directory (User) |
| Microsoft Edge – Default Settings (users can override) | Shopping in Microsoft Edge Enabled |
| Microsoft Edge – Default Settings (users can override) | Shopping in Microsoft Edge Enabled (User) |
| Microsoft Edge – Default Settings (users can override) | Show Microsoft Rewards experiences |
| Microsoft Edge – Default Settings (users can override) | Show Microsoft Rewards experiences (User) |
| Microsoft Edge – Default Settings (users can override) | Suggest similar pages when a webpage can’t be found |
| Microsoft Edge – Default Settings (users can override) | Suggest similar pages when a webpage can’t be found (User) |
| Content Settings | Register protocol handlers |
| Content Settings | Register protocol handlers (User) |
| Default Search Provider | Default search provider keyword |
| Default Search Provider | Enable the default search provider |
| Default Search Provider | Specifies the search-by-image feature for the default search provider |
| Password manager and protection | Allow users to be alerted if their passwords are found to be unsafe |
| Password manager and protection | Allow users to be alerted if their passwords are found to be unsafe (User) |
| Password manager and protection | Enable Password reveal button |
| Password manager and protection | Enable Password reveal button (User) |
| Password manager and protection | Enable saving passwords to the password manager |
| Password manager and protection | Enable saving passwords to the password manager (User) |
| Performance | Enable startup boost |
| Performance | Enable startup boost (User) |
| Printing | Print headers and footers |
| Printing | Print headers and footers (User) |
| Printing | Set the system default printer as the default printer |
| Printing | Set the system default printer as the default printer (User) |
| Sleeping Tabs settings | Block Sleeping Tabs on specific sites |
| Sleeping Tabs settings | Block Sleeping Tabs on specific sites (User) |
| Sleeping Tabs settings | Configure Sleeping Tabs |
| Sleeping Tabs settings | Configure Sleeping Tabs (User) |
| Sleeping Tabs settings | Set the background tab inactivity timeout for Sleeping Tabs |
| Sleeping Tabs settings | Set the background tab inactivity timeout for Sleeping Tabs (User) |
| SmartScreen settings | Configure Microsoft Defender SmartScreen |
| SmartScreen settings | Configure Microsoft Defender SmartScreen (User) |
| SmartScreen settings | Configure Microsoft Defender SmartScreen to block potentially unwanted apps |
| SmartScreen settings | Configure Microsoft Defender SmartScreen to block potentially unwanted apps (User) |
| SmartScreen settings | Force Microsoft Defender SmartScreen checks on downloads from trusted sources |
| SmartScreen settings | Force Microsoft Defender SmartScreen checks on downloads from trusted sources (User) |
| Startup, Home page and new tab page | Action to take on startup |
| Startup, Home page and new tab page | Action to take on startup (User) |
| Startup, Home page and new tab page | Configure the home page URL |
| Startup, Home page and new tab page | Configure the home page URL (User) |
| Startup, Home page and new tab page | Configure the Microsoft Edge new tab page experience |
| Startup, Home page and new tab page | Configure the Microsoft Edge new tab page experience (User) |
| Startup, Home page and new tab page | Configure the new tab page URL |
| Startup, Home page and new tab page | Configure the new tab page URL (User) |
| Startup, Home page and new tab page | Enable preload of the new tab page for faster rendering |
| Startup, Home page and new tab page | Enable preload of the new tab page for faster rendering (User) |
| Startup, Home page and new tab page | Set new tab page quick links |
| Startup, Home page and new tab page | Set new tab page quick links (User) |
| Startup, Home page and new tab page | Set the new tab page as the home page |
| Startup, Home page and new tab page | Set the new tab page as the home page (User) |
| Startup, Home page and new tab page | Show Home button on toolbar |
| Startup, Home page and new tab page | Show Home button on toolbar (User) |
| Startup, Home page and new tab page | Sites to open when the browser starts |
| Startup, Home page and new tab page | Sites to open when the browser starts (User) |
General – Intune Settings Catalog Policies
The following table gives the list of general Intune Settings Catalog Policies.
| Category of Policies | Intune Settings Catalog Details |
|---|---|
| Above Lock | Allow Cortana Above Lock |
| Above Lock | Allow Toasts |
| Account | Allow Adding Non-Microsoft Accounts Manually |
| Account | Allow Microsoft Account Connection |
| Account | Allow Microsoft Account Sign-In Assistant |
| Account | Domain Names For Email Sync |
| Application Control | Configuration settings format |
| Auditing | Account Logon Audit Other Account Logon Events |
| Auditing | Audit Authentication Policy Change |
| Auditing | Audit Authorization Policy Change |
| Auditing | Audit Changes to Audit Policy |
| Auditing | Audit Directory Service Changes |
| Auditing | Audit File Share Access |
| Auditing | Audit Other Logon Logoff Events |
| Auditing | Audit Security Group Management |
| Auditing | Audit Security System Extension |
| Auditing | Audit Special Logon |
| Auditing | Audit User Account Management |
| Auditing | Object Access Audit Detailed File Share |
| Authentication | Allow Aad Password Reset |
| Authentication | Allow EAP Cert SSO (User) |
| Authentication | Allow Fast Reconnect |
| Authentication | Allow Secondary Authentication Device |
| Authentication | Enable Fast First Sign In |
| Authentication | Enable Web Sign In |
| Authentication | Preferred Aad Tenant Domain Name |
| BitLocker | Allow Warning For Other Disk Encryption |
| BitLocker | Require Device Encryption |
| BITS | Bandwidth Throttling End Time |
| BITS | Bandwidth Throttling Start Time |
| BITS | Bandwidth Throttling Transfer Rate |
| BITS | Costed Network Behavior Background Priority |
| BITS | Costed Network Behavior Foreground Priority |
| BITS | Job Inactivity Timeout |
| Bluetooth | Allow Advertising |
| Bluetooth | Allow Discoverable Mode |
| Bluetooth | Allow Preparing |
| Bluetooth | Allow Prompted Proximal Connections |
| Bluetooth | Local Device Name |
| Bluetooth | Services Allowed List |
| Bluetooth | Set Minimum Encryption Key Size |
| Browser | Allow Address Bar Dropdown |
| Browser | Allow Address Bar Dropdown (User) |
| Browser | Allow Autofill |
| Browser | Allow Autofill (User) |
| Browser | Allow Browser (User) |
| Browser | Allow Configuration Update For Books Library |
| Browser | Allow Configuration Update For Books Library (User) |
| Browser | Allow Cookies |
| Browser | Allow Cookies (User) |
| Browser | Allow Developer Tools |
| Browser | Allow Developer Tools (User) |
| Browser | Allow Do Not Track |
| Browser | Allow Do Not Track (User) |
| Browser | Allow Extensions |
| Browser | Allow Extensions (User) |
| Browser | Allow Flash |
| Browser | Allow Flash (User) |
| Browser | Allow Flash Click To Run |
| Browser | Allow Flash Click To Run (User) |
| Browser | Allow Full-Screen Mode |
| Browser | Allow Full-Screen Mode (User) |
| Browser | Allow InPrivate |
| Browser | Allow InPrivate (User) |
| Browser | Allow Microsoft Compatibility List |
| Browser | Allow Microsoft Compatibility List (User) |
| Camera | Allow Camera |
| Cellular | Let Apps Access Cellular Data |
| Cellular | Let Apps Access Cellular Data Force Allow These Apps |
| Cellular | Let Apps Access Cellular Data Force Deny These Apps |
| Cellular | Let Apps Access Cellular Data User In Control Of These Apps |
| Connectivity | Allow Bluetooth |
| Connectivity | Allow Cellular Data |
| Connectivity | Allow Cellular Data Roaming |
| Connectivity | Allow Connected Devices |
| Connectivity | Allow Phone PC Linking |
| Connectivity | Allow VPN Over Cellular |
| Connectivity | Allow VPN Roaming Over Cellular |
| Connectivity | Disallow Network Connectivity Active Tests |
| Control Policy Conflict | MDM Wins Over GP |
| Credential Providers | Disable Automatic Re Deployment Credentials |
| Cryptography | Allow Fips Algorithm Policy |
| Cryptography | TLS Cipher Suites |
| Data Protection | Allow Direct Memory Access |
| Data Protection | Legacy Selective Wipe ID |
| Defender | Allow Archive Scanning |
| Defender | Allow Behavior Monitoring |
| Defender | Allow Cloud Protection |
| Defender | Allow Email Scanning |
| Defender | Allow Full Scan On Mapped Network Drives |
| Defender | Allow Full Scan Removable Drive Scanning |
| Defender | Allow Intrusion Prevention System |
| Defender | Allow IOAV Protection |
| Defender | Allow On-Access Protection |
| Defender | Allow Real-time Monitoring |
| Defender | Allow Scanning Network Files |
| Defender | Allow Script Scanning |
| Defender | Allow User UI Access |
| Defender | Attack Surface Reduction Only Exclusions |
| Defender | Block Adobe Reader from creating child processes |
| Defender | Block all Office applications from creating child processes |
| Defender | Block credential stealing from the Windows local security authority subsystem |
| Defender | Block executable content from email client and webmail |
| Defender | Block executable files from running unless they meet a prevalence, age, or trusted list criterion |
| Defender | Block execution of potentially obfuscated scripts |
| Defender | Block JavaScript or VBScript from launching downloaded executable content |
| Defender | Block Office applications from creating executable content |
| Defender | Block Office applications from injecting code into other processes |
| Defender | Block Office communication application from creating child processes |
| Defender | Excluded Extensions |
| Defender | Excluded Paths |
| Defender | Excluded Processes |
| Defender | PUA Protection |
| Defender | Real-Time Scan Direction |
| Defender | Scan Parameter |
| Defender | Schedule Quick Scan Time |
| Defender | Schedule Scan Day |
| Defender | Schedule Scan Time |
| Defender | Security Intelligence Location |
| Defender | Signature Update Fallback Order |
| Defender | Signature Update File Shares Sources |
| Defender | Signature Update Interval |
| Defender | Submit Samples Consent |
| Defender | Remediation action for High severity threats |
| Defender | Remediation action for Low severity threats |
| Defender | Remediation action for Moderate severity threats |
| Defender | Remediation action for Severe threats |
| Defender | Block persistence through WMI event subscription |
| Defender | Block process creations originating from PSExec and WMI commands |
| Defender | Block untrusted and unsigned processes that run from USB |
| Defender | Block Win32 API calls from Office macros |
| Defender | Use advanced protection against ransomware |
| Defender | Avg CPU Load Factor |
| Defender | Check For Signatures Before Running Scan |
| Defender | Cloud Block Level |
| Defender | Cloud Extended Timeout |
| Defender | Controlled Folder Access Allowed Applications |
| Defender | Controlled Folder Access Protected Folders |
| Defender | Days To Retain Cleaned Malware |
| Defender | Disable Catchup Full Scan |
| Defender | Disable Catchup Quick Scan |
| Defender | Enable Controlled Folder Access |
| Defender | Enable Low CPU Priority |
| Defender | Enable Network Protection |
| Delivery Optimization | DO Absolute Max Cache Size |
| Delivery Optimization | DO Allow VPN Peer Caching |
| Delivery Optimization | DO Cache Host |
| Delivery Optimization | DO Cache Host Source |
| Delivery Optimization | DO Delay Background Download From Http |
| Delivery Optimization | DO Delay Cache Server Fallback Background |
| Delivery Optimization | DO Delay Cache Server Fallback Foreground |
| Delivery Optimization | DO Delay Foreground Download From Http |
| Delivery Optimization | DO Download Mode |
| Delivery Optimization | DO Group Id |
| Delivery Optimization | DO Group Id Source |
| Delivery Optimization | DO Max Background Download Bandwidth |
| Delivery Optimization | DO Max Cache Age |
| Delivery Optimization | DO Max Cache Size |
| Delivery Optimization | DO Max Download Bandwidth |
| Delivery Optimization | DO Max Foreground Download Bandwidth |
| Delivery Optimization | DO Max Upload Bandwidth |
| Delivery Optimization | DO Min Background Qos |
| Delivery Optimization | DO Min Battery Percentage Allowed To Upload |
| Delivery Optimization | DO Min Disk Size Allowed To Peer |
| Delivery Optimization | DO Min File Size To Cache |
| Delivery Optimization | DO Min RAM Allowed To Peer |
| Delivery Optimization | DO Modify Cache Drive |
| Delivery Optimization | DO Monthly Upload Data Cap |
| Delivery Optimization | DO Percentage Max Background Bandwidth |
| Delivery Optimization | DO Percentage Max Foreground Bandwidth |
| Delivery Optimization | DO Restrict Peer Selection By |
| Device Guard | Configure System Guard Launch |
| Device Guard | Enable Virtualization Based Security |
| Device Guard | LSA Cfg Flags |
| Device Guard | Require Platform Security Features |
| Device Health Monitoring | Allow Device Health Monitoring |
| Device Health Monitoring | Config Device Health Monitoring Scope |
| Device Health Monitoring | Config Device Health Monitoring Service Instance |
| Device Health Monitoring | Config Device Health Monitoring Upload Destination |
| Device Lock | Device Password Enabled |
| Device Lock | Allow Simple Device Password |
| Device Lock | Alphanumeric Device Password Required |
| Device Lock | Device Password Expiration |
| Device Lock | Device Password History |
| Device Lock | Max Device Password Failed Attempts |
| Device Lock | Max Inactivity Time Device Lock |
| Device Lock | Min Device Password Complex Characters |
| Device Lock | Min Device Password Length |
| Device Lock | Enforce Lock Screen And Logon Image |
| Device Lock | Enforce Lock Screen Provider |
| Device Lock | Minimum Password Age |
| Display | Disable Per Process Dpi For Apps |
| Display | Enable Per Process Dpi |
| Display | Enable Per Process Dpi (User) |
| Display | Enable Per Process Dpi For Apps |
| Display | Turn Off Gdi DPI Scaling For Apps |
| Display | Turn On Gdi DPI Scaling For Apps |
| DMA Guard | Device Enumeration Policy |
| Education | Allow Graphing Calculator (User) |
| Education | Default Printer Name (User) |
| Education | Prevent Adding New Printers (User) |
| Education | Printer Names (User) |
| Enterprise Cloud Print | Cloud Print OAuth Authority (User) |
| Enterprise Cloud Print | Cloud Print OAuth Client Id (User) |
| Enterprise Cloud Print | Cloud Print Resource Id (User) |
| Enterprise Cloud Print | Cloud Printer Discovery End Point (User) |
| Enterprise Cloud Print | Mopria Discovery Resource Id (User) |
| Experience | Allow Clipboard History |
| Experience | Allow Cortana |
| Experience | Allow Device Discovery |
| Experience | Allow Find My Device |
| Experience | Allow Manual MDM Unenrollment |
| Experience | Allow Save As Of Office Files |
| Experience | Allow Sync My Settings |
| Experience | Allow Windows Spotlight (User) |
| Experience | Allow Tailored Experiences With Diagnostic Data (User) |
| Experience | Allow Third-Party Suggestions In Windows Spotlight (User) |
| Experience | Allow Windows Consumer Features |
| Experience | Allow Windows Spotlight On Action Center (User) |
| Experience | Allow Windows Spotlight Windows Welcome Experience (User) |
| Experience | Allow Windows Tips |
| Experience | Configure Windows Spotlight On Lock Screen (User) |
| Experience | Allow Windows Spotlight On Settings (User) |
| Experience | Do Not Show Feedback Notifications |
| Experience | Do Not Sync Browser Settings |
| Experience | Prevent Users From Turning On Browser Syncing |
| Experience | Show Lock-On User Tile |
| Exploit Guard | Exploit Protection Settings |