Configuration Profiles
Deploy device settings and configurations through Intune. Configuration profiles allow you to manage Wi-Fi, VPN, email, certificates, device restrictions, and hundreds of other settings across managed devices.
Profile List
| Column | Description |
|---|---|
| Profile Name | Display name of the profile |
| Platform | Windows, macOS, iOS, Android |
| Profile Type | Template type or Settings Catalog |
| Assigned | Number of groups assigned |
| Deployed | Success/Failed/Pending counts |
| Last Modified | When profile was last updated |
Profile Types
Templates
Pre-built profile types for common scenarios:
- Wi-Fi — Configure wireless networks
- VPN — VPN connection settings
- Email — Exchange ActiveSync profiles
- Certificates — SCEP/PKCS certificates
- Device Restrictions — Control device features
- Device Features — iOS/macOS specific features
- Kiosk — Single/multi-app kiosk
- SCEP Certificate — Auto-enrolled certificates
- Trusted Certificate — Root CA certificates
Settings Catalog
Access all available settings in a searchable catalog. The modern approach for granular configuration with thousands of individual settings.
Note: Use Settings Catalog for new Windows profiles. It provides access to more settings and better conflict detection.
Administrative Templates
Windows ADMX-based Group Policy settings delivered through Intune. Configure Office, Edge, Windows features and more using familiar GPO settings.
Custom Profiles
Deploy OMA-URI settings or custom XML configurations for advanced scenarios not covered by built-in templates.
Common Profile Scenarios
Corporate Wi-Fi
Configure devices to automatically connect to corporate wireless networks with proper security settings.
Settings:
- SSID: CorpWiFi
- Security: WPA2-Enterprise
- EAP type: EAP-TLS with certificate
- Auto-connect: Yes
VPN Always-On
Establish automatic VPN connections when devices are outside the corporate network.
Settings:
- Connection type: IKEv2 / SSL VPN
- Server: vpn.company.com
- Authentication: Certificate-based
- Always On: Enabled
- Split tunneling: Configured
Device Restrictions
Control which device features users can access.
Common restrictions:
- Block camera
- Block screen capture
- Block USB storage
- Block Bluetooth file transfer
- Require password
Email Profile
Auto-configure Exchange email on managed devices.
Settings:
- Exchange server: outlook.office365.com
- Username:
{{userprincipalname}} - Email address:
{{mail}} - Sync calendar: 2 weeks
- Sync contacts: Yes
Profile Deployment
Assignment
Assign profiles to user groups, device groups, or all users/devices. Use exclusion groups for exceptions.
Filters
Use assignment filters to target specific devices within groups (e.g., only Windows 11, only corporate-owned).
Applicability Rules
For Windows, define rules based on OS version or edition to control which devices receive the profile.
Deployment Status
- 850 Succeeded
- 12 Failed
- 45 Pending
- 8 Not Applicable
Conflict Resolution
When multiple profiles configure the same setting:
- More specific assignments win over broader ones
- User-assigned profiles take precedence over device-assigned
- Last-write wins for identical specificity
- Settings Catalog profiles show conflicts in portal
Warning: Use the “Device configuration” report to identify devices with conflicting settings and resolve them.
API Reference
GET /api/devices/config-profiles— List all configuration profilesGET /api/devices/config-profiles/:id— Get profile detailsPOST /api/devices/config-profiles— Create configuration profileGET /api/devices/config-profiles/:id/status— Get deployment statusPOST /api/devices/config-profiles/:id/assign— Assign profile to groups