In the last couple of blogs I used the setting catalog more and more, but why do I use the Settings catalog prior other policy possibilities. But a big question is how to use it and on which scenario

What are Setting catalog policy’s and why use them

If you want to list all settings in one place it good to have a look at the Settings catalog. U can easily find settings from Apple (macOS, iPadOS and iOS) to Windows 10/11. After finding these setting it much easier to configure and to read them then the good old OMAUri or ADMX.

A lot of new settings are being added frequently just have a look at all the iPadOS/iOS Setting catalog items being announced in the last What’s new in Intune link

What I can see that Microsoft is pushing all the policy to the settings catalog and it is going to be the way to go for in all upcoming policy you need to create. If we have look what Microsoft has to say about all the settings available for Windows:

There are thousands of settings, including settings that haven’t been available before. These settings are directly generated from the Windows configuration service providers (CSPs). You can also configure Administrative Templates, and have more Administrative Template settings available. As Windows adds or exposes more settings to MDM providers, these settings are added quicker to Microsoft Intune for you to configure.

Group Policy’s and the Setting catalog

When working with several customer I often get the question if it possible to use the same policy’s they used on there older device coming from Group policy’s (GPO). Because is always a difficult question to answer but there are ways I had to create something on this topic as well.

Microsoft has created the possibility to import an exported GPO in XML format to have a look which policy is supported in Intune when it does it will show in the column MDM Support where Yes means there’s a matching setting available in Endpoint Manager. You can configure this setting in the Settings Catalog and No means there isn’t a matching setting available to MDM providers, including Intune.

If you go to Endpoint Manager link under Devices | Group Policy analytics (preview) it is possible to import the XML.

1 for Group Policy analytics, 2 for the import of the XML and 3 where you will see if its supported for the Settings catalog

Migrating GPO to Setting catalog

Since the 2206 release of Endpoint manager it is now possible to migrate the supported GPO settings to a Settings catalog policy in just a view steps. After importing and checking the GPO’s you can click on the migrate button

Now you will get the opportunity to checkmark the items you want a Setting catalog to be created. I will not go any further into these step because these look the same as creating a Setting catalog item and will go there a little bit later on.

My point of view of importing GPO’s

Because 9 out 10 times we are creating a new modern workplace and we want to use our baselines and best practices of Microsoft to help the customer to get the best experience of there new environment we want start fresh in most of the times. But I need to say it can be helpful to understand and help to get a decent inventory of the old environment how they used to work. So I will be using this feature more than i probably know right now.

Creating a Settings catalog policy

Go to the Endpoint Manager page link , Devices | Configuration profiles

Click on + Create profile

  • Fill Platform: Windows 10 and later
  • Fill profile type: Settings catalog

Click Create

Give the policy a name

Click on Add settings

In the next screen popping updo the following fill the right keyword (1) click on Search (2) pick the settings from the category picker

After picking the settings it is possible top set those specific session to enable/disable or any kind of option the setting is giving you.

Keep in mind that if a policy user (User) or (Device) behind the setting, it will be scoped that way

Blogs were I used the Settings catalog

Conclusion

I like to use the Settings catalog because all settings came together in one place, Microsoft is speeding up everything policy wise to be placing all settings there. Hoping that the Security baseline also will be available as a template in the settings catalog item. But in short the Settings catalog is for me the place to be

4 thoughts on “Why use the Setting catalog, and how”

Comments are closed.