In the last couple of blogs I used the setting catalog more and more, but why do I use the Settings catalog prior other policy possibilities. But a big question is how to use it and on which scenario
What are Setting catalog policy’s and why use them
If you want to list all settings in one place it good to have a look at the Settings catalog. U can easily find settings from Apple (macOS, iPadOS and iOS) to Windows 10/11. After finding these setting it much easier to configure and to read them then the good old OMAUri or ADMX.
A lot of new settings are being added frequently just have a look at all the iPadOS/iOS Setting catalog items being announced in the last What’s new in Intune link
What I can see that Microsoft is pushing all the policy to the settings catalog and it is going to be the way to go for in all upcoming policy you need to create. If we have look what Microsoft has to say about all the settings available for Windows:
There are thousands of settings, including settings that haven’t been available before. These settings are directly generated from the Windows configuration service providers (CSPs). You can also configure Administrative Templates, and have more Administrative Template settings available. As Windows adds or exposes more settings to MDM providers, these settings are added quicker to Microsoft Intune for you to configure.
Group Policy’s and the Setting catalog
When working with several customer I often get the question if it possible to use the same policy’s they used on there older device coming from Group policy’s (GPO). Because is always a difficult question to answer but there are ways I had to create something on this topic as well.
Microsoft has created the possibility to import an exported GPO in XML format to have a look which policy is supported in Intune when it does it will show in the column MDM Support where Yes means there’s a matching setting available in Endpoint Manager. You can configure this setting in the Settings Catalog and No means there isn’t a matching setting available to MDM providers, including Intune.
If you go to Endpoint Manager link under Devices | Group Policy analytics (preview) it is possible to import the XML.
Migrating GPO to Setting catalog
Since the 2206 release of Endpoint manager it is now possible to migrate the supported GPO settings to a Settings catalog policy in just a view steps. After importing and checking the GPO’s you can click on the migrate button
Now you will get the opportunity to checkmark the items you want a Setting catalog to be created. I will not go any further into these step because these look the same as creating a Setting catalog item and will go there a little bit later on.
My point of view of importing GPO’s
Because 9 out 10 times we are creating a new modern workplace and we want to use our baselines and best practices of Microsoft to help the customer to get the best experience of there new environment we want start fresh in most of the times. But I need to say it can be helpful to understand and help to get a decent inventory of the old environment how they used to work. So I will be using this feature more than i probably know right now.
Creating a Settings catalog policy
Go to the Endpoint Manager page link , Devices | Configuration profiles
Click on + Create profile
- Fill Platform: Windows 10 and later
- Fill profile type: Settings catalog
Click Create
Give the policy a name
Click on Add settings
In the next screen popping updo the following fill the right keyword (1) click on Search (2) pick the settings from the category picker
After picking the settings it is possible top set those specific session to enable/disable or any kind of option the setting is giving you.
Keep in mind that if a policy user (User) or (Device) behind the setting, it will be scoped that way
Blogs were I used the Settings catalog
Conclusion
I like to use the Settings catalog because all settings came together in one place, Microsoft is speeding up everything policy wise to be placing all settings there. Hoping that the Security baseline also will be available as a template in the settings catalog item. But in short the Settings catalog is for me the place to be
[…] Why use the Setting catalog, and how […]
[…] We are going to create a Setting catalog for this (how to) […]
[…] The settings I will be using are in the screenshot below. how to create a settings catalog can be found here […]
[…] we have chosen the Settings catalog as profile we go ahead with the settings like other blogs before. Click on + Add […]
[…] this can also be done with a device restriction policy, but because of I like to prefer the settings catalog for this I will create […]
[…] we have to create a settings catalog policy to onboard the devices with the right telemetry […]
[…] Settings catalog it also possible to rename the user to you’re liking. Let’s create a Settings Catalog policy to achieve […]
[…] and this is something we wanted to update to our baseline configuration. Herefore, we introduced a setting catalog policy which we will create and show later. Because the PIN reset was enabled on the device it […]
[…] Here we will go to Devices | Configuration click + Create profile, choose Platform Windows 10 and later, and Profile type Settings catalog […]
[…] apply a filter like a settings catalog policy, we need to go to the policy in our case. We are going to exclude the BitLocker policy […]
[…] implement Config Refresh, we have to create a Settings Catalog policy; therefore, go to the Intune portal, Devices | Windows | Configuration profiles, click […]