How to Create Configuration Profiles
Sign in to the Microsoft Endpoint Manager Admin Center:
- Navigate to the Microsoft Endpoint Manager admin centre and sign in.
- Go to Devices > Configuration profiles > Create profile.
Select
- Platform: Windows 10 and later
- Profile type: Templates
- Template Type: Administrative templates
- Create
Enter Profile Details:
- Name: Enter a descriptive name for the policy (e.g., Mobile Guardian Microsoft Edge Browser Settings).
- Description: Enter a description for the policy (optional but recommended).
- Click Next
On the next page, click All Settings and search for the following settings:
- Browser sign-in settings: Select the device-based setting for Microsoft Edge > Enable > Force users to sign in to use the browser > OK.
You will see the status of your selected setting change to enabled.
- In the search bar search for; Configure whether a user always has a default profile automatically signed in with their work or school account: Select the device-based setting for Microsoft Edge > Enable > OK.
You will see the status of your selected setting change to enabled
- In the search bar search for; Control where developer tools can be used: Select the user-based setting for Microsoft Edge > Enable > Allow using the developer tools > OK.
You will see the status of your selected setting change to enabled
#Note: Developer tools should only be enabled for initial testing and disabled for student devices.
- Click Next.
- Skip the Scope Tags section and click Next.
Assign the Profile:
Under Assignments > Included groups > Add groups, select the group you want to apply the settings to (e.g., Students) > Select > Next.
Review and Create:
- Review your settings and click Create.
- Refresh the page to see your newly created configuration profile.
Creating a Configuration Profile for Managed Edge Extensions
Create Profile for Managed Edge Extensions:
- Go to Devices > Configuration profiles > Create profile.
- Select your platform and profile type (e.g., Settings Catalog).
- Click Create.
Enter Profile Details:
- Name: Enter a descriptive name for the policy (e.g., Mobile Guardian Managed Edge Chromium Extensions).
- Description Enter a description for the policy (optional but recommended).
- Click Next.
Add Settings:
- Click + Add settings.
- In the setting picker search bar, find and select the following settings:
- Control where developer tools can be used
- Control which extensions are installed silently
- Configure your selected settings.
#Note: Developer tools should only be enabled for initial testing. It should be disabled everywhere for student devices
Configure Extensions:
- In the Extension/App ID field, enter your personalized App ID and URL, separated by a semicolon.
- Click Next.
- Skip the Scope Tags section and click Next.
Assign the Profile:
- Under Assignments > Included groups > Add groups, select the group you want to apply the settings to (e.g., Students) > Select > Next.
Review and Create:
- Review your settings and click Create.
- Refresh the page to see your newly created configuration profile.
Mobile Guardian Windows Helper Application
#Note on .Net Runtime:
If the device does not already have a .Net runtime installed, you will need to add the Windows Desktop Runtime as a prerequisite. Follow the same steps as described below.
Full Instructions:
- Refer to [Microsoft's official documentation] https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-add for detailed instructions.
Configuring Desktop Runtime
Sign in and Add App:
- Sign in to the Microsoft Endpoint Manager admin centre.
- Select Apps > All apps > Add.
- Under Other app types, select Windows app (Win32) > Select.
Select App Package File:
- On the Add app pane, click Select app package file.
- Browse and select the Windows desktop runtime file with the extension .intunewin.
- Click OK on the App package file pane.
Set App Information:
- Name and description will be automatically populated.
- Publisher: Microsoft Corporation
- App Version: Enter the desktop runtime app version you uploaded.
- Click Review + save.
Program Commands:
- Install command: `windowsdesktop-runtime-6.0.15-win-x86.exe /install /quiet /norestart`
- Uninstall command: `windowsdesktop-runtime-6.0.15-win-x86.exe /uninstall /quiet /norestart`
- Click Next.
#Note: Please note that the highlighted needs to match the version of the Windows desktop runtime you uploaded.
Requirements:
- Operating system architecture: 32-bit and 64-bit
- Minimum operating system: Windows 10 1607
- Click Next.
Detection Rules:
- Select Manually configure detection rule.
- Click + Add and configure as follows:
- Path: `C:\Program Files (x86)`
- File or Folder: `dotnet`
- Detection method: File or folder exists
- Click OK > Next.
#Note: There are no Dependencies or Supersedence settings required. Continue on clicking the Next button until you reach the Assignments tab.
Assignments:
- Under Required, click + Add group and assign the application to the same groups as used for the configuration profiles.
- Click Select > Next.
Review and Create:
- Review your settings and click Create.
- You will see a notification that your application has been created.
Configure Mobile Guardian Windows Helper Application
Add the Application:
- Select Apps > All apps > Add.
- Under Other app types, select Windows app (Win32) > Select.
Select App Package File:
- On the Add app pane, click Select app package file.
- Browse and select the Windows installation file with the extension .intunewin.
- Click OK on the App package file pane.
Set App Information:
- Some information may be pre-filled.
- Complete any additional required fields.
Program Settings:
- Set Device restart Behaviour > Intune will force a mandatory device restart.
- Leave the rest of the default settings in place.
Requirements:
- Set Architecture and Operating system.
- Ensure Windows 10 1607 is chosen as the minimum operating system version.
Add Windows Desktop Runtime App:
- Click + Add and configure as follows:
- Path: `C:\Program Files`
- File or Folder: `dotnet`
- Property: File or folder exists
- Click OK > Next.
Detection Rules:
- Select manually configure and click + Add.
- Configure as follows:
- Path: `C:\Program Files (x86)`
- File or Folder: `Mobile Guardian`
- Detection method: File or folder exists
- Click OK > Next.
Dependencies:
- Click + Add > Select runtime app > Automatically install > Yes > Next.
- Skip Supersedence > Next
Assignments:
- Assign the application to the same groups as used for the configuration profiles.
- Review your settings and click Create.
Device Setup
On New Device:
- Sign in with a student account.
- Mobile Guardian extension is installed on Edge by the configuration profile.
- The extension calls API to fetch updated or new details from Azure.
On Existing Device:
Add Azure AD domain under Accounts > Work/School.
Sign out and back in with an Azure student account.
The process is the same as for a new device.
Please let us know if you found this helpful!
Thanks for reading! 🙂
Comments
0 comments
Article is closed for comments.