Windows Modern Desktop Profile Configurations
Add configurations to profiles to push settings to devices. See Using Profiles for details. The following tables list the configurations available for the Windows Modern platform.
Important: Microsoft Entra ID devices that support multiple
user accounts update user information when the device checks in. If you push a
profile configuration to a user instead of a device, it applies only when the
user is active on the device.
Security
| Configuration | Description |
|---|---|
| Authentication | Enforces administrator and user password policies. |
| BitLocker | Configures BitLocker encryption. |
| Client PFX certificates | Distributes Client PFX certificates. |
| Root Certificates | Distributes Root certificates. |
| SCEP | Enables certificate enrollment using a Simple Certificate Enrollment Protocol (SCEP) server. |
| Security Baseline: CIS Benchmarks | Applies Center for Internet Security (CIS) settings to enhance security. |
| Security Baseline: Microsoft | Applies Microsoft-recommended security settings. |
| Windows Defender | Configures antivirus settings. |
Restrictions
| Configuration | Description |
|---|---|
| Application Run Control | Restricts which applications can run. |
| Edge Browser | Configures Microsoft Edge settings. |
| Feature Control | Disables specific device features (e.g., camera, Bluetooth). |
| Firewall | Configures advanced firewall policies to filter or reroute network traffic. Restriction: Not supported for
AMAPI-enrolled devices.
|
| Multi-App Kiosk Mode | Sets up a custom multi-app kiosk. |
| Single-App Kiosk Mode | Sets up a custom single-app kiosk. |
| Lockdown | Configures custom kiosk settings. |
| Registry | Manages registry settings. |
| Unified Write Filter | Protects system drives using Unified Write Filter. |
| Web Content Filter | Restricts and manages user website access. |
| Windows Information Protection | Use the Windows Information Protection (WIP) profile configuration to manage access to corporate data on your devices. |
Connectivity
| Configuration | Description |
|---|---|
| APN | Configures Access Point Name (APN) settings. Restriction: Not
supported for AMAPI-enrolled devices. |
| Modern VPN: VPN Native Profile | Configures VPN settings using the Native profile. |
| Modern VPN: VPN Plugin Profile | Configures VPN settings using the Plugin profile. |
| SOTI VPN | Sets up the SOTI VPN service. |
| Wi-Fi | Configures Wi-Fi settings. |
Email, Contacts, & Calendars
| Configuration | Description |
|---|---|
| Email: Exchange for Gmail: Exchange Active Sync | Configures Exchange Active Sync email settings. |
| Email: Exchange for Gmail: IMAP | Configures IMAP email settings. |
| Email: Exchange for Gmail: POP3 | Configures POP3 email settings. |
| Local Users | Adds local user accounts. |
| Reboot | Configures restart schedules. |
| SOTI Identity Login | Enables authentication with SOTI Identity. |
| Task Scheduler | Schedules execution of device scripts. |
SOTI Apps
| Configuration | Description |
|---|---|
| SOTI Surf | Configures settings for the SOTI Surf browser app. |