Windows Modern Desktop Profile Configurations
Add configurations to profiles to push settings to devices. See Using Profiles for details. The following tables list the configurations available for the Windows Modern platform.
Important: Microsoft Entra ID devices that support multiple
user accounts update user information when the device checks in. If you push a
profile configuration to a user instead of a device, it applies only when the
user is active on the device.
Security
| Configuration | Description |
|---|---|
| Authentication | Enforces administrator and user password policies. |
| BIOS | Allows administrators to configure BIOS settings, enforce BIOS and supervisor passwords, and manage boot priorities from a centralized interface. |
| BitLocker | Configures BitLocker encryption. |
| Client PFX certificates | Distributes Client PFX certificates. |
| Root Certificates | Distributes Root certificates. |
| SCEP | Enables certificate enrollment using a Simple Certificate Enrollment Protocol (SCEP) server. |
| Out of Contact | |
| Security Baseline: CIS Benchmarks | Applies Center for Internet Security (CIS) settings to enhance security. |
| Security Baseline: Microsoft | Applies Microsoft-recommended security settings. |
| Windows Defender | Configures antivirus settings. |
Restrictions
| Configuration | Description |
|---|---|
| Application Run Control | Restricts which applications can run. |
| Edge Browser | Configures Microsoft Edge settings. |
| Feature Control | Disables specific device features (e.g., camera, Bluetooth). |
| Firewall | Configures advanced firewall policies to filter or reroute
network traffic. Restriction: Not supported for
AMAPI-enrolled devices.
|
| Multi-App Kiosk Mode | Sets up a custom multi-app kiosk. |
| Single-App Kiosk Mode | Sets up a custom single-app kiosk. |
| Lockdown | Configures custom kiosk settings. |
| Registry | Manages registry settings. |
| Unified Write Filter | Protects system drives using Unified Write Filter. |
| Web Content Filter | Restricts and manages user website access. |
| Windows Information Protection | Use the Windows Information Protection (WIP) profile configuration to manage access to corporate data on your devices. |
Connectivity
| Configuration | Description |
|---|---|
| APN | Configures Access Point Name (APN) settings. Restriction: Not supported for AMAPI-enrolled
devices. |
| Modern VPN: VPN Native Profile | Configures VPN settings using the Native profile. |
| Modern VPN: VPN Plugin Profile | Configures VPN settings using the Plugin profile. |
| SOTI VPN | Sets up the SOTI VPN service. |
| Wi-Fi | Configures Wi-Fi settings. |
Email, Contacts, & Calendars
| Configuration | Description |
|---|---|
| Email: Exchange for Gmail: Exchange Active Sync | Configures Exchange Active Sync email settings. |
| Email: Exchange for Gmail: IMAP | Configures IMAP email settings. |
| Email: Exchange for Gmail: POP3 | Configures POP3 email settings. |
| Local Users | Adds local user accounts. |
| Reboot | Configures restart schedules. |
| SOTI Identity Login | Enables authentication with SOTI Identity. |
| Task Scheduler | Schedules execution of device scripts. |
| Wallpaper & Screen Saver | Configure wallpaper and screen saver for Windows Modern devices. |
SOTI Apps
| Configuration | Description |
|---|---|
| SOTI Surf | Configures settings for the SOTI Surf browser app. |