Hide settings pages in Windows 10 with Microsoft Intune

Today a short blog about how we can hide settings pages in Windows 10 using Microsoft Intune. In Windows 10 more and more settings are moved away from the old Control Panel to the settings app and sometimes you want to hide one or a few of those pages on your Intune managed Windows 10 devices.

Using a Device Configuration profile it is pretty simple to hide a complete area of settings pages (like Accounts or Gaming) or even completely block access to the settings app as shown in the print screen below.

If we use the profile like shown above, the end-result is the Accounts and Gaming areas are removed from the settings app.

But how about only hiding a few of those pages, or only showing a few of those instead of hiding a complete settings area?
If we take a look at the MDM Diagnostics Report on a device on which the above policy is applied, we see the actual policy which is applied to the device. Just one settings is applied, PageVisibilityList, with a list of pages which are hidden.

If we have a look at the documentation about this CSP setting, we can see the setting is available on Windows 10 1703 and newer devices. It also tells us we can use it as a device or user policy and that we have two different modes. We can use hide as shown in the above print screen and we can use showonly. When using hide we only hide the pages we set in the policy. When using showonly, only the pages which are set in the policy are shown.
The corresponding URIs of the settings pages can be found on this list.

Now move on to Intune to create a configuration policy to apply this setting.

Create Custom Intune policy

Because this option is not available in the Device Management Portal, we need to create a Custom policy in Intune to apply this setting.

  1. Sign-in to the Device Management Portal
  2. Click Device Configuration
  3. Click Profiles
  4. Click Create Profile

  1. Give the configuration a Name
  2. Give the configuration a Description (Optional)
  3. Choose Windows 10 and later as Platform
  4. Choose Custom as Profile type
  5. Click the Configure tab
  6. Click Add to add a OMA-URI

On this page we need to add the OMA-URI settings which are available in the documentation.
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList
Data Type: String
Value: see the two examples below

To only show a few pages:
showonly:personalization-start;display;personalization-background;printers
To only hide a few pages:
hide:workplace;recovery

When finished, click OK twice and click Create.

  1. Click the Assignments tab
  2. Search for the security group you want to assign the configuration to
  3. Click Save

End-user experience

When the showonly mode is used from the example, only the settings areas are shown on the settings start page which contain the pages you set in the policy.

When you click for example on Devices , only the Printers page is shown.

When the hide mode from the example is used, most of the settings areas are shown and when we have a look at the Accounts area, we see only Access school or work is hidden.

3 Comments

Leave a Reply

Your email address will not be published.


*