Configuration profiles
Microsoft Links and Procedures
References to any Microsoft-related procedures are accurate as of date of this topic being published / updated, and N-able does not guarantee their accuracy or validity.
References to any Microsoft-related procedures are accurate as of date of this topic being published / updated, and N-able does not guarantee their accuracy or validity.
Configuration Profiles allow you to sync settings down to devices in your organization. You can review the Microsoft documentation to learn more about Configuration Profiles.
Within N-able N-central if you navigate to a client that is connected to Microsoft Intune, then navigate to Integrations > Microsoft Intune > Profiles > Configuration, you will be able to create, edit, and delete Configuration Profiles that will sync to Microsoft Intune.
The list of profiles only shows profiles created by N-central. Not all profiles in Intune are shown, as we do not support all of the profile options found in Intune.
Creating Configuration Profiles are limited to the following items in N-able N-central:
Microsoft Defender Firewall - Configure Microsoft Defender Firewall settings applicable to all network types
- File Transfer Protocol (FTP)
- Security association idle time before deletion
- Pre-shared key encoding
- IPSec exemptions
- Certificate revocation list verification
- Opportunistically match authentication set per keying module
- Packet queuing
Network Settings - If this setting is not enabled, no network traffic will be blocked regardless of other policy settings. Configure Microsoft Defender Firewall settings applicable to all network types
- Domain (workplace) network
- Private (discoverable) network
- Public (non-discoverable)network
Firewall Rules
- Create Microsoft Defender Firewall rules. One Endpoint Protection profile may contain up to 150 rules.
- You can create firewall rules customized to your requirements, such as allowing inbound TCP Traffic over a specific port.
Windows Encryption
- Windows Settings - These encryption settings apply to all versions of Windows 10:
- Encrypt devices
- Encrypt storage card (mobile only)
- Bitlocker base settings - Base settings are universal BitLocker settings for all types of data drives. These settings only apply to Enterprise, Education and Mobile versions of Windows 10:
- Warning for other disk encryption
- Configure encryption methods
- Bitlocker fixed data-drive settings - These settings apply specifically to fixed data drives. These settings only apply to Enterprise, Education and Mobile versions of Windows 10:
- Write access to fixed data-drive not protected by BitLocker
- Fixed drive recovery
- Bitlocker removable data-drive settings - These settings apply specifically to removable data drives. These settings only apply to Enterprise, Education and Mobile versions of Windows 10:
- Write access to removable data-drive not protected by BitLocker
Local device security options
- Accounts
- Add new Microsoft accounts
- Remote log on without password
- Local admin account
- Guest account
- Devices
- Undock device without logon
- Install printer drivers for shared printers
- Restrict CD-ROM access to local active user
- Format and eject removable media
- Interactive logon
- Minutes of lock screen inactivity until screen saver activates
- Require CTRL + ALT + DEL to log on
- Smart card removal behaviour
- User information on lock screen
- Hide last signed-in user
- Hide username at sign in
- Login message title
- Login message text
- Network access and security
- Anonymous access to Named Pipes and Shares
- Anonymous enumeration of SAM accounts
- Anonymous enumeration of SAM accounts and shares
- LAN Manager hash value stored on password change
- PKU2U authentication requests
- Restrict remote RPC connections to SAM
- Minimum Session Security for NTLM SSP based clients
- Minimum Session Security for NTLM SSP based server
- LAN Manager authentication level
- Insecure Guest logons
- Recovery console and shutdown
- Clear virtual memory pagefile when shutting down
- Shutdown without logon
- User account control
- UIA integrity without secure location
- Virtualize file and registry write failures to per-user locations
- Only elevate executable files that are signed and validated
- Elevation prompt for admins
- Elevation prompt for standard users
- Route elevation prompts to user's interactive desktop
- Elevated prompt for app installations
- UIA elevation prompt without secure desktop
- Admin Approval Mode For Built-in Administrator
- Run all admins in Admin Approval Mode
- Microsoft network client
- Digitally sign communications (if server agrees)
- Send unencrypted password to third-party SMB servers
- Digitally sign communications (always)
- Microsoft network server
- Digitally sign communications (if client agrees)
- Digitally sign communications (always)