We always use GPO to manage everything on the Server and Workstation, one of these is Screen Lockout after a limited time.
With moving to the cloud and Using MDM by Intune, Microsoft is starting to provide many policies that are exact or almost the same as GPO. The GPO I reviewed today was Screen Lockout.
Screen Lockout
This GPO is available on Group Policies Management on-prem, and I wanted to find a similar Policy in Intune and found it, so Let’s do it.
Login to Intune >Devices Configuration, then create a new policy
Platform: Windows 10 and Later.
Profile type: Templates> then pick Custom, and click on Create.
- Basic
2. Configuration Settings
OMA-URI Settings click Add
Name: you can name it anything you want ( I named it Screen Lockout).
Description: Optional.
OMA-URI ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
Data Type: Integer
Value: 1200
Note: the value is 0 by default which is disabled. You can use any number between 0 – 599940 (according to Microsoft Docs.) this number represents time in seconds (inactive machine before you lockout the screen). In my case, I picked 1200 sec = 20 minutes.
3. Scope tags
I left it as default.
4. Assignments
I assign to the groups of my test machines.
5. Applicability Rules
You choose how you want the profile to apply to the assigned group or not.
Then save the policy.
Conclusion:
I started to create and deploy CSP instead of creating legacy GPO, in the route of moving to the cloud it is not easy to convert all your GPO to the cloud, there are many GPOs that are not supported today by the cloud, so either to get rid of them or upload them to GPO analytic in Intune to see what is supported.
Thanks for reading.