BCM-Policies-Overview
BCM Policies Overview
Active Intune Policies
Configuration Policies (Settings Catalog)
| Policy Name | Purpose | Assigned To |
|---|---|---|
| BCM-Desktop-Wallpaper | Sets desktop and lock screen image | All Devices |
| BCM-Windows-Desktop-Lockdown | Blocks registry editor, wallpaper changes, Windows tips | All Devices |
Platform Scripts
| Script Name | Purpose | Runs As | Assigned To |
|---|---|---|---|
| BCM-Remove-Bloatware | Removes Xbox, Solitaire, Clipchamp, Gaming App | System | All Devices |
| BCM-Set-Wallpaper | Downloads and sets wallpaper via registry | System | All Devices |
| BCM-ForceDarkMode | Forces dark mode for apps and system | User | All Devices |
| BCM-LockTaskbar | Prevents taskbar auto-hide | User | All Devices |
Endpoint Security
| Policy Name | Purpose | Assigned To |
|---|---|---|
| BCM Bitlocker Encryption | Encrypts drives, stores recovery keys in Entra | BCM BitLocker Group |
Windows Autopilot
| Profile Name | Mode | Naming Template |
|---|---|---|
| BCM Autopilot Standard | User-driven | BCM-%SERIAL% |
App Deployments
| App | Type | Assignment |
|---|---|---|
| Microsoft 365 Apps | Win32 | All Devices (Required) |
| AnyDesk | Win32 | All Devices (Required) |
| Bitwarden | Store | All Users (Available) |
| Dell Command Update | Enterprise Catalog | Dell Devices (Required) |
| Remote Help | Enterprise Catalog | All Devices (Required) |
| Zoom | Enterprise Catalog | All Devices (Available) |
| Foxit PDF Reader | Enterprise Catalog | All Devices (Available) |
| Notepad++ | Enterprise Catalog | All Devices (Available) |
Update Policies
| Policy | Setting |
|---|---|
| Windows Update Ring | Feature updates: Windows 11 24H2 |
| Quality updates | Deferral: 7 days |
Key Settings Summary
| Setting | Value | Method |
|---|---|---|
| Desktop wallpaper | BCM branded image | Settings Catalog + Script |
| Lock screen | BCM branded image | Settings Catalog + Script |
| Prevent wallpaper change | Enabled | Settings Catalog |
| Registry editor | Blocked | Settings Catalog |
| Windows tips | Disabled | Settings Catalog |
| Windows Spotlight | Blocked | Settings Catalog |
| Consumer features | Blocked | Settings Catalog |
| Dark mode | Forced | Platform Script |
| Taskbar auto-hide | Prevented | Platform Script |
| Xbox/Games | Removed | Platform Script |
| BitLocker | Required | Endpoint Security |
| Standard user (no admin) | Yes | Autopilot profile |
Groups Used
| Group | Type | Purpose |
|---|---|---|
| All Devices | Dynamic | Default assignment target |
| Cloud Devices | Dynamic | Entra-joined devices only |
| BCM BitLocker Group | Assigned | BitLocker policy target |
| Dell Devices | Dynamic | Dell-specific apps |
| Wes Drive Map | Assigned | Mapped drive script (Z: to database) |
Related
- [[Deploy-Intune-Policy]]
- [[Deploy-PowerShell-Script]]
- [[Intune-Locations]]