Share via


Configurable settings reference - Microsoft Managed Desktop

This article lists the settings categories that customers can configure with Microsoft Managed Desktop. Each setting category includes information on requirements, best practices, and how to customize the setting category.

Note

This page contains information for commonly requested settings. It applies to the legacy Edge browser.

Desktop background picture

You can customize the desktop background picture for Microsoft Managed Desktop devices in your organization. You might use the desktop background picture to apply a company brand or marketing material.

Desktop background requirements

These requirements must be met for a desktop background picture:

  • Picture file format: .jpg, jpeg, or .png
  • File location: Host on a trusted secure http (https) location.
  • Not allowed: Http and file share (unc) locations aren't supported.

Customize and deploy desktop background picture

To add a custom desktop background picture:

  1. Go to the Microsoft Intune admin center and navigate to the Devices menu.
  2. In the Microsoft Managed Desktop section, select Settings.
  3. In the Settings workspace, select Desktop background picture.
  4. Enter the location of the picture you want to use.
  5. Select Stage deployment to save your changes and deploy them to the Test group.

Browser start pages

Browser start pages open in individual tabs when your users start Microsoft Edge. If you want to make it easy for your users to open a set of sites they use frequently, add a browser start page for each site.

Browser start page requirements

You must provide the fully qualified domain name (FQDN) for intranet or Internet sites for your browser start pages. If internal sites are configured, inform users that access is only allowed when connected to the internal network, or when connected via VPN.

Customize and deploy browser start pages

To add a browser start page:

  1. Go to the Microsoft Intune admin center and navigate to the Devices menu.
  2. In the Microsoft Managed Desktop section, select Settings.
  3. In the Settings workspace, select Browser start pages.
  4. Select Add start page.
  5. In Add browser start page, enter the URL for the site you want to use, and then select Add start page.
  6. Repeat steps 1-5 for to add more browser start pages.
  7. Select Stage deployment to save your changes and deploy them to the Test group.

Enterprise mode site list location

If you have specific websites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list to automatically open the websites in Internet Explorer 11. Also, if you know your intranet sites don't work correctly with Microsoft Edge, you can set all intranet sites to open automatically in Internet Explorer 11.

Using Enterprise Mode means you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working in Internet Explorer 11. For more information on enterprise mode site lists, see Enterprise Mode and Enterprise Mode Site Lists.

You can specify an https:// location, or the location for an internal share where you’ve hosted your enterprise mode site list.

Enterprise mode site list location requirements

These requirements must be met for the enterprise mode site list file:

  • File format: XML file that meets file requirements.
  • File location: Host file on an internal https location.
  • Not allowed: Hosting on an internal file share, like //sharename, is n't allowed.

Best practices

These best practices are offered to help customers make decisions to modernize their IT infrastructure:

Practice Description
Choose a limited number of sites Microsoft Managed Desktop uses Microsoft Edge as the preferred browser to improve overall security for your organization and usability for your users. Most sites in this list are for legacy web apps that need an older version of a browser. It won't include as many security features.
Consider an alternate Consider a different site, or web app that doesn't require an older browser. Or, consider updating the site so that it can use newer browsers. Newer browsers use the latest technology and help improve security.

Customize and deploy Enterprise site mode list location

To add an enterprise site mode list location:

  1. Go to the Microsoft Intune admin center and navigate to the Devices menu.
  2. In the Microsoft Managed Desktop section, select Settings.
  3. In the Settings workspace, select Enterprise mode site list location.
  4. Enter the https location for your site list.
  5. Select Stage deployment to save your changes and deploy them to the Test group.

Trusted sites

Trusted sites allow you to customize security zones, or where a site can be used, for different sites. Security zones include:

  • Zone 1: Local Intranet zone
  • Zone 2: Trusted sites zone
  • Zone 3: Internet zone
  • Zone 4: Restricted Sites zone

Requirements

Provide the fully qualified domain name (FQDN) for intranet or Internet sites for each trusted site.

Customize and deploy trusted sites

To add a trusted site:

  1. Go to the Microsoft Intune admin center and navigate to the Devices menu.
  2. In the Microsoft Managed Desktop section, select Settings.
  3. In the Settings workspace, select Trusted sites, and then select Add trusted site.
  4. On Add trusted site, enter the URL, choose a security zone, and then select Add trusted site.
  5. Repeat steps 1-4 for each trusted site you want to add.
  6. Select Stage deployment to save your changes and deploy them to the Test group.

To remove a trusted site:

  1. Go to the Microsoft Intune admin center and navigate to the Devices menu.
  2. In the Microsoft Managed Desktop section, select Settings.
  3. In Settings workspace, select Trusted sites.
  4. Select the site that you want to delete, and then select Delete.
  5. Repeat steps 1-4 for each trusted site you want to delete.
  6. Select Stage deployment to save your changes and deploy them to the Test group.

Proxy

You can manage network proxy settings for your organization. Add your proxy server and port number, and then add your proxy site exceptions.

Microsoft Managed Desktop includes a set of default proxy exceptions that are required for the service to operate. The default exclusion list may only be modified by the Microsoft Managed Desktop service. For more information, see Network configuration for Microsoft Managed Desktop.

The proxy site exceptions added in the Microsoft Intune admin center are added to the default proxy exceptions included with the Microsoft Managed Desktop service.

Note

Updating the default proxy exception list is always prioritized over customer deployments. This means that your staged deployment will be paused if there is a deployment for the default proxy exception list.

Proxy requirements

These requirements must be met for proxy server and proxy site exceptions:

  • Must be a valid server address and port number.
  • URLs must be a valid http site.
  • Proxy exceptions should be limited to a maximum of 2064 characters. This includes added Microsoft Managed Desktop addresses.

Customize and deploy proxies

To add an individual proxy site exception:

  1. Go to the Microsoft Intune admin center and navigate to the Devices menu.
  2. In the Microsoft Managed Desktop section, select Settings.
  3. In the Settings workspace, select Proxy.
  4. Enter the Address and Port number for you proxy server, and then select Add proxy exception.
  5. Enter the URL of a valid http site, and then select Add proxy exception.
  6. Repeat steps 1-5 for each trusted site you want to add.
  7. Select Stage deployment to save your changes and deploy them to the Test group.

Additional resources