I got a question week about setting lock screen picture not working  when the picture is in OneDrive. Personal I never use OneDrive or any other service that requires a login token when deploying pictures or other settings down to a windows 10 client with Intune. The reason for this is, if for some reason the device is not able to authenticate then my setting will not apply, I love to use Azure file storage for this one – do to that is it both secure and we can embed the authentication token in the link that we deploy to the end user device. But if you don’t have a Azure subscription then just use the free Azure service with 5GB of Azure Blob Storage – just be sure that you are in control of the service, not like OneDrive where a SharePoint administrator or a security administrator can change the security settings on OneDrive that may effect your policy.

Note : Supported in Windows 10 Enterprise and Education SKUs

 


How to upload the picture to Azure Blob Storage:

First of all if you already have a Azure Storage account you can skip this section if not then start the Azure portal search for free service find the Azure Blob Storage and click create

Create Free Azure Blob Storage - 01

Click start free

Create Free Azure Blob Storage - 02

Click Start free – and follow the guide to sign up

Create Free Azure Blob Storage - 03

Once you are finish search for storage account and click add

Create Free Azure Blob Storage - 03a.png

  1. Create a resource group if you not have any or just use a existent one
  2. Enter you Storage account name : osdintune
  3. Click Review+ create

Create Free Azure Blob Storage - 04

  1. Click create if all the information is correct

Create Free Azure Blob Storage - 05

  1. Click Open in Explorer – you need the Azure Storage Explorer installed

Create Free Azure Blob Storage - 06

  1. Create a folder
  2. Upload your picture
  3. Click Change Access Tier

Create Free Azure Blob Storage - 07

  1. Change when the access token expiry – remember when it expires your end users will not have access to the picture any more and the Intune policy will have no effect.

Create Free Azure Blob Storage - 08

  1. Copy the URL with the access token embedded
  2. Click Close

Create Free Azure Blob Storage - 09


Now you are ready to create your Intune profile:

Start the Microsoft 365 Device Management portal

  1. Click Device configuration
  2. Click Profiles
  3. Click Create profile

provisioning-csp-personalization intune - 01

Then there is the two setting – one for Lockscreen picture and one for desktop bagground picture – you can easy create both setting in the same profile – in this example I have done it.

  1. Name : Windows 10 – Personalization
  2. Platform : Windows 10 and later
  3. Profile type : Device restrictions
  4. Click : Settings
  5. Click : Locked Screen Experience
  6. Enter the URL in “Locked screen picture URL”

provisioning-csp-personalization intune - 03

  1. Name : Windows 10 – Personalization
  2. Platform : Windows 10 and later
  3. Profile type : Device restrictions
  4. Click : Settings
  5. Click : Personalization
  6. Enter the URL in “Desktop background picture URL”

provisioning-csp-personalization intune - 02

 


Last for the End user experience:

Remember like for any other policy or device restriction the end user cannot change the behavior that the IT admin has setup on the end user device – but for some companies it is very important to have the company branding on every thing including desktop background and lock screen.

End user experience for background picture.
In Intune there is not a easy way of setting background picture for different screen resolutions, this one will also choose a fit.

provisioning-csp-personalization intune - 04

End user experience for lock screen picture.
provisioning-csp-personalization intune - 05

 


Read more:

Personalization CSP