Client Setting Category

Setting

Value

Background Intelligent Transfer

Limit the maximum network bandwidth for BITS background transfers

No

Throttling window start time

9 AM

Throttling window end time

5 PM

Maximum transfer rate during throttling window (Kbps)

1000

Allow BITS downloads outside the throttling window

No

Maximum transfer rate outside the throttling window (Kbps)

9999

Cloud Services

Allow access to cloud distribution point

Yes

Automatically register new Windows 10 or later domain joined devices with Azure Active Directory

Yes

Enable clients to use a cloud management gateway

Yes

Client Cache Settings

Anchor
ClientCacheSettings ClientCacheSettings

Configure BranchCache

Yes

Enable BranchCache

No

Maximum BranchCache cache size (percentage of disk)

10

Configure client cache size

No

Maximum cache size (MB)

5120

Maximum cache size (percentage of disk)

20

Enable as peer cache source

No

Port for initial network broadcast

8004

Port for content download from peer

8003

Client Policy

Client policy polling interval (minutes)

60

Enable user policy on clients

Yes

Enable user policy requests from Internet clients

No

Enable user policy for multiple user sessions

Yes

Compliance Settings

Enable compliance evaluation on clients

Yes

Schedule compliance evaluation

Occurs every 4 days effective 05/18/2019 7:00 AM

Enable User Data and profiles

No

Computer Agent

Anchor
ComputerAgent ComputerAgent

Deployment, deadline greater than 24 hours, remind user every (hours)

48

Deployment, deadline less than 24 hours, remind user every (hours)

4

Deployment, deadline less than 1 hour, remind user every (minutes)

15

Default Application Catalog website point

(none)

Add default Application Catalog website to Internet Explorer trusted sites zone

Yes

Allow Silverlight applications to run in elevated trust mode

Yes

Organization name displayed in Software Center

UT Austin Software

Use new Software Center

Yes

Enable communication with Health Attestation Service

Yes

Use on-premises Health Attestation Service

No

On-premises Health Attestation Service URL

Install permissions

All users

Suspend BitLocker PIN entry on restart

Never

Additional software manages the deployment of applications and software updates

No

PowerShell execution policy

Bypass

Show notifications for new deployments

Yes

Grace period for enforcement after deployment deadline (hours)

0

Enable Endpoint Analytics data collection

Yes

Computer Restart

Anchor
ComputerRestart ComputerRestart

Configuration Manager can force a device to restart

Yes

Specify the amount of time after the deadline before a device gets restarted (minutes)

90

Specify the amount of time that a user is presented a final countdown notification before a device gets restarted (minutes)

15

After the deadline, specify the frequency of restart reminder notifications to the user (minutes)

240

When a deployment requires a restart, show a dialog window to the user instead of a toast notification

No

When a deployment requires a restart, allow low-rights users to restart a device running Windows Server

No

Delivery Optimization

Use Configuration Manager Boundary Groups, for Delivery Optimization Group ID

No

Enable devices managed  by Configuration Manager to use Microsoft Connected Cache servers for content download

No

Endpoint Protection

Manage Endpoint Protection client on client computers

Yes

Install Endpoint Protection client on client computers

Yes

Allow Endpoint Protection client installation and restart outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation.

No

For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restart)

Yes

Suppress any required computer restarts after the Endpoint Protection client is installed

Yes

Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)

24

Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial security intelligence update on client computers

Yes

Hardware Inventory

Enable hardware inventory on clients

Yes

Hardware inventory schedule

Occurs every 7 days effective 2/1/1970 12:00 AM

Maximum random delay (minutes)

240

Hardware inventory classes

Default inventory classes

Metered Internet Connections

Client communication on metered Internet connections

Block

Enrollment

Polling interval for modern devices (minutes)

1440

Allow users to enroll mobile devices and Mac computers

No

Enrollment Profile

(none)

Allow users to enroll modern devices

No

Modern device enrollment profile

(none)

Power Management

Anchor
PowerManagement PowerManagement

Allow power management of devices

Yes

Allow users to exclude their device from power management

No

Allow network wake-up

Not configured

Enable wake-up proxy

No

Wake-up proxy port number (UDP)

25536

Wake on LAN port number (UDP)

9

Windows Defender Firewall exception for wake-up proxy

Disabled

IPV6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries.

Remote Tools

Firewall exception profiles

N/A

Users can change policy or notification settings in Software Center

No

Allow remote control of an unattended computer

Yes

Prompt user for Remote Control permission

Yes

Prompt user for permission to transfer content from share clipboard

No

Grant Remote Control permission to local Administrators group

Yes

Access level allowed

Full Control

Permitted viewers of Remote Control and Remote Assistance

(none)

Show session notification icon on taskbar

Yes

Show session connection bar

Yes

Play sound on client

Beginning and end of session

Manage unsolicited Remote Assistance settings

No

Manage solicited Remote Assistance settings

No

Level of access for Remote Assistance

None

Manage Remote Desktop settings

No

Allow permitted viewers to connect by using Remote Desktop connection

No

Require network level authentication

Yes

Software Center

Anchor
SoftwareCenter SoftwareCenter

Select the user portal

Software Center

Select these new settings to specify company information

Yes

Software Center settings

Software Deployment

Schedule re-evaluation for deployments

Occurs every 7 days effective 02/01/1970 12:00 AM

Software Inventory

Enable software inventory on clients

Yes

Schedule software inventory and file collection

Occurs every 7 days effective 05/19/2019 12:00 AM

Inventory reporting detail

Full details

Inventory these files types

(none)

Collect files

(none)

Software Metering

Enable software metering on clients

Yes

Schedule data collection

Occurs every 7 days effective 02/01/1970 12:00 AM

Software Updates

Enable software updates on clients

Yes

Software update scan schedule

Occurs every 1 days effective 04/07/2022 3:30 PM

Schedule deployment re-evaluation

Occurs every 1 days effective 04/07/2022 4:00 PM

Allow user proxy for software update scans

No

Enforce TLS certificate pinning for Windows Update client for detecting updates

Yes

When any software update deployment deadline is reached, install all other software update deployments with deadline coming within a specified period of time

No

Period of time for which all pending deployments with deadline in this time will also be installed

1 Hours

Allow clients to download delta content when available

No

Port that clients use to receive requests for delta content

8005

If delta content is unavailable from distribution points in the current boundary group, immediately fall back to a neighbor or the site default

No

Enable management of the Office 365 Client Agent

Yes

Enable update notifications from Microsoft 365 Apps

No

Enable installation of software updates in "All deployments" maintenance window when "Software update" maintenance window is available

No

Specify thread priority for feature updates

Not Configured

Enable third party software updates

Yes

Enable Dynamic Update for feature updates

Not Configured

State Messaging

State message reporting cycle (minutes)

15

User and Device Affinity

User device affinity usage threshold (minutes)

2880

User device affinity usage threshold (days)

30

Automatically configure user device affinity from usage data

No

Allow user to define their primary devices

No

Windows Diagnostic Data

Manage Windows telemetry settings with Configuration Manager

No

Commercial ID key:

Windows 10 telemetry

Required

Windows 8.1 and earlier telemetry:

Disable

Enable Windows 8.1 and earlier Internet Explorer data collection for:

Disable