Table of Contents

Categories ITSOs may want to focus on include:

Client Cache Settings - This determines how much cache is available for deploying applications. If you have unusually large application packages you may want increased values in this category. The default cache size is 10 GB.
Power Management - These controls Wake on LAN and similar settings.
Software Center - This controls branding information, selecting which tabs are visible in Software Center as well as the view defaults.
Computer Agent - This controls various general management settings.
Computer Restart - This controls restart settings related to software updates.

Custom client settings can be deployed as the default for all of your computers, or variations of the same setting can be applied to different collections of computers.
Client settings are applied using a priority system. The "highest" priority is 1 and will always be the final settings applied, this is reserved for settings EPM needs to enforce for all. The "Default Client Settings" priority is set to 10000, these settings will apply to all endpoints unless a custom Client Settings with a higher priority has been created and deployed.
Full Microsoft documentation on client settings can be found at Client settings - Configuration Manager | Microsoft Docs

The values below are the "Default client settings". Custom settings can be requested except where indicated.

Values shaded in GRAY not applicable even though they have a displayed value, this is due to a parent feature being disabled or not applicable.
Values shaded in RED are set by EPM, these will override custom client settings set by an ITSO.

Note

Modifications to the client settings must be submitted to the EPM team to ensure changes made to client settings will not negatively impact the platform.
Send requests to epm-requests@its.utexas.edu

Client Setting Category	Setting	Value
Background Intelligent Transfer
	Limit the maximum network bandwidth for BITS background transfers	No
	Throttling window start time	9 AM
	Throttling window end time	5 PM
	Maximum transfer rate during throttling window (Kbps)	1000
	Allow BITS downloads outside the throttling window	No
	Maximum transfer rate outside the throttling window (Kbps)	9999
Cloud Services
	Allow access to cloud distribution point	Yes
	Automatically register new Windows 10 or later domain joined devices with Azure Active Directory	Yes
	Enable clients to use a cloud management gateway	Yes
Client Cache Settings
	Configure BranchCache	No
	Enable BranchCache	No
	Maximum BranchCache cache size (percentage of disk)	10
	Configure client cache size	No
	Maximum cache size (MB)	5120
	Maximum cache size (percentage of disk)	20
	Enable as peer cache source	No
	Port for initial network broadcast	8004
	Port for content download from peer	8003
Client Policy
	Client policy polling interval (minutes)	60
	Enable user policy on clients	Yes
	Enable user policy requests from Internet clients	No
	Enable user policy for multiple user sessions	Yes
Compliance Settings
	Enable compliance evaluation on clients	Yes
	Schedule compliance evaluation	Occurs every 4 days effective 05/18/2019 7:00 AM
	Enable User Data and profiles	No
Computer Agent
	Deployment, deadline greater than 24 hours, remind user every (hours)	48
	Deployment, deadline less than 24 hours, remind user every (hours)	4
	Deployment, deadline less than 1 hour, remind user every (minutes)	15
	Default Application Catalog website point	(none)
	Add default Application Catalog website to Internet Explorer trusted sites zone	Yes
	Allow Silverlight applications to run in elevated trust mode	Yes
	Organization name displayed in Software Center	UT Austin Software
	Use new Software Center	Yes
	Enable communication with Health Attestation Service	Yes
	Use on-premises Health Attestation Service	No
	On-premises Health Attestation Service URL
	Install permissions	All users
	Suspend BitLocker PIN entry on restart	Never
	Additional software manages the deployment of applications and software updates	No
	PowerShell execution policy	Bypass
	Show notifications for new deployments	Yes
	Grace period for enforcement after deployment deadline (hours)	0
	Enable Endpoint Analytics data collection	Yes
Computer Restart
	Configuration Manager can force a device to restart	Yes
	Specify the amount of time after the deadline before a device gets restarted (minutes)	90
	Specify the amount of time that a user is presented a final countdown notification before a device gets restarted (minutes)	15
	After the deadline, specify the frequency of restart reminder notifications to the user (minutes)	240
	When a deployment requires a restart, show a dialog window to the user instead of a toast notification	No
	When a deployment requires a restart, allow low-rights users to restart a device running Windows Server	No
Delivery Optimization
	Use Configuration Manager Boundary Groups, for Delivery Optimization Group ID	No
	Enable devices managed by Configuration Manager to use Microsoft Connected Cache servers for content download	No
Endpoint Protection
	Manage Endpoint Protection client on client computers	Yes
	Install Endpoint Protection client on client computers	Yes
	Allow Endpoint Protection client installation and restart outside maintenance windows. Maintenance windows must be at least 30 minutes long for client installation.	No
	For Windows Embedded devices with write filters, commit Endpoint Protection client installation (requires restart)	Yes
	Suppress any required computer restarts after the Endpoint Protection client is installed	Yes
	Allowed period of time users can postpone a required restart to complete the Endpoint Protection installation (hours)	24
	Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update Services, or UNC shares) for the initial security intelligence update on client computers	Yes
Hardware Inventory
	Enable hardware inventory on clients	Yes
	Hardware inventory schedule	Occurs every 7 days effective 2/1/1970 12:00 AM
	Maximum random delay (minutes)	240
	Hardware inventory classes	Default inventory classes
Metered Internet Connections
	Client communication on metered Internet connections	Block
Enrollment
	Polling interval for modern devices (minutes)	1440
	Allow users to enroll mobile devices and Mac computers	No
	Enrollment Profile	(none)
	Allow users to enroll modern devices	No
	Modern device enrollment profile	(none)
Power Management
	Allow power management of devices	Yes
	Allow users to exclude their device from power management	No
	Allow network wake-up	Not configured
	Enable wake-up proxy	No
	Wake-up proxy port number (UDP)	25536
	Wake on LAN port number (UDP)	9
	Windows Defender Firewall exception for wake-up proxy	Disabled
	IPV6 prefixes if required for DirectAccess or other intervening network devices. Use a comma to specify multiple entries.
Remote Tools
	Firewall exception profiles	N/A
	Users can change policy or notification settings in Software Center	No
	Allow remote control of an unattended computer	Yes
	Prompt user for Remote Control permission	Yes
	Prompt user for permission to transfer content from share clipboard	No
	Grant Remote Control permission to local Administrators group	Yes
	Access level allowed	Full Control
	Permitted viewers of Remote Control and Remote Assistance	(none)
	Show session notification icon on taskbar	Yes
	Show session connection bar	Yes
	Play sound on client	Beginning and end of session
	Manage unsolicited Remote Assistance settings	No
	Manage solicited Remote Assistance settings	No
	Level of access for Remote Assistance	None
	Manage Remote Desktop settings	No
	Allow permitted viewers to connect by using Remote Desktop connection	No
	Require network level authentication	Yes
Software Center
	Select the user portal	Software Center
	Select these new settings to specify company information	Yes
	Software Center settings
Software Deployment
	Schedule re-evaluation for deployments	Occurs every 7 days effective 02/01/1970 12:00 AM
Software Inventory
	Enable software inventory on clients	Yes
	Schedule software inventory and file collection	Occurs every 7 days effective 05/19/2019 12:00 AM
	Inventory reporting detail	Full details
	Inventory these files types	(none)
	Collect files	(none)
Software Metering
	Enable software metering on clients	Yes
	Schedule data collection	Occurs every 7 days effective 02/01/1970 12:00 AM
Software Updates
	Enable software updates on clients	Yes
	Software update scan schedule	Occurs every 1 days effective 04/07/2022 3:30 PM
	Schedule deployment re-evaluation	Occurs every 1 days effective 04/07/2022 4:00 PM
	Allow user proxy for software update scans	No
	Enforce TLS certificate pinning for Windows Update client for detecting updates	Yes
	When any software update deployment deadline is reached, install all other software update deployments with deadline coming within a specified period of time	No
	Period of time for which all pending deployments with deadline in this time will also be installed	1 Hours
	Allow clients to download delta content when available	No
	Port that clients use to receive requests for delta content	8005
	If delta content is unavailable from distribution points in the current boundary group, immediately fall back to a neighbor or the site default	No
	Enable management of the Office 365 Client Agent	Yes
	Enable update notifications from Microsoft 365 Apps	No
	Enable installation of software updates in "All deployments" maintenance window when "Software update" maintenance window is available	No
	Specify thread priority for feature updates	Not Configured
	Enable third party software updates	Yes
	Enable Dynamic Update for feature updates	Not Configured
State Messaging
	State message reporting cycle (minutes)	15
User and Device Affinity
	User device affinity usage threshold (minutes)	2880
	User device affinity usage threshold (days)	30
	Automatically configure user device affinity from usage data	No
	Allow user to define their primary devices	No
Windows Diagnostic Data
	Manage Windows telemetry settings with Configuration Manager	No
	Commercial ID key:
	Windows 10 telemetry	Required
	Windows 8.1 and earlier telemetry:	Disable
	Enable Windows 8.1 and earlier Internet Explorer data collection for:	Disable

Related Information

Page:
Common Tasks and Procedures (Endpoint Management)
- configmgr
- administration
Page:
Maintenance Windows and Business Hours (Endpoint Management)
Page:
Deploying Software Updates (Endpoint Management)
- configmgr
- administration
Page:
CM Deploying 3rd Party Updates to Collections (Patch My PC) (Endpoint Management)
Page:
3rd Party Updates List (Endpoint Management)
Page:
CM Client Settings (Endpoint Management)
Page:
Recommended Practices (Endpoint Management)
- configmgr
- administration

Search UT EPM Documentation

Service Links

Get Help

EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.

SERVICE STATUS

Planned Maintenance

ConfigMgr: Every Tuesday, from 6 a.m. – 10 a.m.
Jamf: Every Tuesday, from 8 a.m. – 12 p.m.

Section Content

CM Client Settings

Background Intelligent Transfer

Cloud Services

Client Cache Settings

Client Policy

Compliance Settings

Computer Agent

Computer Restart

Delivery Optimization

Endpoint Protection

Hardware Inventory

Metered Internet Connections

Enrollment

Power Management

Remote Tools

Software Center

Software Deployment

Software Inventory

Software Metering

Software Updates

State Messaging

User and Device Affinity

Windows Diagnostic Data

Related Information