Configure Settings for Windows Policies

Some policies you create provide a list of options for you to specify, enable, or disable. For example, when you create a policy for Window devices to control when the screen saver locks down an inactive device, you need to also configure the timeout in seconds.

Specific policies have nuances that are important to note as you apply them to your fleet. For example, after applying a Windows policy, it may take 5-10 minutes for the policy update process to run. We recommend that you reference the article for a specific policy if you have concerns.

Below is a list of all Windows policies in JumpCloud. Specific instructions for more nuanced policies are linked in the Learn More column. If a Learn More article isn't listed, you can use the basic steps in Get Started: Policies for help.

Windows Policies

Policy Name Description Category Learn More
Advanced: Custom Registry Keys Manage the specific registry keys you need all in one place, and easily see which devices have the registry changes applied. Enterprise Settings, Configuration Create Your Own Windows Policy Using Registry Keys
Allow System To Be Shutdown Without Having To Logon Ensure the device is able to be shut down from the log on screen. Enterprise Settings  
Allow The Use of Biometrics Allow or restrict users from logging in to a managed device using biometrics. Note: JumpCloud doesn’t allow the use of Multi-Factor Authentication (MFA) and biometrics simultaneously. Security, Compliance Manage Windows Biometrics Using a Policy
Allow Use Of Camera Control access to the camera on the device. Enterprise Settings, Security  
BitLocker Full Disk Encryption Enable and enforce BitLocker Full Disk Encryption for JumpCloud-managed devices. The BitLocker policy also lets admins easily view Recovery Keys for Windows devices that have this policy applied. Enterprise Settings, Security BitLocker Policy
Block Microsoft Accounts Manage the ability to add or log in with Microsoft Accounts. Enterprise Settings, Compliance  
Bluetooth Policy Configure Bluetooth restrictions for Windows devices. Enterprise Settings, Security, MDM Bluetooth Policy
Built-in Administrator Account Status Disable or enable the built-in administrator account. Enterprise Settings, Compliance  
Built-in Guest Account Status Disable or enable the built-in guest account. Enterprise Settings, Compliance  
Configure Explorer Configure the behavior of Explorer in Windows. Enterprise Settings, Configuration  
Configure Help Configure the behavior of Help in Windows. Enterprise Settings, Configuration  
Configure QoS Configure the behavior of QoS in Windows. Enterprise Settings, Configuration  
Configure Windows Updates Control when and how updates and upgrades are downloaded and installed. Enterprise Settings, OS Management Deploy Windows Updates to your Devices with Windows Update Policy
Control Conflict Policy Ensure that the MDM policies take precedence over group policies when the policies are configured on MDM channel. This policy is enabled by default and not displayed on the admin console. Enterprise Settings, Security, Network, MDM
Control Panel Display Set computer and user configurations to force a specific visual style on a Windows system. Enterprise Settings, Configuration Control Display Styles on a Windows System Using a Policy
Device Installation Control the behavior of Device Installation in Windows. Enterprise Settings, Security  
Disable Cortana Control the behavior of Device Installation in Windows. Enterprise Settings, Configuration  
Disable Windows Spotlight Features Disable the device's ability to utilize Windows Spotlight. Enterprise Settings, Security  
Disable Windows Store Application Disable the device’s ability to launch the Windows Store application. Enterprise Settings, Configuration  
Disable Windows Store & Universal Windows Platform Applications Disable the device’s ability to launch Windows Store and all Universal Windows Platform Applications on the system. Enterprise Settings, Configuration  
Display Configuration Control the behavior of Displays in Windows. Enterprise Settings, Configuration  
Display User Info When The Session Is Locked Control visibility of logged-in user's information when the device is locked. Enterprise Settings, Security  
DNS Client Control the behavior of the DNS Client in Windows. Enterprise Settings, Network  
Do Not Display Last Username on Logon Screen Require a username and password before logging into a device. Enterprise Settings, Security  
Do Not Require CTRL+ALT+DEL on logon screen Require CTRL+ALT+DEL before logging into a system. Enterprise Settings, Compliance  
Error Reporting Control the behavior of Error Reporting in Windows. Enterprise Settings, Compliance  
Event Logging Control the behavior of Event Logging in Windows. Enterprise Settings, Compliance  
FeedbackNotifications Control the behavior of FeedbackNotifications in Windows. Enterprise Settings, Configuration  
File Recovery Control the behavior of File Recovery in Windows. Enterprise Settings, Compliance  
FindMyDevice Control the behavior of FindMyDevice in Windows. Enterprise Settings, Security  
Globalization Control the behavior of Globalization in Windows. Enterprise Settings, Configuration  
Google Chrome Browser Preferences Disable the use of some security-related features of Chrome, such as the use of password manager, data security and privacy, and browsing experience, while making sure that users have access to the sites they need to improve productivity and efficiency. Enterprise Settings, Configuration Manage Chrome Browser Preferences Using a Policy
Install Certificate Policy Configure the install certificate for Windows devices enrolled in JumpCloud MDM Enterprise Settings, Network, Security, MDM Install Certificate Policy
JumpCloud App Controls Control the behavior of the JumpCloud App on JumpCloud-managed Windows systems. Remote Management, Configuration  
Lock Screen Unattended devices that are still active with a user logged in create opportunities for unauthorized access to information and misuse of accounts. Lock inactive devices using JumpCloud's policy framework. Security, Compliance Creating a Lock Screen Policy for Windows Devices
Logon Control the behavior of Logon in Windows. Security, Compliance  
Message Text For Users Attempting To Log On Specify a text message and title caption that is displayed to users when they log on. Enterprise Settings, Configuration  
MicrosoftAccount Control the behavior of MicrosoftAccount in Windows. Enterprise Settings, Configuration  
Microsoft Edge Control the behavior of Microsoft Edge on Windows 10. Note: This does not support the Microsoft Edge Chromium browser. Enterprise Settings, Configuration  
Mobilepcmobilitycenter Control the behavior of Mobilepcmobilitycenter in Windows. Enterprise Settings, Configuration  
Mozilla Firefox Browser Preferences Govern the use of Firefox, such as passwords, site and form history, data security by blocking autocomplete features, and the downloading experience. Enterprise Settings, Configuration Manage Firefox Browser Preferences Using a Policy
Msi Control the behavior of MSI in Windows. Enterprise Settings, Configuration  
Onedrive Control the behavior of OneDrive in Windows. Enterprise Settings, Configuration  
Performance Diagnostics Control the behavior of Performance Diagnostics in Windows. Enterprise Settings, Configuration  
Power Management Control the behavior of Power in Windows. Enterprise Settings, Configuration  
Remote Assistance Control the behavior of Remote Assistance in Windows. Remote Management, Configuration  
Remote Management Control the behavior of Remote Management in Windows. Remote Management, Configuration  
Remote Shell Control the behavior of Remote Shell in Windows. Remote Management, Configuration  
Removeable Storage Control the behavior of Removable Storage in Windows. Deny all or specify which types of removable storage to deny. Enterprise Settings, Security Manage Removable Storage on Windows Devices
Rename Local Administrator Account Rename the inbuilt Local Administrator account. Enterprise Settings, Configuration  
Rename Local Guest Account Rename the inbuilt Local Guest account. Enterprise Settings, Configuration  
Restrict Control Panel Access Restrict access to the panes of the Control Panel. Enterprise Settings, Configuration  
Restrict Settings App Visibility Restrict access to the pages of the UWP Settings Application. Enterprise Settings, Configuration  
SCEP Profiles Policy Configure Simple Certificate Enrollment Protocol (SCEP) for your JumpCloud MDM enrolled Windows devices. Enterprise Setting, Security, MDM SCEP Profiles Policy
Sharing Control the behavior of Sharing in Windows. Enterprise Settings, Configuration  
Software Restrictions Specify locations where applications can run or can’t run. Enterprise Settings, Software Management Restrict Software on Windows Devices Using a Policy
Start Menu Control the behavior and preference settings for the Start Menu on Windows. Enterprise Settings, Configuration  
Systemrestore Control the behavior of Systemrestore in Windows. Enterprise Settings, Configuration  
Turn Off Autoplay. Disable the autoplay feature on all drives. Enterprise Settings, Configuration  
VPN Policy Configure a VPN profile policy for Windows devices to securely and remotely access the organization’s network. Enterprise Settings, Network, Security, MDM VPN Policy
WiFi Configuration Policy Configure a wireless network for Windows devices. Enterprise Settings, Network, Security, MDM WiFi Configuration Policy
Windows Defender Control the behavior of Windows Defender in Windows. Enterprise Settings, OS Management  
Windows Firewall Control the behavior of Windows Firewall in Windows. Enterprise Settings, OS Management Create a Windows Firewall Policy
Winmaps Control the behavior of Winmaps in Windows. Enterprise Settings, Configuration  

Windows 10 Enterprise N Edition Considerations

Note:

The "N" editions of Windows 10 include the same functionality as other editions of Windows 10, except for media-related technologies. The N editions don't include Windows Media Player, Skype, or certain preinstalled media apps (Music, Video, Voice Recorder). New features such as Cortana, Windows Hello, and PDF viewing in the new Edge browser rely on Windows Media files that aren't included in N editions. Certain websites and software, such as Windows Store apps or Microsoft Office, use Windows Media-related files that aren't included in N editions. The following is a list of JumpCloud policies that are not supported (or, where noted, partially supported with degraded experience) on Windows 10 Enterprise N.

  • Allow Use of Biometrics
  • Allow Use of Camera
  • Configure Explorer – Windows update configuration is affected by missing media dependencies
  • Configure Windows Updates – Windows Store apps with media dependencies are affected
  • Disable Cortana
  • Display User Info When Session is Locked – Lock screen appearance differs due to missing media dependencies
  • Do Not Display Last Username on Logon Screen – Lock screen appearance differs due to missing media dependencies
  • Do Not Require CTRL+ALT+DEL on Logon Screen – Lock screen appearance differs due to missing media dependencies
  • FeedbackNotifications
  • Message Text for Users Attempting to Log On – May be affected by missing media dependencies
  • Microsoft Edge – May be affected by missing media dependencies
  • OneDrive
  • Removable Storage
  • Software Restrictions
  • Windows Defender – May have limited functionality
  • Winmaps – May be affected by missing media dependencies
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case