This Microsoft Intune blog post will show how to create a custom device profile with Microsoft Intune.
Before diving into creating a custom device profile, let’s start by explaining what a custom device profile is.
In Microsoft Intune, a custom device profile is a configuration profile that includes settings unavailable in the built-in profiles (Email, VPN, Identity, Security).
We configure custom profiles using the Service Provider Reference, which lists all the settings needed for configuration items not in the built-in profiles.
Creating a Custom Device Profile Microsoft Intune
In the following configuration, we will set a custom policy, apply the following configuration item (Allow lockout of administrator account), and set it not to allow.
To create a custom configuration profile for a Windows machine.
Open the Intune console
Create a new configuration profile
Select Custom template
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2024/02/image-71.png)
Name the policy and move to the Configuration settings tab.
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2024/02/image-72.png)
In the Configuration settings, click on Add.
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2024/02/image-74.png)
Fill in the details using the reference link and set the value (0-1).
Name: AllowAdministratorLockout
Description: Allow Administrator account lockout
OMA-URL: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/AllowAdministratorLockout
Data type: Integer
Value: 0
![](https://ntweekly-3e2e1f4957bdf35452c0-endpoint.azureedge.net/blobntweekly18036ad1fb/wp-content/uploads/2024/02/image-73.png)