Desktop and Lock screen Wallpaper can be easily managed using Microsoft Intune. I have worked with many organizations where the desktop and lock screen wallpaper on Windows 10 or Windows 11 devices is centrally managed and updated regularly.
In large organizations, where communication to its employees is critical, a desktop wallpaper can be used to provide information related to company’s latest acheivements of the last quarter or could provide latest news and updates on company policy information etc.
You could also let users to update their own desktop and lock screen wallpaper as they like. It all depends upon the organization policies related to this. I would prefer it to be managed so that desktop or laptop devices which belong to the organization look consistent. In addition to that it could provide below benefits:
- Security Information: Managing desktop wallpaper could help organizations enforce security related reminders and provide emergency contact information.
- Corporate Environment: Having set a specific wallpaper on all the desktop and laptop devices can foster a sense of Corporate Environment. Having company logo, colors and brand on the desktop wallpaper can show company Identity. Also helps with the Clients and Visitors to showcase the brand.
I am sure there are number of other benefits of managing a Desktop and Lock screen wallpaper centrally. There are a lot of tools and scripts availalbe for managing it. As all of my company devices are Azure AD joined and enrolled into Intune, its easier to manage these settings using Intune.
We will be using Microsoft Intune Device configuration Policy > Device Restrictions Template for managing both the Desktop Wallpaper and Locked Screen as well. But before we do that, You will require:
- Two Wallpapers. One for Locked Screen and One for Desktop Wallpaper screen.
- Both wallpapers must be in PNG, JPG or JPEG file/format and stored in a location which is publicly accessible.
I have already downloaded two wallpapers. I only need is a secure location where I can keep two wallpapers which are publicly accessible. I would be creating an Azure Storage container for this. However, if you want to use any other wallpaper location which is accessible publicly then you can use that as well e.g. Sharepoint online or Dropbox etc.
Copy wallpapers to a publicly accessible location
You can create a Storage account using Microsoft Azure portal by Searching for Storage account and then click on Create option. Fill in the required details to create a storage account.
Once you have created an Azure Storage account. Open the storage account > Containers > + Container to create a container. Provide the Name of the container and set Public access level to Blob (anonymous read access for blobs only).
Upload lock screen wallpaper and desktop wallpaper in this location.
Click on each of the files to copy the URL’s. You can test to confirm if the URL’s are publicly accessible by opening Incognito mode of the browser. I have tested below two locations and confirmed that they are accessible.
- https://cloudinfrasa01.blob.core.windows.net/wallpapers/CloudInfra-desktopwall.jpg
- https://cloudinfrasa01.blob.core.windows.net/wallpapers/Cloudinfra-LockScreenwall.jpg
Now that we have two wallpapers location ready, Let’s create a Device configuration profile in Intune for this. Whenever you have to change desktop wallpaper’s on users devices, you will just need to replace these two files with new wallpapers but keeping the same file name.
Create Device Configuration Profile in Intune
I will create a device configuration profile using Device restrictions template. Please follow below steps for the same:
- Login on Microsoft Intune admin center
- Click on Devices > Configuration profiles
- Click on + Create profile
- Platform: Windows 10 and later
- Profile type: Templates
- Under Template name select Device restrictions
Basics Tab
Provide a Name and Description of the Policy to Identify it on Microsoft Intune admin center.
- Name: Configure Desktop Wallpaper and Locked Screen Wallpaper
- Description: This device configuration profile will set desktop wallpaper and locked screen wallpaper for cloudinfra MDM devices.
Configuration settings
We need to configure two settings in Configuration settings tab. First one is Locked screen picture URL (Desktop only) setting which is under Locked Screen Experience group and second one is Desktop background picture URL (Desktop only) which can be found under Personalization category.
- Locked screen picture URL (Desktop only) setting. Provide Locked screen picture URL as “https://cloudinfrasa01.blob.core.windows.net/wallpapers/Cloudinfra-LockScreenwall.jpg“
- Desktop background picture URL (Desktop only) setting. Provide Desktop background picture URL as “https://cloudinfrasa01.blob.core.windows.net/wallpapers/CloudInfra-desktopwall.jpg“
Assignments tab
Create an Azure AD Security group which contains devices where this Device configuration profile needs to be deployed. If you want to make sure this setting applies to all the devices in your organization, then you can Simply click on + Add all devices option in Assignments tab and click on Next to proceed.
Review + Create
On Review + Create tab, review the device configuration profile details and click on Create. As soon as you click on create button, The device configuration profile deployment process will start and the process to configure the Desktop and locked screen wallpaper will begin.
Intune Policy Refresh Cycle
The Device will Sync / Check in to start Device configuration profile deployment. It may take some time for the process to start. Therefore, if you are testing it on a test device, you can force initiate Intune refresh cycle on the device which will speed up the download and configuration process. You can also use Powershell to force initiate Intune refresh cycle.
Also, you can restart the device first which also starts the device check-in process. Manual sync is not mandatory on user’s devices as the device check-in process happens automatically. But if you are testing this setting on a test device then this can speed up your testing and can save some time.
End user Experience
After we have applied this policy on all our organization devices which are managed by Intune. Let’s check the status and see if desktop and locked screen background is changed. Also, we will check if non admin user is able to change the backgrounds.
After a restart and waiting for couple of minutes, the device configuration profile has been applied. As you can see from below screenshots, desktop and locked screen backgrounds are updated.
Desktop background
Locked Screen background
Now let’s check if a normal non administrator user account is able to change the desktop and locked screen backgrounds after it has been configured via Intune.
As you can see from be below screenshot, Desktop background is now managed by Intune and therefore cannot be changed by the user. Button to browse to a file to change the background is greyed out along with all other settings.
Lock Screen background is also managed by Intune and therefore cannot be changed by the user. Button to browse to a file to change the background is greyed out along with all other settings.
Desktop and lock screen configuration in Windows registry
You can locate Desktop and lock screen configuration in Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
registry path.
How to find Desktop and Lock screen configuration in Logs
You can generate a MDM Diagnostic HTML report by going to Settings > Accounts > Access work or school > Click on the connected organization > Info > Scroll down and click on Create report uner Advanced Diagnostic Report. The report will be generated at “C:\users\public\Documents” location.
Open MDMDiagReport.html file and find two settings for desktopimageurl and lockscreenImageurl applied on the device.
You can generate full diagnostic reports if you are having issues deploying device configuration profile on the target device.
mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
Conclusion
In this blog post, we have seen how to set desktop and lock screen wallpaper using Intune. After you deploy this device configuration profile, it will now be centrally managed. Make sure to replace the wallpapers in Azure storage account when you want to deploy a new desktop background and locked screen on the devices.
Hey I’m having an Issue with this method,
Everything seems fine and the registry key is updated and shows the image’s URL as well as the file path which contains the image.
However, The desktop image is not changed this works fine for the lock screen but no changes are happening on the desktop image.
Let me mention that we have recently migrated our users and their machines to a different domain, when logging in with the same user account no changes but different domain accounts logging in to the same machine are seeing the new wallpaper