Large organizations often use desktop wallpapers to convey important information to employees. This can include company achievements, recent news, policy updates, and more, ensuring effective communication with the workforce.
Users can set their own wallpapers, but central management ensures a consistent look and benefits such as branding consistency, security, information communication, and ease of support.
- Security Information: Managing desktop wallpaper could help organizations enforce security-related reminders and provide emergency contact information.
- Corporate Environment: Setting a specific wallpaper on all desktop and laptop devices can foster a sense of a Corporate Environment. The company logo, colors, and brand on the desktop wallpaper can show the company’s Identity. It also helps the clients and visitors showcase the brand.
We will use Intune Device Configuration profile > Device Restrictions Template to manage the Desktop Wallpaper and Locked Screen. But before we do that, You will require:
- Two Wallpapers. One is for the locked screen, and one is for the desktop wallpaper screen.
- Both wallpapers must be in PNG, JPG, or JPEG file/format and stored in a location that is Publicly accessible.
To securely store two publicly accessible wallpapers, you can create an Azure Storage Container. However, you can also use other locations, such as SharePoint Online or Dropbox, if they provide public accessibility for the wallpapers.
If you do not want to go with the public location to store desktop and lock screen wallpaper, then you can also copy the wallpapers on the device first and configure it using a device configuration profile. I have demonstrated the steps to configure desktop and lock screen wallpaper using the Win32 app; to know more details, please refer to the blog post: Set Desktop & Lock Screen Wallpaper using Intune Win32 App.
Step-by-Step Guide
Table of Contents
Step 1 – Copy wallpapers to a publicly accessible location
To create a storage account using the Microsoft Azure portal, search for Storage account and select the Create option. Then, fill in the necessary details to complete the storage account creation process.
After creating an Azure Storage account, you can set up a container by navigating to the storage account, selecting Containers, and then clicking + Container.
Provide a name for the container and set the Public access level to Blob (anonymous read access for blobs only). This ensures that the wallpapers stored in this container can be publicly accessed.
Upload lock screen wallpaper and desktop wallpaper to this location.
Click on each of the files to copy the URLs. You can test to confirm if the URLs are publicly accessible by opening an Incognito browser mode.
- https://cloudinfrasa01.blob.core.windows.net/wallpapers/CloudInfra-desktopwall.jpg
- https://cloudinfrasa01.blob.core.windows.net/wallpapers/Cloudinfra-LockScreenwall.jpg
Now that we have two wallpaper locations ready let’s create a Device configuration profile in Intune. Whenever you need to change desktop wallpapers on users’ devices, you must replace these two files with new wallpapers while keeping the same file names.
Step 2 – Create a Device Configuration Profile in Intune
Create a device configuration profile using the below steps:
- Login on Microsoft Intune admin center
- Click on Devices > Configuration > Create > New Policy.
- Platform: Windows 10 and later.
- Profile type: Templates.
- Under Template name select Device restrictions.
Basics Tab
Provide a Name and Description of the Policy.
- Name: Configure Desktop Wallpaper and Locked Screen Wallpaper
- Description: Provide a helpful description.
Configuration settings
You need to configure two settings in the Configuration settings tab. The first is the Locked screen picture URL (Desktop only) setting under the Locked Screen Experience group. The second is Desktop background picture URL (Desktop only), which can be found under the Personalization category.
- Locked screen picture URL (Desktop only) setting. Provide the Locked screen picture URL as https://cloudinfrasa01.blob.core.windows.net/wallpapers/Cloudinfra-LockScreenwall.jpg.
- Desktop background picture URL (Desktop only) setting. Provide Desktop background picture URL as https://cloudinfrasa01.blob.core.windows.net/wallpapers/CloudInfra-desktopwall.jpg.
Assignments tab
Click Add groups and select the Entra security group containing Windows 10/11 test devices. Once testing proves successful, you can expand the deployment by including additional devices in the group.
Review + Create
Review the deployment and click on Create to start the deployment process.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
End-user Experience
After applying this policy to all our organization devices managed by Intune, let’s check the status to see if the desktop and lock screen backgrounds have changed. Additionally, we will verify whether non-admin users can change the backgrounds.
After restarting and waiting for a few minutes, the device configuration profile was successfully applied. The screenshots below show that the desktop and lock screen backgrounds have been updated.
Desktop Background
Locked Screen background
Now, check if a regular non-administrator user account can change the desktop and lock screen backgrounds after configuring via Intune.
As shown in the screenshot below, the desktop background is now managed by Intune and, therefore, cannot be changed by the user. The button to browse for a file to change the background is greyed out, along with all other settings.
Similarly, the lock screen background is also managed by Intune, as shown in the screenshot below. The user cannot change the lock screen background, and the button to browse for a file to change it is greyed out, along with all other settings.
Desktop and lock screen configuration in Windows registry
Desktop and lock screen configurations can be found in the Windows registry at the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP. This registry path contains settings related to desktop and lock screen configurations.
How do you find the Desktop and Lock screen Configuration in Logs?
You can create an MDM Diagnostic HTML report by following these steps:
- Go to Settings > Accounts > Access work or school > Click on the connected organization > Info.
- Scroll down and click on Create report under the Advanced Diagnostic Report option.
The report will be generated and saved at the C:\users\public\Documents location.
Open the MDMDiagReport.html file and locate the two settings for desktopimageurl and lockscreenImageurl applied to the device. These settings will provide information about the desktop and lock screen backgrounds configured on the device.
If you are experiencing difficulties deploying a device configuration profile to a target device, you can generate full diagnostic reports for further troubleshooting and analysis.
mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
Conclusion
In this blog post, we’ve learned how to set desktop and lock screen wallpapers using Intune. The wallpapers will be centrally managed once you deploy this device configuration profile. Just update the wallpapers in your Azure storage account whenever you want to deploy new desktop backgrounds and lock screens on the devices.
Hey I’m having an Issue with this method,
Everything seems fine and the registry key is updated and shows the image’s URL as well as the file path which contains the image.
However, The desktop image is not changed this works fine for the lock screen but no changes are happening on the desktop image.
Let me mention that we have recently migrated our users and their machines to a different domain, when logging in with the same user account no changes but different domain accounts logging in to the same machine are seeing the new wallpaper
Are you aware of if is possible to set a policy like that but somehow not block the user to change if he wants?
Hey Wag, I need to check and confirm on this.
For Desktop Wallpaper – I am working on a solution and about 90% there. Not yet started on Lock screen image yet. I will Share the updates with you soon.
on my test machines it’s also not happening. I only want the lock screen. Registry looks fine. The export to the public documents doesn’t have any trace of the image URL. That’s strange.
I recently deployed a lock Screen to all Intune users, and now I want to let the users choose to change the picture, but the options are greyed out.
Hello Ebrima, Yes the policy will not allow users to change Desktop and Lock screen images as it’s managed by the Administrator. I will have to check if it can be managed and at the same time allow users to change it if they want. I will update you here once I confirm the same.
Hey,
Any updates on this yet? I am also trying to remove the configuration settings for the lock, but the settings do not change on the device. The profile is not applied anymore, but the user cannot change the lock screen picture. It says, ‘manage by your organization”. I did everything possible but could figure out how to change this.
Hi Ebrima,
I have found a solution for Desktop Wallpaper but not for Lock Screen Image yet. I am working on it and share a solution with you.
Hi Jatin,
Could you share the solution for Desktop Wallpaper ?
Jatin, any ideas what could be conflicting with this policy?
I found that this could be set elsewhere too, in settings catalog instead of Device restrictions. Even if I remote that from the former, the latter won’t apply. All screens are default windows blue, yet both the file path and the URL is accessible and the image does get downloaded.
Is it work only to Windows 10 or 11 Enterprise?!
Hey Sergio, This Policy is applicable only for Windows 10/11 Enterprise and Windows 10/11 Education.
If you then later on change the wallpaper image in container (but keep same name), does it automatically update on the device? The config policy would see the file already exist and not replace it, no?
Hey Damain, Replacing the wallpaper file and keeping the same file name should update the wallpaper. A restart of the computer will be required. I will test this scenario and confirm.
[Update]: You can also try to change the file name and update the targeting to check if the wallpaper is updating on the target devices.
I tried updating the image and keepinf the same name. It doesn’t seem to be working without updating the file name on the storage blob and lock/wallpaper URL. Have you noticed otherwise?
Thanks for the article.
Did you manage to test this? It doesn’t seem to be working for me.
Try to change the file name and update the targeting to check if the wallpaper is updating on the target devices.
Hi, Did anyone get this working without changing the file name?
Thanks
How can i set Wallpaper style? I can see, its fit now. I wanted to change this to Fill
You can try this method: https://cloudinfra.net/set-desktop-lock-screen-wallpaper-using-intune-win32-app/
Does it work with local file paths also?
I’ve spotted “Path to lock screen image: (Device)” which I presume will do the local device path for the lock screen. Struggling to spot the equivalent for desktop background
Hello Jatin great blog you got here!
Id have a question regarding the “publicly accessible location” remark.
Would it suffice to have a Sharepoint Online where only “my” users have read access to?
If Microsoft actually requires the URL to be fully publicly accessible, than what’s the point of the policy in the first place? This Policy is only available for an Enterprise license and Id assume most Enterprises would push Wallpapers/Lockscreen with Corporate Brandings which they would not like to have them public
You can try this method of configuration of desktop and lock screen wallpaper which does not require placing the files at public location: https://cloudinfra.net/set-desktop-lock-screen-wallpaper-using-intune-win32-app/