In this blog post, I will show you the steps to set desktop and lock screen wallpaper using Intune. Large organizations often use desktop wallpapers and lock screen wallpaper to convey important information to employees. This can include company achievements, recent news, policy updates etc.
Users can set their own wallpapers, but managing desktop wallpaper from a central place like Intune ensures a consistent look across all devices. Besides this, it also provides:
- Security Information: Managing desktop and lock screen wallpaper could help organizations enforce security-related reminders and provide emergency contact information.
- Corporate Environment: Setting corporate wallpaper on all devices can foster a sense of a corporate environment. The company logo, colors, and brand on the wallpapers can show the company’s Identity. It also helps the clients and visitors showcase the brand.
We will use Intune Device Configuration profile > Device Restrictions template to manage the desktop and lock screen wallpaper. But before we do that, You will require:
- Two Wallpapers. One is for the locked screen, and one is for the desktop wallpaper screen.
- Both wallpapers must be in PNG, JPG, or JPEG file/format and stored in a location that is Publicly accessible.
To securely store two publicly accessible wallpapers, you can create an Azure storage container. However, you can also use other locations, such as SharePoint Online or Dropbox, if they provide public accessibility for the wallpapers.
If you do not want to go with the public location to store desktop and lock screen wallpaper files, then you package the wallpapers and copy it on the device first and configure it using a device configuration profile. To know more details, please refer to the blog post: Set Desktop & Lock Screen Wallpaper using Intune Win32 App.
Step-by-Step Guide
Contents
Step 1: Copy Wallpapers to a Publicly Accessible Location
Desktop and lock screen wallpaper files should be publicly accessible, or at least accessible from the target devices. You can store these files at any location which is accessible over the internet. I would be using Azure storage container and copy these files. Let’s take a look:
To create a storage account using the Microsoft Azure portal, search for Storage account and select the Create option. Then, fill in the necessary details to complete the storage account creation process.
After creating an Azure Storage account, you can set up a container by navigating to the storage account, selecting Containers, and then clicking + Container.
Provide a name for the container and set the Public access level to Blob (anonymous read access for blobs only). This ensures that the wallpapers stored in this container can be publicly accessed.
Upload lock screen wallpaper and desktop wallpaper to this location.
Click on each of the files to copy the URLs. You can test to confirm if the URLs are publicly accessible by opening an Incognito browser mode.
- https://cloudinfrasa01.blob.core.windows.net/wallpapers/CloudInfra-desktopwall.jpg
- https://cloudinfrasa01.blob.core.windows.net/wallpapers/Cloudinfra-LockScreenwall.jpg
Now that we have two wallpaper locations ready, let’s create a Device configuration profile in Intune. Whenever you need to change desktop wallpapers on users devices, you must replace these two files with new wallpapers while keeping the same file names.
Step 2: Create a Device Configuration Profile in Intune
Create a device configuration profile using the below steps:
- Login to Intune admin center > Devices > Configuration > Create > New Policy.
- Platform: Windows 10 and later.
- Profile type: Templates.
- Under Template name, select Device restrictions.
- Basics: Provide a Name and Description of the Policy.
- Configuration settings: We will configure below two settings
- Locked screen picture URL (Desktop only).
- Desktop background picture URL (Desktop only).
- Locked screen picture URL (Desktop only): Provide the locked screen picture URL as https://cloudinfrasa01.blob.core.windows.net/wallpapers/Cloudinfra-LockScreenwall.jpg.
- Desktop background picture URL (Desktop only): Provide Desktop background picture URL as https://cloudinfrasa01.blob.core.windows.net/wallpapers/CloudInfra-desktopwall.jpg.
- Assignments: Click Add groups and select the Entra security group containing Windows 10/11 devices.
- Review + create: Review the deployment and click on Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
End User Experience
After applying this policy to all Intune-managed devices, let’s check the status to see if the desktop and lock screen backgrounds have changed. Also, we will verify whether non-admin users can change the backgrounds.
After restarting and waiting for a few minutes, the device configuration profile was successfully applied. The screenshots below show that the desktop and lock screen backgrounds have been updated.
Desktop Background
Locked Screen background
Now, check if a regular non-administrator user account can change the desktop and lock screen backgrounds after configuring via Intune.
As shown in the screenshot below, the desktop background is now managed by Intune and, therefore, cannot be changed by the user. The button to browse for a file to change the background is greyed out, along with all other settings.
Similarly, the lock screen background is also managed by Intune, as shown in the screenshot below. The user cannot change the lock screen background, and the button to browse for a file to change it is greyed out, along with all other settings.
Desktop and Lock Screen Wallpaper Config in Registry
Desktop and lock screen configurations can be found in the Windows registry at the following path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP.
Verify Desktop/Lock Screen Wallpaper Configuration in Logs
We can also verify the desktop and lock screen wallpaper configuration using MDM diagnostic logs. For checking the logs, you must have access to one of the target device.
Create MDM Diagnostic report file:
- Go to Settings > Accounts > Access work or school > Click on the connected organization > Info.
- Scroll down and click on Create report under the Advanced Diagnostic Report option.
- The report will be generated and saved at the C:\users\public\Documents location.
Open the MDMDiagReport.html file and locate the two settings for desktopimageurl and lockscreenImageurl applied to the device. These settings will provide information about the desktop and lock screen backgrounds configured on the device.
If you are experiencing difficulties deploying a device configuration profile to a target device, you can generate full diagnostic reports for further troubleshooting and analysis.
mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
Conclusion
In this blog post, we’ve learned how to set desktop and lock screen wallpapers using Intune. The wallpapers will be centrally managed once you deploy this device configuration profile. Just update the wallpapers in your Azure storage account whenever you want to deploy new desktop backgrounds and lock screens on the devices.
Hey I’m having an Issue with this method,
Everything seems fine and the registry key is updated and shows the image’s URL as well as the file path which contains the image.
However, The desktop image is not changed this works fine for the lock screen but no changes are happening on the desktop image.
Let me mention that we have recently migrated our users and their machines to a different domain, when logging in with the same user account no changes but different domain accounts logging in to the same machine are seeing the new wallpaper
Are you aware of if is possible to set a policy like that but somehow not block the user to change if he wants?
Hey Wag, I need to check and confirm on this.
For Desktop Wallpaper – I am working on a solution and about 90% there. Not yet started on Lock screen image yet. I will Share the updates with you soon.
on my test machines it’s also not happening. I only want the lock screen. Registry looks fine. The export to the public documents doesn’t have any trace of the image URL. That’s strange.
I recently deployed a lock Screen to all Intune users, and now I want to let the users choose to change the picture, but the options are greyed out.
Hello Ebrima, Yes the policy will not allow users to change Desktop and Lock screen images as it’s managed by the Administrator. I will have to check if it can be managed and at the same time allow users to change it if they want. I will update you here once I confirm the same.
Hey,
Any updates on this yet? I am also trying to remove the configuration settings for the lock, but the settings do not change on the device. The profile is not applied anymore, but the user cannot change the lock screen picture. It says, ‘manage by your organization”. I did everything possible but could figure out how to change this.
Hi Ebrima,
I have found a solution for Desktop Wallpaper but not for Lock Screen Image yet. I am working on it and share a solution with you.
Hi Jatin,
Could you share the solution for Desktop Wallpaper ?
Jatin, any ideas what could be conflicting with this policy?
I found that this could be set elsewhere too, in settings catalog instead of Device restrictions. Even if I remote that from the former, the latter won’t apply. All screens are default windows blue, yet both the file path and the URL is accessible and the image does get downloaded.
Is it work only to Windows 10 or 11 Enterprise?!
Hey Sergio, This Policy is applicable only for Windows 10/11 Enterprise and Windows 10/11 Education.
If you then later on change the wallpaper image in container (but keep same name), does it automatically update on the device? The config policy would see the file already exist and not replace it, no?
Hey Damain, Replacing the wallpaper file and keeping the same file name should update the wallpaper. A restart of the computer will be required. I will test this scenario and confirm.
[Update]: You can also try to change the file name and update the targeting to check if the wallpaper is updating on the target devices.
I tried updating the image and keepinf the same name. It doesn’t seem to be working without updating the file name on the storage blob and lock/wallpaper URL. Have you noticed otherwise?
Thanks for the article.
Did you manage to test this? It doesn’t seem to be working for me.
Try to change the file name and update the targeting to check if the wallpaper is updating on the target devices.
Hi, Did anyone get this working without changing the file name?
Thanks
Hi Jatin. Were you able to successfully test this? That is changing the image on the blob, but keeping the same filename? I am not having any luck.
@Dave – If there are any issues, please try create Win32 app which includes the wallpapers. When you want to update them you can simply recreate the package and deploy it on the end user devices.
Please refer to the steps for same in this blog post: https://cloudinfra.net/set-desktop-lock-screen-wallpaper-using-intune-win32-app/
How can i set Wallpaper style? I can see, its fit now. I wanted to change this to Fill
You can try this method: https://cloudinfra.net/set-desktop-lock-screen-wallpaper-using-intune-win32-app/
Does it work with local file paths also?
I’ve spotted “Path to lock screen image: (Device)” which I presume will do the local device path for the lock screen. Struggling to spot the equivalent for desktop background
Hello Jatin great blog you got here!
Id have a question regarding the “publicly accessible location” remark.
Would it suffice to have a Sharepoint Online where only “my” users have read access to?
If Microsoft actually requires the URL to be fully publicly accessible, than what’s the point of the policy in the first place? This Policy is only available for an Enterprise license and Id assume most Enterprises would push Wallpapers/Lockscreen with Corporate Brandings which they would not like to have them public
You can try this method of configuration of desktop and lock screen wallpaper which does not require placing the files at public location: https://cloudinfra.net/set-desktop-lock-screen-wallpaper-using-intune-win32-app/
HI, thx for the HowTo but unfortunately its not working for me.
Followed step by step exactly the same like your advises…but no success.
Lockscreen is flipping back to default and wallpaper shows black screen