Intune: Setting custom wallpaper and lockscreen on Windows 10 devices with PowerShell and Azure Storage Blobs

If you want to deploy a custom branded wallpaper and/or lockscreen for devices via Intune, this is natively supported if your devices are running Windows 10 Enterprise or Education, and is easily done via the GUI in Intune, as seen on the info dialog in configuration profiles:

But what if you want to do this with Windows 10 Pro or similar?
Well, then you need to do it via PowerShell, to set som reg values, and get the image files over to the devices you are looking to customize.

Here I will show you how I am doing this with the combination of powershell, Azure storage blobs, and Intune.

Note: The Azure resources in this guide are only for illustration, and are created while writing this post, and deleted after.

To start, get your Azure storage account, containers and blobs ready.

Using Azure storage blob, you get a cheap way of making the image files available for fetching with powershell later.
When you put files up on the blob, you can get a unique URI for the wanted file, for use in the later script.
You can also control the availability of this URI for expiration etc.

Costwise, this is also cheap, so no worry there, and of course, you can use the blob later for other things as well, it is all up to your imagination.

Lets begin:

Head over to your Azure admin portal at https://portal.azure.com and log in with your admin credentials. After login, search for storage accounts in the search bar, and select storage accounts.

Once in the storage accounts view, click add, to create a new storage account, or use an exisiting one should you want to. The guide is based on creating a new one

Next, choose the subscription to bill the storage account to, and select the resource group for the storage account, Create a new resource group for this purpose – as I am doing below.
Set a name for your storage account – this must be unique across Azure.
Change your location to the one that best suits your purpose
The rest can be left as default.

Click review+create, and then Create on the next screen to complete.
(Should you want to apply tags etc – feel free to do so first)

*If you worry about the costs for this storage – you can check this here :*
*https://azure.microsoft.com/en-us/pricing/details/storage/blobs/*
And as you can se on that page – the cost will not be noticable for this, unless you have a crazy amount of usage for the deployment. Remember, we are doing this for some image files – not huge chunks of data.

Wait for the creation to complete – takes a short amount of time

When complete, click on the button “Go to resource” to continue

This will take you to the overview section of your new storage account, click on Containers to continue

Click + on the Container option, to create a new container, give it a name, and click create

After creation, it will show in the container section, clik on the container to continue

Once inside the container, click upload to upload your image file(s)
Repeat for wallpaper and lockscreen

Right click on the uploaded file,
Select “Generate SAS”

Set to read
HTTPS as protocol,
Change the start and expiry iinformation to your need
Click generate SAS token and URL.
Copy the URL given in the Blob SAS URL field – you need this for the script later.

Repeat for both files as needed.

**PS: Take note of the Start an Expiry information for the URL, change it to something usable – default is just 24 hours, something that will not be ideal for this deployment for Intune.**

After doing this, and having noted down the 2 URLs for the files, the next step is to get your script ready for Intune.

Getting your script in order

The powershell script I am using for this is located on my GitHub, and can be found here:
https://github.com/geirdybbugt/Archive-Dybbugt.no/blob/master/Win10/

Download the script and change the following, to get it adapted to your previously created URLs for the image files, also change the location for where the files are put on the endpoints if you want.

You are now ready to deploy the script to your endpoints via Intune.

Deploy powershell script via Intune

Head over to the Microsoft Endpoint Manager admin center, here: https://devicemanagement.microsoft.com/

Click your way to Devices>Windows>PowerShell scripts

Input a name and description for the script, click next

Click the browse button to upload your script, set it to run on 64 bit PowerShell host, click Next

Assign the script to the group you wish to deploy this to, click Review + save

Review your settings, click Add if everything looks ok

Your devices will now get this script shortly. The script will run on the device, download the images from your Azure Storage Blob, and set the needed values for wallpaper and lockscreen on your devices.

Thoughts?

As you can see, this is a rather easy way to get this done around your devices, and you may also get other ideas, on things you can do the same way by leveraging the same methodology for deployment with Azure storage.

There are many usecases you can leverage here if you put your mind to it.

Some of the things I am using this for myself, together with Autopilot, are:

Pushing my custom KeePass config file across my devices
Pushing Outlook signatures across devices
Setting wallpaper/lockscreen
Pulling, and deploying various Generic GPOs from Azure when deploying new setups
Fetching script packages from Azure to devices when doing various tasks – having one file, getting the rest from Azure on demand, with menus on what script to run etc – timesaving, and easy to maintain

Hope anyone finds this useful.

Geir Dybbugt

Senior System Consultant at SERIT, localized in Kristiansund, Norway.

Focused on EUC, security, mobility, virtualization, management and a modern workplace.
Highly specialized around RDS/Citrix/EUC/Mobility.

You can view my profile over at Youracclaim here.

dybbugt.no

5 thoughts on “Intune: Setting custom wallpaper and lockscreen on Windows 10 devices with PowerShell and Azure Storage Blobs”

Steve says:

October 28, 2020 at 20:56

Do you HAVE to use the storage blob in order to push backgrounds?

- Geir Dybbugt says:
  
  October 30, 2020 at 16:14
  
  No, you can use other sources if you want. As long as it is available to fetch from the client side.
  
Simon Skotheimsvik says:

April 25, 2020 at 20:03

Great use of technology Geir! Thanks for sharing!

Daniel Yurcovic says:

April 25, 2020 at 19:12

This is great does it allow the user to change the wallpaper?

- Geir Dybbugt says:
  
  April 25, 2020 at 19:23
  
  The option will be grayed out. So only option to bypass is for the user to replace the files with something else if they have access.

Original content here is published under these license terms:		X

License Type:	Non-commercial, Attribution, Share Alike

License Abstract:	You may copy this content, create derivative work from it, and re-publish it for non-commercial purposes, provided you include an overt attribution to the author(s) and the re-publication must itself be under the terms of this license or similar.

License URL:	https://creativecommons.org/licenses/by-nc-sa/3.0/

Intune: Setting custom wallpaper and lockscreen on Windows 10 devices with PowerShell and Azure Storage Blobs