If you want to deploy a custom branded wallpaper and/or lockscreen for devices via Intune, this is natively supported if your devices are running Windows 10 Enterprise or Education, and is easily done via the GUI in Intune, as seen on the info dialog in configuration profiles:
But what if you want to do this with Windows 10 Pro or similar?
Well, then you need to do it via PowerShell, to set som reg values, and get the image files over to the devices you are looking to customize.
Here I will show you how I am doing this with the combination of powershell, Azure storage blobs, and Intune.
Note: The Azure resources in this guide are only for illustration, and are created while writing this post, and deleted after.
To start, get your Azure storage account, containers and blobs ready.
Using Azure storage blob, you get a cheap way of making the image files available for fetching with powershell later.
When you put files up on the blob, you can get a unique URI for the wanted file, for use in the later script.
You can also control the availability of this URI for expiration etc.
Costwise, this is also cheap, so no worry there, and of course, you can use the blob later for other things as well, it is all up to your imagination.
Lets begin:
Set a name for your storage account – this must be unique across Azure.
Change your location to the one that best suits your purpose
The rest can be left as default.
Click review+create, and then Create on the next screen to complete.
(Should you want to apply tags etc – feel free to do so first)
If you worry about the costs for this storage – you can check this here :
https://azure.microsoft.com/en-us/pricing/details/storage/blobs/
And as you can se on that page – the cost will not be noticable for this, unless you have a crazy amount of usage for the deployment. Remember, we are doing this for some image files – not huge chunks of data.
Repeat for wallpaper and lockscreen
Select “Generate SAS”
HTTPS as protocol,
Change the start and expiry iinformation to your need
Click generate SAS token and URL.
Copy the URL given in the Blob SAS URL field – you need this for the script later.
Repeat for both files as needed.
PS: Take note of the Start an Expiry information for the URL, change it to something usable – default is just 24 hours, something that will not be ideal for this deployment for Intune.
After doing this, and having noted down the 2 URLs for the files, the next step is to get your script ready for Intune.
Getting your script in order
https://github.com/geirdybbugt/Archive-Dybbugt.no/blob/master/Win10/
You are now ready to deploy the script to your endpoints via Intune.
Deploy powershell script via Intune
Click your way to Devices>Windows>PowerShell scripts
Your devices will now get this script shortly. The script will run on the device, download the images from your Azure Storage Blob, and set the needed values for wallpaper and lockscreen on your devices.
Thoughts?
As you can see, this is a rather easy way to get this done around your devices, and you may also get other ideas, on things you can do the same way by leveraging the same methodology for deployment with Azure storage.
There are many usecases you can leverage here if you put your mind to it.
Some of the things I am using this for myself, together with Autopilot, are:
- Pushing my custom KeePass config file across my devices
- Pushing Outlook signatures across devices
- Setting wallpaper/lockscreen
- Pulling, and deploying various Generic GPOs from Azure when deploying new setups
- Fetching script packages from Azure to devices when doing various tasks – having one file, getting the rest from Azure on demand, with menus on what script to run etc – timesaving, and easy to maintain
Hope anyone finds this useful.
Senior System Consultant at SERIT, localized in Kristiansund, Norway.
Focused on EUC, security, mobility, virtualization, management and a modern workplace.
Highly specialized around RDS/Citrix/EUC/Mobility.
Thank you Geir Dybbugt for the share,
The script did not change my desktop background, but for the lock screen it works,
What could be the issue please ?
Try restarting the explorer process. Sometimes needed the first time
Thx for the tutorial. The lockscreen works, the wallpaper unfortunately doesn’t, it is downloaded but not used. What could be the reason?
Found the solution. Script needs to run with logged on credentials.
This was a godsend for my users that don’t use E3 licensing! Thanks for the detailed info!!!
Glad you found it helpful🙂
How are you Pushing Outlook signatures across devices with intune
Signature files located in azure, powershell script that looks for the accountname in question in the registry, and downloads the files and sets the values in registry when found. By no means perfect🙂
Do you HAVE to use the storage blob in order to push backgrounds?
No, you can use other sources if you want. As long as it is available to fetch from the client side.
Great use of technology Geir! Thanks for sharing!
This is great does it allow the user to change the wallpaper?
The option will be grayed out. So only option to bypass is for the user to replace the files with something else if they have access.