Foundational deployment
      Back to home
      1. Help Center
      2. Onboarding
      3. Foundational deployment

      Validating Devicie Foundation (Windows)

      First-time onboarding? Read this after:

      Manage access to the Devicie Portal

      Overview:

      The foundation template provides a standardized set of configurations that establishes a strong baseline for deploying and managing devices in a cloud-based, secure, productive and scalable manner. It provides the perfect foundation for an organization to build upon to meet their evolving needs and goals.
       

      Assuming the Foundation Template has been successfully deployed to a test device via Intune, we recommend verifying its impact on everyday tasks and workflows relevant to the assigned department or group.

      Consider testing the following areas:

      • Mounted Drives – Ensure accessibility and expected permissions.

      • Printing – Confirm printer connectivity and default settings.

      • Web Browsing – Check for policy enforcement and browsing functionality.

      • WiFi/Network – Validate connectivity, authentication, and performance.

       

      Template Name

      Purpose/Objective

      Type

      Windows Update Notification Settings

      Sets endpoint notification settings for Windows Update

      Settings Catalog

      BitLocker

      Global disk encryption policy. Including OS & Fixed Drives

      Endpoint Security | Disk Encryption

      Defender Antivirus

      Foundation Microsoft Defender Antivirus policy.

      Endpoint Security | Antivirus

      Defender Experience

      Foundation Microsoft Security Experience policy.

      Endpoint Security | Antivirus

      Firewall Settings

      Foundation Windows Firewall policy.

      Endpoint Security | Firewall

      LAPS

      Local Admin Password Solution policy.

      Endpoint Security | Account Protection

      Microsoft 365 Apps

      Microsoft 365 Apps settings policy, including OneDrive.

      Settings Catalog

      Productivity Baseline

      Foundation configuration settings for Windows productivity.

      Settings Catalog

      Security Baseline (Device)

      CIS Based device security policy for frictionless security.

      Settings Catalog

      Security Baseline (User)

      CIS Based user security policy for frictionless security.

      Settings Catalog

      OOBE

      Out-Of-Box-Experience policy for efficient & secure enrollment.

      Custom Config

      Delivery Optimization

      Foundation Microsoft Delivery Optimization policy.

      Settings Catalog

      Microsoft Edge

      Foundation Microsoft Edge policy.

      Settings Catalog

      Autopilot Profile

      Devicie Autopilot Deployment Profile.

      Windows Autopilot Deployment Profile

      Users can verify whether the Foundation Template configurations applied by Devicie are active using built-in Windows tools and Microsoft Intune. Here’s how they can check each setting:


      General Verification via Intune

      1. Sign in to Microsoft Intune: Go to Microsoft Intune Admin Center.
      2. Navigate to Device Configuration: Select Devices > Configuration profiles to see applied policies.
      3. Check Policy Status: Look for the Foundation Template and verify if it shows as Succeeded or Error.

      Checking Individual Settings:

      Windows Update Notification Settings

      Windows UI Method: Open Settings > Windows Update and check if notifications are enabled or restricted

      Registry Validation:

      Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

      Value Name: SetNotifyMode

      Enabled: 1

      Disabled: 0


      BitLocker

      Windows UI Method: Open Control Panel > BitLocker Drive Encryption and verify if BitLocker is turned on.

      Registry Validation:

      Path:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

      Value Name:EnableBDE

      Enabled:1

      Disabled:0

      Defender Antivirus & Defender Experience

      Windows UI Method: Open Windows Security > Virus & Threat Protection and check if Defender is active.

      Registry Validation:

      Path:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

      Value Name:DisableAntiSpyware

      Enabled:0 (Defender is active)

      Disabled:1 (Defender is turned off)

      Firewall Settings

      Windows UI Method: Open Windows Security > Firewall & Network Protection and confirm firewall status.

      Registry Validation:

      Path:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

      Value Name EnableFirewall

      Enabled:1

      Disabled:0

      LAPS (Local Administrator Password Solution)

      Windows UI Method: Run `gpresult /r` in Command Prompt to check if LAPS policies are applied.

      Registry Validation:

      Path:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\LAPS

      Value Name:EnableLAPS

      Enabled:1

      Disabled:0

      Microsoft 365 Apps

      Windows UI Method: Open Settings > Apps > Installed Apps and verify Microsoft 365 installation.

      Productivity & Security Baselines (Device & User)

      Windows UI Method: Check Intune > Endpoint Security > Security Baselines for applied policies.

      OOBE (Out-of-Box Experience)

      Windows UI Method: If applicable, verify Autopilot enrollment settings in Intune > Devices > Windows Enrollment.

      Delivery Optimization

      Windows UI Method: Open Settings > Update & Security > Delivery Optimization and check if peer-to-peer updates are enabled.

      Microsoft Edge

      Windows UI Method: Open Edge > Settings > Managed by your organization to see applied policies.

      Registry Validation:

      Path:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge

      Value Name:HomepageLocation

      Value:Displays the configured homepage URL.

      Autopilot Profile

      Windows UI Method: Check Intune > Devices > Windows Enrollment > Autopilot Devices for assigned profiles.