You can use an Intune configuration profile to set the PowerShell execution policy on your enrolled Windows devices. Having the ability to set the PowerShell execution policy is crucial for security purposes; it also allows you to be able to use Intune to deploy PowerShell scripts (remember that the default policy on Windows client devices is Restricted meaning that scripts cannot run; use the steps below to change the policy to allow scripts run).

Steps to Create the Configuration Profile

Part 1

• Open the Endpoint Manager (Intune) portal.

• Select Devices in the left-hand menu blade.

• Select Windows > Configuration Profiles.

• Select + Create > + New Policy (See Figure 1 above).

  • Platform: Windows 10 and later

  • Profile type: Templates > Administrative Templates

• Select Create.

Part 2

• Under the Basics tab, input a name and optionally, a description.

Part 3

• Under the Configuration settings tab, complete the following steps:

  • Select All Settings in the left-hand navigation pane.

  • Search for script execution.

  • Select Turn on Script Execution for either the User context, Device context, or both.

  • Select the bubble next to Enabled, to enable the configuration and then choose which policy from the dropdown menu (ex. Allow only signed scripts).

• Select Next and continue through the rest of the prompts to scope, assign, and finalize the creation of the configuration policy.