How to Allow or Block Camera using Intune

Photo of author
Jatin Makhija
0

In this blog post, I’ll show you how to allow or block Camera using Intune. For security reasons, you may want to restrict camera use on Windows, iOS, or Android devices. We’ll use Settings Catalog policy across all device types. Please find below settings catalog policy details for Windows devices. Continue reading for step-by-step instructions.

Profile typeCategorySettingStatus
Settings CatalogCameraAllow CameraNot Allowed: Disables the camera

Allowed: Enables the camera

Allow/Block Camera on Windows Devices

  • Sign in to Intune admin center > Devices > Windows > Configuration > Create > New Policy.
  • Platform: Windows 10 and later
  • Profile type: Settings catalog
  • Click Create.
  • On the Basics tab, provide a Name and Description of the policy and click Next.
  • On Configuration settings tab, click on + Add settings and use the Settings picker to search using Allow Camera keyword and select Camera category. Then select Allow Camera policy setting.
  • Allow Camera: Use the drop-down and select Not allowed (To block the camera) and Allowed (To enable camera).
Block Camera Using Intune on Windows
  • Scope tags: Click Next
  • Assignments: Assign this policy to an entra security group containing users or devices. It’s a best practice to test the policy on a few users/devices first. If it’s working fine, then extend it further.
  • Review + create: Review the policy settings and click on Create.

Allow/Block Camera on iOS/iPadOS

Follow below steps to allow or block camera on iOS/iPadOS. Please note that these steps will work for macOS as well. Simply navigate to Intune admin center > Devices > macOS > Configuration instead of iOS/iPadOS. Rest of the steps are the same.

  • Sign in to Intune admin center > Devices > iOS/iPadOS > Configuration > Create > New Policy.
  • Platform: iOS/iPadOS
  • Profile type: Settings catalog
  • Click Create.
  • On the Basics tab, provide a Name and Description of the policy and click Next.
  • On Configuration settings tab, click on + Add settings and use the Settings picker to search using Allow Camera keyword and select Camera category. Then select Allow Camera policy setting.
  • Allow Camera: Use the toggle switch to enable or disable the camera.

Configure the Restrictions payload to enable or disable features on devices. These configurations can be used prevent users from accessing a specific app, service or function on enrolled devices. For example, a restriction can be added that prevents an iPhone or iPad from using AirPrint. Another restriction can be added to prevent the sharing of passwords over AirDrop on an iPhone, iPad and Mac. Certain restrictions on an iPhone may be mirrored on a paired Apple Watch.

A note about iOS/iPadOS Device restrictions policy settings

Block Camera on iPadOS/iOS using Intune
  • Scope tags: Click Next
  • Assignments: Assign this policy to an entra security group containing users or devices. It’s a best practice to test the policy on a few users/devices first. If it’s working fine, then extend it further.
  • Review + create: Review the policy settings and click on Create.

Allow/Block Camera on Android Devices (Enterprise/Work Profile)

  • Sign in to Intune admin center > Devices > Android > Configuration > Create > New Policy.
  • Platform: Android (AOSP) or Android Enterprise depending upon the target device enrollment.
  • Profile type: Settings catalog
  • Click Create.
  • On the Basics tab, provide a Name and Description of the policy and click Next.
  • On Configuration settings tab, click on + Add settings and use the Settings picker to search using Camera keyword and select Device Restriction Personal Profile category. Then select Block Camera policy setting.
  • Block Camera: Setting it to True will block the camera on target Android devices. Keeping it at false will keep the camera enabled, and Users will not be able to disable it on their device.
Block Camera on Android Devices using Intune

Monitoring Manage Camera Intune Policy

  • Sign in to the Intune admin center > Devices > Configuration.
  • Select the Device Configuration profile you want to work with, and at the top of the page, you’ll see a quick view of the Success, Failure, Conflict, Not Applicable, and In Progress status.
  • Click on View report to access more detailed information.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.

End User Experience

Let’s say you have applied a policy to block camera on target devices. Once the policy is applied, users will not be able to access the camera on their device, and it will be blocked. Users will not be able to make any video calls via Zoom, teams or any other way.

Troubleshooting

  • Open Event viewer on your device and navigate to Application and Services logs > Microsoft > Windows > Devicemanagement-Enterprise-Diagnostics-Provider > Admin.
  • Filter the logs for Event ID 813 or 814 and search through the events to find the one related to your deployment.

Leave a Comment

Step-by-Step guides for Setup/Troubleshooting/Configuration solutions on Intune, Microsoft 365, Powershell, Windows, Azure, and other Cloud technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Let's Connect!