Screen Projection and Intune Devices: An Easy Guide

In this short blog we are going to see some essential configurations to allow the screen projection to external monitors from Intune managed devices.

Once Upon a Screen Projection Challenge

There was a time when we found ourselves grappling with what seemed like a straightforward task—projecting the screen of an Intune-managed laptop to an external monitor. No matter what we tried, success eluded us. Frustration grew as we scoured the web, searching for any reference or case study that could shed light on the issue. However, our efforts yielded little guidance—none of the articles we found offered a definitive combination of settings to make it work.

Determined not to give up, we embarked on a journey of trial and error. By testing various configurations and diving deep into the intricacies of Intune policies, we eventually discovered the perfect settings to achieve seamless screen projection. This blog is the result of that journey—a guide to help you overcome the same challenge without the guesswork..

What worked for us might not be a universal solution but could serve as a helpful guide for others striving to project screens from Intune-managed devices.

Configuration Profiles

Settings Catalog Profile

To enable seamless screen projection from Intune-managed devices, we’ll apply specific settings through Intune Configuration Profiles. These adjustments will allow the necessary communication pathways and enable the required settings for screen projection to function properly.

So, let’s dive into the details!

The first step involves creating a Settings Catalog Configuration Profile. This profile will serve as the foundation for implementing the necessary configurations. Here’s how to get started:

  1. Navigate to the Microsoft Intune admin center.
  2. Go to Devices > Windows > Configuration.
  3. Select + Create > New Policy.
  4. Choose the following options:
    • Platform: Select Windows 10 and later.
    • Profile type: Choose Settings catalog.

Follow the below screenshots for the exact settings that you have to apply.

By setting up this profile, you’ll have the framework needed to implement the key settings that will facilitate screen projection. In the following steps, we’ll define these configurations to ensure successful communication and functionality.

Let’s give it a proper name.

After that just type “Wireless Display” and find the settings related to projecting a device’s screen to an external monitor.

The settings that we should apply to allow the projection are shown below.

To enable screen projection, the following settings must be configured in the Wireless Display category within the Settings Catalog profile:

  1. Allow User Input From Wireless Display Receiver: Set this to Wireless display input enabled to allow user interaction through the connected display.
  2. Allow Projection From PC Over Infrastructure: Configure this to Your PC can discover and project to other devices over infrastructure to ensure the PC can project across the network infrastructure.
  3. Allow Projection From PC: Set this to Your PC can discover and project to other devices to allow projection directly from the PC to supported devices.
  4. Allow mDNS Discovery: Select Allowed to enable the discovery of devices via multicast DNS.
  5. Allow mDNS Advertisement: Select Allowed to advertise the availability of the device for projection.

To find details about each individual setting you can check the Policy CSP for the WirelessDisplay.

The final configuration should look something like the below.

Endpoint protection Firewall Profile

The final step in enabling screen projection is creating an Endpoint Protection profile. This profile allows us to define the necessary firewall rules to permit the required communications between the Intune-managed device and the external screen. Properly configuring these rules ensures that data flows seamlessly, overcoming any network-level restrictions that might otherwise block projection functionality.

To create just follow the below screenshots.

Give it a proper name.

Now comes the crucial part—configuring the firewall rules to enable screen projection. After extensive research and testing, we identified the specific rules required to ensure smooth communication. These rules allow inbound and outbound connections for the essential executables involved in the screen projection process.

Here are the required rules:

  1. Allow Inbound and Outbound Connections for the executable:
    • Path: %systemroot%\system32\WUDFHost.exe
    • This executable is critical for enabling device connectivity and user-mode driver framework operations during screen projection.
  2. Allow Inbound and Outbound Connections for the executable:
    • Path: %systemroot%\system32\castSrv.exe
    • This service handles the casting operations and is essential for initiating and maintaining screen projection.

These rules should be added to the Endpoint Protection profile under the firewall configuration settings. Ensuring these executables have the necessary permissions will allow devices to project screens seamlessly without interference from network security policies.

Note: The settings applied in both the Settings Catalog profile and the Endpoint Protection profile may not be the most optimal configuration. It’s possible that some settings could be skipped or adjusted without affecting the functionality. However, the configurations provided above have been thoroughly tested and are proven to achieve the desired outcome.

The final configuration looks like the below:

Final Remark

Screen projection from Intune-managed devices can be a challenging task, especially when the exact configurations are not readily available. By following the steps outlined in this guide—configuring the necessary settings in the Settings Catalog profile and defining precise firewall rules in the Endpoint Protection profile—you can enable seamless projection to external screens.

While some settings might be optimized further, the configurations provided here have been tested and proven to work effectively.

I hope this guide serves as a valuable resource for overcoming similar challenges and helps streamline your Intune management processes. If you’ve discovered additional tweaks or optimizations, feel free to share and contribute to the ever-growing pool of knowledge within the Intune community.

References and Documentation

Other Interesting Posts

configurationsintune
By IntuneLeave a Comment on Screen Projection and Intune Devices: An Easy Guide

Leave a Reply

Your email address will not be published. Required fields are marked *