Configuration Policies in Intune are very powerful, but the device restrictions are not dynamic.
What if you want to make configuration changes based on dynamic factors?

In this example I will show how you can disable the camera in a Windows 10 device when it connects to the network of your secret lab.
When the device leaves the network it will revert to the default setting.

 

    1. Log on to the Azure Portal and Intune
    2. Go to Device Configuration
    3. Go to Profiles
    4. Create a new profile
      Give it a descriptive name and optionally a description.
      Choose Platform “Windows 10 and later”
      Choose Profile Type “Custom”
    5. Add a new OMA-URI setting
      This first one is the actual configuration we want to make, in this case to disable the camera.
      Enter a name like “NetworkSettingsPack” and optionally a description.
      Enter the OMA-URI  ./Vendor/MSFT/DynamicManagement/Contexts/NetworkBased/SettingsPack.
      Remember the leading dot, it is always included in OMA-URI
      Choose DataType “String (XML)” and upload an XML file that contains the following data:

      Copy to Clipboard
    6. Add another OMA-URI setting
      This is the rule for what action that triggers the configuration change.
      Enter a name like “NetworkSignalDefinition” and optionally a description.
      Enter the OMA-URI ./Vendor/MSFT/DynamicManagement/Contexts/NetworkBased/SignalDefinition
      Remember the leading dot, it is always included in OMA-URI
      Choose DataType “String (XML)” and upload an XML file that contains the following data (enter the gateway of the network whare you want to restrict camera usage):

      Copy to Clipboard
    7. Add another OMA-URI setting
      The last setting notifies the user about the change.
      Enter a name like “EnableNotification” and optionally a description.
      Enter the OMA-URI ./Vendor/MSFT/DynamicManagement/NotificationsEnabled.
      Remember the leading dot, it is always included in OMA-URI
      Choose Data Type “Boolean” and set the value to “True”

    8. Click “OK” and then “Create”
    9. Assign the policy.