Boost Security & Performance: Disable Offline File Caching with Intune

Managing user data efficiently and securely is a top priority for IT administrators — especially in environments where performance, compliance, and protection of sensitive information are critical.

One powerful yet often overlooked Windows setting is: “Deletes local copies of the user’s offline files when the user logs off.”

This policy allows administrators to control whether cached copies of offline files remain on a user’s device after they log out — a key setting when managing endpoints with Microsoft Intune.

Understanding the Offline Files Mechanism

Offline Files is a Windows feature that allows users to access network-based files even without a server connection. These files are temporarily cached on the device and synchronized with the server periodically.

This setting gives you the option to automatically delete those local copies once the user logs off — helping to improve device security and manage storage efficiency.

What Types of Offline Files Are Affected?

This policy applies to both types of offline files:

• Automatically cached files: saved by the system for seamless access.
• Manually selected files: those a user explicitly chooses to make available offline.

When enabled, all of these files are deleted after the user logs off.

Does This Setting Affect Security?

Absolutely. Enabling this policy enhances security by ensuring no cached files remain on the device after logout.

This is especially valuable in environments with:

• Shared or public workstations
• High data sensitivity
• Strict compliance or data protection requirements

By removing offline data, you reduce the risk of data leakage or unauthorized access.

Deploying the Policy via Intune

After understanding the importance of this setting, the next step is knowing how to deploy it using Intune. Before applying any policy, it’s essential to check the Policy CSP (Configuration Service Provider) details, which define how the policy behaves and applies to devices.

The screenshot below provides technical reference to the exact setting within the Intune configuration profile, including the CSP path.

Create the Configuration Profile in Intune

After reviewing the CSP policy details, you're ready to create the configuration profile for deployment.

Follow these steps in the Microsoft Intune admin center:

1. Go to the Devices section from the left-hand menu.
2. Select Windows devices.
3. Under Policy, click on Configuration.
4. Click the + Create dropdown and choose New Policy.
5. In the Create a profile window, set the Platform to Windows 10 and later.
6. Set the Profile type to Settings catalog.
7. Click Create to proceed.

Define Basic Profile Details

Once the profile creation process begins, you'll be prompted to enter the basic information about your policy. This includes the name, an optional but recommended description, and a confirmation of the platform (which will already be pre-selected as Windows 10 and later).

Providing a clear and descriptive name helps ensure easy identification and management later especially in environments with multiple configuration profiles.

✅ Suggested Name and Description:

• Name: Disable Offline File Caching on Logoff
• Description: This policy configures Windows devices to automatically delete local copies of users’ offline files upon logoff, enhancing data security and reducing local storage usage.

No changes are needed in the platform field simply proceed to the next step after entering your details.

Add the Policy Setting Using the Settings Picker

In the Configuration settings tab of your profile, click the blue + Add settings button. This will open the Settings picker window, where you can search for and select the specific policy.

To find the setting, you can either:

• Expand Administrative Templates > Network > Offline Files, or
• Type Offline Files into the search bar and click Search, as shown in the image below.

From the list of settings, select:

At logoff, delete local copy of user’s offline files

Enable Local Copy of User’s Offline Files

To enable this policy, locate the toggle switch next to the “Local Copy of User’s Offline Files” setting. By default, this toggle is set to Disabled. To activate the policy, simply drag the toggle from left to right. Once enabled, the toggle will turn blue and change to Enabled.

• Also, you have to choose the option Delete only the temporary offline files (Device) Here I set as true.
• At logoff, delete local copy of user’s offline files option, I choose to Enable

After configuring the desired settings, click Next to proceed.

Configure Scope Tags (Optional)

The next step is the Scope tags tab. Scope tags are typically used to associate policies with specific groups or administrative units within your organization, especially in larger or delegated environments.

For this particular policy, scope tags are not required. If you don’t need to assign the policy to a custom scope, you can simply leave this section blank.

Click Next to continue to the Assignments step.

Assign the Policy to Target Devices

In the Assignments section, you'll define who will receive this policy. This step is essential, as it determines which users or devices the configuration will apply to.

To deploy this policy to a specific group:

Click on Add groups under the Include groups section. A list of available groups will appear use the search bar to quickly find the target group.

Once you've selected the appropriate group(s), confirm your choice. Click Next to move forward to the final step: Review + Create.

Review and Create the Policy

After completing the Assignments step, you'll land on the final tab: Review + Create.

This is your chance to review a full summary of the configuration — including the basic details, selected settings, and group assignments. Take a moment to carefully review all entries to ensure everything is accurate and aligned with your intent.

If you need to make any changes, you can easily navigate back to the previous tabs and update the information as needed.

Once everything looks good, click Create to deploy the policy.

Your configuration will now be saved and pushed to the assigned devices based on the group you selected.

Monitor Policy Deployment Status

Once the policy has been created and assigned, it's important to monitor whether it has been successfully applied to the target devices.

By default, policy deployment in Intune may take up to 8 hours to apply. However, you can accelerate this process by triggering a manual sync from the device using the Company Portal app.

After syncing, follow these steps to verify the deployment status:

Go to the Microsoft Intune admin center and navigate to: Devices > Configuration profiles

In the list of configuration profiles, use the search bar to locate the policy you created. In this example, the policy is named: Disable Offline File Caching on Logoff

Click on the policy name to open its details. Here, you can review deployment information such as:

• Deployment status
• Device assignment count
• Success, Error, Conflict, or Pending states

This allows you to confirm whether the policy has reached the targeted devices and if any troubleshooting is needed.

Client-Side Verification via Event Viewer

After syncing the device manually or waiting for the policy to apply, you can perform a client-side verification to ensure that the "At logoff, delete local copy of user’s offline files" policy was successfully applied.

This can be done by checking the Event Viewer on the client device:

Steps to verify:

Open Event Viewer and navigate to:

Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider > Admin

In the right-hand pane, click Filter Current Log.

Look for Event ID 813 or 814 — these event IDs typically contain detailed information about policy processing and deployment status.

Within these entries, check for references to:

• Policy Name: DeleteLocalCopyOfOfflineFilesAtLogoff
• Policy Area: OfflineFiles
• Integer Value (Int):

Additional fields like Enrollment ID, Scope, and User SID may vary based on how the device was enrolled and how the policy was assigned.

💡 Pro Tip: Always confirm that the Policy Name and Integer Value match your intended configuration in Intune. This is the most reliable way to verify client-side enforcement when troubleshooting or validating deployment success.

More Information

To further explore how to manage offline file behavior and deploy related policies using Microsoft Intune, check out the following Microsoft Learn resources:

Policy CSP – OfflineFiles Learn more about the OfflineFiles Configuration Service Provider (CSP), including the DeleteLocalCopyOfOfflineFilesAtLogoff setting that controls whether local cached files are removed when the user logs off. 🔗 https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-offlinefiles

Create a Settings Catalog policy in Intune Step-by-step instructions on how to create and deploy policies using the Settings Catalog in Microsoft Intune — the method used in this article. 🔗 https://learn.microsoft.com/en-us/mem/intune/configuration/settings-catalog

Monitor Intune policy deployment Understand how to verify that your policy is applied correctly using built-in Intune tools and diagnostics, including logs and reporting. 🔗 https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-troubleshoot

Thank you!

🖥️ Ricardo Barbosa

🎖️ Microsoft MVP | 📘 Microsoft Certified Trainer (MCT)

☁️ Intune & Cloud Architect |💼 Technology Director at Altelix.com