Monthly Archives: December 2018

Customizing Windows 10 – Office 365 using Intune Administrative Templates

Microsoft recently released a preview of the Administrative Templates for Windows 10 in Intune. These Administrative Templates can be found in the Windows 10 Device Configuration profiles. In addition to Office settings, you can also customize Internet Explorer, OneDrive, and other Windows settings.

This post will show how we can easily change some Office 2016 settings on a Windows 10 machine with Office 365 installed that is Intune enrolled and Azure AD joined. I will set some example settings, but feel free to check out any other settings that may interest you.

To configure the Administrative Templates, in the Intune portal (portal.azure.com) go into the Intune section, then go to Device configuration, profiles, Create profile.

o365_admintemplates_01

Give the profile a meaningful name, and select Windows 10 and later for the platform. For the profile type, select Administrative Templates (Preview) then click on Create.

o365_admintemplates_02

Now in our new Administrative Templates (Preview) device configuration profile, click on Settings to view all of the settings that we can configure. I would suggest to go through all these settings as there may be other settings that you might want to configure. These will most likely get updated in the future as well with new settings.

In my example I have searched for Office to filter the settings for Microsoft Office.

o365_admintemplates_03

If you click on one of the settings, it will take you to the setting with the description and the option to enable, or disable the setting. For example I have chosen to enable the setting to hide the option to enable or disable updates.

o365_admintemplates_04

I am going to go ahead and enable some other settings. You can see the settings that I have enabled are below.

o365_admintemplates_05

Once the settings are configured, as usual you need to assign the profile to a group. I have chosen to assign this to All Devices in my example.

o365_admintemplates_06

Now on my example Windows 10 machine that is Intune enrolled, Azure AD joined with Office 365 installed after doing a sync:

You can see that enable automatic updates is enabled, Hide option to enable or disable updates is enabled, and the update branch is set to Current as per my settings in the Administrative Templates.

o365_admintemplates_07

As noted in the registry above, you can see that the option to Disable Updates has now been removed as well.

o365_admintemplates_08

 

 

 

 

 

 

Advertisements

Intune – Win32 app Deploying BGInfo

Microsoft released a preview back in October 2018 for deploying Win32 applications through Intune. I wanted to deploy BGInfo to some Windows 10 machines that were enrolled in Intune and joined to Azure AD with a simple method, so I chose to try out the Win32 apps preview in Intune. It turned out to be really easy, and got the job done.

This post will show using the Intune Win32 App Packaging Tool to package up my required files into an .intunewin file, and then in Intune I will run a very basic PowerShell file that will:

  • Copy the BGInfo files (x64 version and config file) to C:\Program Files\BGInfo
  • Copy a shortcut for BGInfo to the StartUp folder so it can start up each time Windows runs
  • Run the BGInfo executable after it has copied everything

Prerequisites for Win32 Apps public preview

  • Windows 10 version 1607 or later (Enterprise, Pro, and Education versions)
  • Windows 10 client needs to be:
    • joined to Azure Active Directory (AAD) or Hybrid Azure Active Directory, and
    • enrolled in Intune (MDM-managed)
  • Windows application size is capped at 8 GB per app in the public preview

My install.ps1 is very simple and contains:

New-item -itemtype directory -force -path “c:\Program Files\BGInfo”

Copy-item -path “$psscriptroot\bginfo64.exe” -destination “C:\Program Files\BGInfo\bginfo64.exe”

Copy-item -path “$psscriptroot\custom.bgi ” -destination “C:\Program Files\BGInfo\custom.bgi”

Copy-item -path “$psscriptroot\bginfo.lnk” -destination “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\bginfo.lnk”

Start-process “C:\Program Files\BGInfo\Bginfo64.exe” -ArgumentList “`”C:\Program Files\BgInfo\custom.bgi`””,”/timer:0″,”/silent”,”/nolicprompt”

Return 0

I have downloaded the Win32 packaging tool from https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool and saved it to my C:\Intune

I have a folder called C:\bginfo that contains my BGinfo files:

  • Bginfo.lnk – This is the BGInfo shortcut that will be copied to the StartUp folder with the target of “”C:\Program Files\BGInfo\Bginfo64.exe” “C:\Program Files\BgInfo\custom.bgi” /timer:0 /silent /nolicprompt”
  • Bginfo64.exe – the executable to run BGInfo
  • custom.bgi – this is just my BGInfo configuration
  • install.ps1 – this contains the commands for copying the files and is mentioned above

win32_1

InTuneWinAppUtil.exe is very easy to run it, and it will prompt you for the source folder (the screenshot above with my Bginfo files and powershell file), the setup file (Bginfo64.exe), and the output folder (of where it will place the .intunewin file to upload to Intune).

win32_2

Once done, it will output the .intunewin file to upload to Intune to deploy.

win32_3

To create the Win32 app in Intune, login to the Azure portal.azure.com and select Intune > Client Apps > Add

win32_4

Select Windows app (Win32) – preview for the App type, and browse to the .intunewin package that was created earlier.

win32_5

Fill in the required information.

win32_6

For my install command, I have entered in “powershell.exe -executionpolicy Bypass .\install.ps1”

The uninstall command is required as well (I have used the same command which won’t work to uninstall, but I am not concerned about that)

win32_7

Fill in the requirements.

win32_8

I have used a detection rule to search for the file Bginfo64.exe in C:\Program Files\BGInfo

win32_9

Once you finish all the steps, the app needs to upload.

win32_10

You can now assign the app.

win32_11

Once the Windows 10 Azure AD Joined and enrolled into Intune device syncs, it will install.

win32_12

For troubleshooting, you can check the following log – C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log

win32_13

Demo of a new machine using Autopilot with the Win32 app deployed.

AutoPilot

Thanks to Steve Hosking for pointing out to me that I could use PowerShell isntead of a cmd file.