Intune – Disable Cortana

This post will cover the following parts.

Disable Cortana completely using configuration profiles in Intune.
Hide Cortana icon from the taskbar during deployment (Not disabling Cortana)
Hide Cortana icon from the taskbar for the current logged-in user.

Let’s start.

Go to Microsoft Endpoint

Click on Devices – Configuration profiles – Create profile.

(If you already have a Windows 10 configuration profile that you are using you can edit that one)

Creating a new profile

Platform: Windows 10 and later
Profile type: Settings catalog (preview) (You can use templates if you wish)
Click Create.

Basics

Fill in a name for your configuration file, for this purpose, I will name mine Disable Cortana, if your profile will contain more settings, I suggest you name it something more fitting for example “Standard – Device Configuration”.

Configuration settings

Now we are going to add the setting that controls Cortana.
Click on Add Settings.

Find the category named “Experience” and select it.
Select “Allow Cortana” in the Settings name section and press “X”
Microsoft documentation AllowCortana

We now have the option to toggle “Allow Cortana” to Allow or Block.
We want to block Cortana for our users so we set it to Block.
(Users will still be able to use search to find items on the devices)

You are done, all that is left is to assign the configuration profile to Users or Devices. In my environment, I will be assigning it to devices in a corporate environment.

(If you have some users that should have Cortana on and some that should have it disabled then assign it to user groups instead.)

Assignments

We will not be setting up any Scope tags so go ahead and click “Next”

Now review your settings in the summary and click the “Create” button.
The configuration we just made will remove the Cortana Taskbar icon it will also remove the ability to toggle Cortana on/off.

(Users will not have the “Show Cortana button” when right-clicking their taskbar etc.)

Now let us say you do not want to disable Cortana for your users, but you still want to hide the “Talk to Cortana” icon in the Taskbar.

Depending on if you want to apply this setting to the device itself during the deployment or after the user has logged in.  We can do this in many ways.

During deployment

Apply the setting during the deployment on the device itself, no matter what user logs into the device the settings will be applied to that user profile.

(This will not go through how to create a win32app a post about creating win32apps will be created later.)

Microsoft Win32 Content Prep Tool
Prepare Win32 app content for upload
Win32 app management in Microsoft Intune

Open your favorite text editor

Input the following

reg add "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ShowCortanaButton"  /v "Version" /t REG_SZ /d "1" /f
reg add "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ShowCortanaButton" /v "StubPath" /d "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowCortanaButton /t REG_DWORD /d 0 /f" /f

Save it as a .CMD file, name it Install.cmd

• Short description of what it does.
  Creates ShowCortanaButton Key in the HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ and adds a reg file named Version with the value 1.
  
• Adds a reg file named “StubPath” this reg file contains the command to add a new reg file in the current user’s register (We do this because we cannot directly add it to the current user during the deployment due to the current user is yet logged into the device.

When the user logs on to the device, Active Setup checks if there is a “Version” with the value 1 in the registry. The user will not have this file, so it adds it creates it, and runs the command in the “StubPath”.

This only happens once as the next time the user logs into the device the file is there. If a new user logs into the device the process repeats itself as the currently logged-in user does not have the “Version” registry.

Now, all that is left is to package the Install.cmd file using the Microsoft Win32 Content Prep Tool and upload it as a Win32 app into Intune, and set assignments to devices.

For detection rules when testing I used the following.
Key path: HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\ShowCortanaButton
Value name: StubPath
Detection method: String comparison
Operator: Equals
Value: reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowCortanaButton /t REG_DWORD /d 0 /f

Make sure you use a detection setup for your needs if you also are going to create an Uninstall part.

Run it as a PowerShell command for the currently logged-in user

In Intune, you can add a PowerShell Script and set it to run using the logged-on credentials.
This way we can directly update the “ShowCortanaButton” registry file in the current user’s registry.

Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowCortanaButton" -Value 0 -Force

You can of course also do this using a Win32app and .CMD file
You would then create two files one Install.cmd and one Uninstall.cmd (Uninstall.cmd shows the Cortana icon in the taskbar)

Make sure you set Install behavior to “User”

Install.cmd

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowCortanaButton /t REG_DWORD /d 0 /f

Uninstall.cmd

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowCortanaButton /t REG_DWORD /d 1 /f

Use the reg values you set as Detection rules to make sure you do not get any failed installs displayed in your Intune dashboard.

Please share your way of doing this in the comments or post any questions you might have.