Organizational messages in Microsoft Intune (Public Preview)
In this post we will use the functionality of organizational messages to configure the “Get Stared” application that comes pre-installed on Windows 11.
This is a great functionality to configure and provide a good onboarding experience for the end-user.
Now I wish we could configure more than just two parts of the Get Started application, and allow more customization, one crucial part that is missing is the auto start of the application. For example, if a new user receives their device and turn it on, it would be great if the first thing that is displayed is the Get Started application.
Because I believe the auto start function is a crucial part of the onboarding, I have made a script that auto starts the Get Started application the first time the user starts their new device.
Prerequisites to use Organization messages
- Windows 11 22H2 or later
License requirements
Microsoft 365 E3
Microsoft 365 E5
Enterprise Mobility + Security E3 and Windows 10/11 Enterprise E3
Enterprise Mobility + Security E5 and Windows 10/11 Enterprise E5
Configure Windows Spotlight policy to support the Get Started application
This only applies if you have configured a Security Baseline policy.
Now let’s create a Settings catalog profile, this is required to make Get Started application work when configured in Organizational messages.
- In Intune portal, go to Devices – Windows – Configuration profiles.
- Create a new configuration profile, Windows 10 and later, Settings catalog.
Add the following settings and configuration, this is needed to support Organizational Messages
Configure the Get Started Application
Go to Tenant administration in the Intune portal and select Organizational messages.
At the top next to Overview click on Message and Create.
Select Message type: Get Started app.
Customize after the Get Started app.
Here you can add your company logo and select what language it should be in. Next, we will configure the messages, we can only configure two currently.
First messages allows you to select from the following options, you add a link where you want the user to be sent to when clicking it, in my case I want the user to see “Get started with device” I then have an internal link to a guide for the end-user that explains how their devices works and if there are something they need to do etc.
The second message allows you to select from the following options.
You get the point 😊, how does it look like for the end-user?
End-User Experience
The user needs to start the application Get Started and is then greeted with a welcome message, and finally the message settings/links we created before are available to the end-user.
Further down this post I have added a PowerShell script that can be packages as a Win32 app and installed during Intune deployment, this will make sure the Get Started Application auto starts for the end -user one time.
Auto Start the Get Started App Script
<#
.SYNOPSIS
Auto starts the Get Started app
.DESCRIPTION
CleanUpAndExit: Used for Intune detection, if successfully installed or not
RunOnce-GetStarted: Creates a Registry value in RunOnce for all users.
.NOTES
NAME: GetStarted-Install.ps1
AUTHOR: Everything365.online
LASTEDIT: 2023-03-30
.PARAMETER $StoreResults
Set this parameter to fit your needs, location for Intune detection registry
.PARAMETER $Key
Set this parameter to fit your needs, location for Intune detection registry
#>
#-----------------------------------------------------------------------------------------------------------------------------------
If ($ENV:PROCESSOR_ARCHITEW6432 -eq "AMD64") {
Try {
&"$ENV:WINDIR\SysNative\WindowsPowershell\v1.0\PowerShell.exe" -File $PSCOMMANDPATH
}
Catch {
Throw "Failed to start $PSCOMMANDPATH"
}
Exit
}
#-----------------------------------------------------------[Functions]-------------------------------------------------------------
Function CleanUpAndExit() {
Param(
[Parameter()][int]$ErrorLevel = 0
)
# Write results to registry for Intune Detection
$StoreResults = "\Everything365\GetStarted"
$Key = "HKEY_LOCAL_MACHINE\Software$StoreResults"
$NOW = Get-Date -Format "yyyyMMdd-hhmmss"
If ($ErrorLevel -eq 0) {
[Microsoft.Win32.Registry]::SetValue($Key, "Success", $NOW)
} else {
[Microsoft.Win32.Registry]::SetValue($Key, "Failure", $NOW)
[Microsoft.Win32.Registry]::SetValue($Key, "Error Code", $Errorlevel)
}
# Exit Script with the specified ErrorLevel
EXIT $ErrorLevel
}
#-----------------------------------------------------------------------------------------------------------------------------------
function RunOnce-GetStarted {
$Success = $false
foreach ($userPath in (Get-ChildItem "Registry::HKEY_USERS\" | Where-Object { $_.Name -notmatch '_Classes|S-1-5-18|S-1-5-19|S-1-5-20' })) {
$username = $userPath.PSChildName
try {
$RunOncePath = "HKEY_USERS\$username\Software\Microsoft\Windows\CurrentVersion\RunOnce"
# Set the registry values for RunOnce
[Microsoft.Win32.Registry]::SetValue($RunOncePath, "GetStarted", "explorer.exe shell:AppsFolder\MicrosoftWindows.Client.CBS_cw5n1h2txyewy!WebExperienceHost", [Microsoft.Win32.RegistryValueKind]::String)
}
catch {
Write-Host "An error occurred: $($_.Exception.Message)" -ForegroundColor Red
$Success = $false
return $Success
}
}
$Success = $true
Write-Host "Registry values are set correctly for all users."
return $Success
}
#--------------------------------------------------[Start setting registry values]-------------------------------------------------
$RunOnceGetStarted = RunOnce-GetStarted
if ($RunOnceGetStarted) {
CleanUpAndExit -ErrorLevel 0
} else {
CleanUpAndExit -ErrorLevel 101
}
Deploy the Script as a Win32 app during Intune deployment
Package the app with Intune Packager Tool
Make sure you modify the Intune detection part in the script before you package it.
This will depend on your settings in the script. Example below.
Now add it as a required app during deployment.
It will add a RunOnce registry key that auto-starts the Get Started application for the end-user, one time.
The first time the user starts the device, the Get Started app auto starts, the registry value is then removed.
Hopefully Microsoft will add the auto start feature, but until then, this might be a good workaround.
