Microsoft is adding more and more configuration service provider (CSP) settings which can be used to configure Windows 10 devices by Intune. In my Demo tenant I setup several custom configuration profiles which contain some of those settings. I wanted to block Third Party Suggestions in Windows Spotlight and found the right setting to use on this site. I setup below custom policy and assigned it to a user group.
After forcing a sync from my Intune managed device I got some errors in the event log (under Applications and Service Logs, Microsoft, Windows, DeviceManagement-Enterprise-Diagnostics-Provider) with event id 824, 809 and 454.
Source | Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider |
Event id | 824 |
Description | MDM PolicyManager: Per user policy has device wide scope specified, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), Result:(0x86000011) Unknown Win32 Error code: 0x86000011. |
Source | Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider |
Event id | 809 |
Description | MDM PolicyManager: Set policy int, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), EnrollmentID requesting set: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Current User: (Device), Int: (0x0), Enrollment Type: (0x6), Scope: (0x0), Result:(0x86000011) Unknown Win32 Error code: 0x86000011. |
Source | Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider |
Event id | 454 |
Description | MDM ConfigurationManager: Command failure status. Configuration Source ID: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight), Result: (Unknown Win32 Error code: 0x86000011). |
Event 454 and 809 gave me an unknow Win32 error, but event 824 gave me: Per user policy has device wide scope specified. The policy was assigned to a device group, first I removed that group and assigned an user group. Nothing changed. I started searching on Google, but nothing pointed me in the right direction.
After a while I realized I deployed another Experience policy (Experience/AllowWindowsConsumerFeatures) to block some consumer features on all Windows 10 devices. I compared both OMA-URI`s:
./User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight
An important note was added on this site under AllowWindowsConsumerFeatures about the paths to be used. The path for AllowWindowsConsumerFeatures needs to use ./User at the beginning.
For AllowThirdPartySuggestionsInWindowsSpotlight that note was not added, but I gave it a try.
And Yes, after performing another sync, the error is gone! And the MDMDiagReport (this one is from a Windows Insider build with better MDM Diagnostics) shows the default value 1 and the current value 0. The setting is now applied as expected.
1 Comment
This article is no longer correct, as according to MS this policy has become System Scope now. See the updated notice on their site: https://docs.microsoft.com/en-gb/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures
Prior to Windows 10, version 1803, this policy had User scope.