Microsoft is adding more and more configuration service provider (CSP) settings which can be used to configure Windows 10 devices by Intune. In my Demo tenant I setup several custom configuration profiles which contain some of those settings. I wanted to block Third Party Suggestions in Windows Spotlight and found the right setting to use on this site. I setup below custom policy and assigned it to a user group.
After forcing a sync from my Intune managed device I got some errors in the event log (under Applications and Service Logs, Microsoft, Windows, DeviceManagement-Enterprise-Diagnostics-Provider) with event id 824, 809 and 454.
|Description||MDM PolicyManager: Per user policy has device wide scope specified, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), Result:(0x86000011) Unknown Win32 Error code: 0x86000011.|
|Description||MDM PolicyManager: Set policy int, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), EnrollmentID requesting set: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Current User: (Device), Int: (0x0), Enrollment Type: (0x6), Scope: (0x0), Result:(0x86000011) Unknown Win32 Error code: 0x86000011.|
|Description||MDM ConfigurationManager: Command failure status. Configuration Source ID: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight), Result: (Unknown Win32 Error code: 0x86000011).|
Event 454 and 809 gave me an unknow Win32 error, but event 824 gave me: Per user policy has device wide scope specified. The policy was assigned to a device group, first I removed that group and assigned an user group. Nothing changed. I started searching on Google, but nothing pointed me in the right direction.
After a while I realized I deployed another Experience policy (Experience/AllowWindowsConsumerFeatures) to block some consumer features on all Windows 10 devices. I compared both OMA-URI`s:
An important note was added on this site under AllowWindowsConsumerFeatures about the paths to be used. The path for AllowWindowsConsumerFeatures needs to use ./User at the beginning.
For AllowThirdPartySuggestionsInWindowsSpotlight that note was not added, but I gave it a try.
And Yes, after performing another sync, the error is gone! And the MDMDiagReport (this one is from a Windows Insider build with better MDM Diagnostics) shows the default value 1 and the current value 0. The setting is now applied as expected.