Azure / EMS / Intune / Windows

MDM PolicyManager: Per user policy has device wide scope specified

Microsoft is adding more and more configuration service provider (CSP) settings which can be used to configure Windows 10 devices by Intune. In my Demo tenant I setup several custom configuration profiles which contain some of those settings. I wanted to block Third Party Suggestions in Windows Spotlight and found the right setting to use on this site. I setup below custom policy and assigned it to a user group.

After forcing a sync from my Intune managed device I got some errors in the event log (under Applications and Service Logs, Microsoft, Windows, DeviceManagement-Enterprise-Diagnostics-Provider) with event id 824, 809 and 454.

Source Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Event id 824
Description MDM PolicyManager: Per user policy has device wide scope specified, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), Result:(0x86000011) Unknown Win32 Error code: 0x86000011.

 

Source Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Event id 809
Description MDM PolicyManager: Set policy int, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), EnrollmentID requesting set: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Current User: (Device), Int: (0x0), Enrollment Type: (0x6), Scope: (0x0), Result:(0x86000011) Unknown Win32 Error code: 0x86000011.

 

Source Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Event id 454
Description MDM ConfigurationManager: Command failure status. Configuration Source ID: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight), Result: (Unknown Win32 Error code: 0x86000011).

Event 454 and 809 gave me an unknow Win32 error, but event 824 gave me: Per user policy has device wide scope specified. The policy was assigned to a device group, first I removed that group and assigned an user group. Nothing changed. I started searching on Google, but nothing pointed me in the right direction.
After a while I realized I deployed another Experience policy (Experience/AllowWindowsConsumerFeatures) to block some consumer features on all Windows 10 devices. I compared both OMA-URI`s:
./User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight

An important note was added on this site under AllowWindowsConsumerFeatures about the paths to be used. The path for AllowWindowsConsumerFeatures needs to use ./User at the beginning.

For AllowThirdPartySuggestionsInWindowsSpotlight that note was not added, but I gave it a try.

And Yes, after performing another sync, the error is gone! And the MDMDiagReport (this one is from a Windows Insider build with better MDM Diagnostics) shows the default value 1 and the current value 0. The setting is now applied as expected.

Leave a Reply

Your email address will not be published. Required fields are marked *