Microsoft is adding more and more configuration service provider (CSP) settings which can be used to configure Windows 10 devices by Intune. In my Demo tenant I setup several custom configuration profiles which contain some of those settings. I wanted to block Third Party Suggestions in Windows Spotlight and found the right setting to use on this site. I setup below custom policy and assigned it to a user group.
After forcing a sync from my Intune managed device I got some errors in the event log (under Applications and Service Logs, Microsoft, Windows, DeviceManagement-Enterprise-Diagnostics-Provider) with event id 824, 809 and 454.
Source | Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider |
Event id | 824 |
Description | MDM PolicyManager: Per user policy has device wide scope specified, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), Result:(0x86000011) Unknown Win32 Error code: 0x86000011. |
Source | Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider |
Event id | 809 |
Description | MDM PolicyManager: Set policy int, Policy: (AllowThirdPartySuggestionsInWindowsSpotlight), Area: (Experience), EnrollmentID requesting set: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Current User: (Device), Int: (0x0), Enrollment Type: (0x6), Scope: (0x0), Result:(0x86000011) Unknown Win32 Error code: 0x86000011. |
Source | Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider |
Event id | 454 |
Description | MDM ConfigurationManager: Command failure status. Configuration Source ID: (44EB8AD0-D371-45C3-8B00-2E1679B75A62), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight), Result: (Unknown Win32 Error code: 0x86000011). |
Event 454 and 809 gave me an unknow Win32 error, but event 824 gave me: Per user policy has device wide scope specified. The policy was assigned to a device group, first I removed that group and assigned an user group. Nothing changed. I started searching on Google, but nothing pointed me in the right direction.
After a while I realized I deployed another Experience policy (Experience/AllowWindowsConsumerFeatures) to block some consumer features on all Windows 10 devices. I compared both OMA-URI`s:
./User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
./Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight
An important note was added on this site under AllowWindowsConsumerFeatures about the paths to be used. The path for AllowWindowsConsumerFeatures needs to use ./User at the beginning.
For AllowThirdPartySuggestionsInWindowsSpotlight that note was not added, but I gave it a try.
And Yes, after performing another sync, the error is gone! And the MDMDiagReport (this one is from a Windows Insider build with better MDM Diagnostics) shows the default value 1 and the current value 0. The setting is now applied as expected.
This article is no longer correct, as according to MS this policy has become System Scope now. See the updated notice on their site: https://docs.microsoft.com/en-gb/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures
Prior to Windows 10, version 1803, this policy had User scope.