Changes to CSP path for Windows 10 email profiles in Intune
Published Mar 20 2019 11:56 AM 3,362 Views


4/19/19 Update: This fix has now been rolled out with 1904 or the April update

There is currently an issue in Intune where selective wipe does not work as expected on Windows 10 email profiles. To fix this, we’re updating the CSP path for Windows 10 email profiles in the April (1904) update of the Intune service. This will ensure your email profiles continue to work in future versions of Windows 10, which will already have this updated CSP path.

This impacts:

  • The native Mail client on Windows 10 desktops
  • The Outlook email client on Windows 10 Mobile

Desktop or online versions of Outlook will not be affected by this change.

Both Intune standalone and hybrid MDM are impacted by this. If you’re using hybrid MDM, remember that hybrid MDM is deprecated, and you should migrate to Intune standalone as soon as possible.

After 1904 rolls out, if you do not re-create these Windows 10 email profiles, you’ll see the issues listed below:

  • Existing email profiles will show up in error state
  • In the Intune console, this error is shown as -2016281112 (Remediation failed)
  • For hybrid MDM, this error shows up in the monitoring section of the Configuration Manager admin console:
    • Error ID: 0X87D1FDE8
    • Description: Remediation failed

However, despite the reported error, devices targeted with these profiles will still have access to email.

  • In a subsequent release of Windows 10 where the old CSP path is removed, email profiles created before the April update for Intune will not work at all. End users will lose access to email through the clients specified above.
  • Edits made to these profiles will not be reflected in targeted devices.
  • These profiles will not be removed on selective wipe.

In order to prevent these issues, we recommend that if you use Windows 10 email profiles today, take the following action to re-create your email profiles after the April update rolls out. We’ll notify you through the Message Center when this fix is rolled out to your account with the April update so you can take action. Note that taking action before that will not fix the issue.

  • Capture your existing Windows 10 email profile settings.
  • Unassign your existing Windows 10 email profiles (and/or delete them). Note that all existing Windows 10 email profiles should be unassigned. If multiple Windows 10 email profiles are targeted to the same device, removing one will immediately replace it with another unless all are unassigned.
  • Create new Windows 10 email profiles using the same settings as in the existing ones.
  • Assign the new Windows 10 email profiles to the same groups.

End users will have the same experience as when installing an email profile for the first time, so on first check-in after the profile change, end users will get a system notification telling them their email profile settings are out of date. They will need to follow all prompts and accept the update (a few taps or clicks) for the new profile to be applied and for email syncing to resume. Email syncing will be blocked until they accept the update.

Let us know if you have any questions! We’ll update the post when the fix starts to roll out.

Version history
Last update:
‎Dec 19 2023 01:23 PM
Updated by: