SOLVED

Install Office after Autopilot

Brass Contributor

Hi. Working with a client to deploy Autopilot.  We are running into a problem where we would like to have Office installed but only after the desktop is released to the user. Meaning, on the Enrollment Status Page, we have selected the apps that must be installed before the user access the desktop.  These are typically security apps.  The client would like to have Office installed automatically too (so its assignment is "Required" and assigned to a user group). However, as long as Office is "Required" it always gets added to the list of apps to install while the device is blocked by the ESP page.  Is there anyway to have Office install after the desktop is released?  I have tested other apps  that are required and they install after the user gets to the desktop.  Why not Office?  Bug?  What have I configured wrong?

4 Replies
I think it’s a bug, I have tried that policy last year and opened case with MSFT, they agreed about the issue but no fix. Surprised to see it still exists though!

Here is evidence about the issue-

https://borncity.com/win/2018/12/09/intune-autopilot-block-app-install-via-enrollment-status-page/

Hope this helps and please keep us updated with your results!

Moe
best response confirmed by Paul Saldanha (Brass Contributor)
Solution

Hi,

 

I think the issue is based on the following fact. As long as software is installed via Intune Management Extension (IME) Agent the IME can coordinate the behavior. This can also be seen in the log files like checking ESP phase etc.

The Office 365 ProPlus install is not driven by IME it is a separate Configuration Service Provider (CSP)

https://docs.microsoft.com/en-us/windows/client-management/mdm/office-csp

The Office CSP basically gets the XML definition by MDM channel, then uses the ODT to do the install and monitors everything to report on it. So, we are talking about a kind of side channel. The process how Windows and Intune is handling the enrollment is driven by no specific order, meaning there is no defined sequence like first install am then b, then c... This means the MDM driven instruction for the Office CSP does get the command to trigger Office install and the IME does have it's own channel to get the apps to install. IME does respect the ESP phase where the MDM Office CSP driven channel does not. This is why you especially with Office see this install during ESP. As the Office CSP will kick off the process as soon as he gets the MDM SyncML instructions.

 

I think there is no mechanism currently to coordinate this...

 

best,

Oliver

Thanks for the clarification Oliver!

@Oliver Kieselbach 

Thank you for the reply.  I guess this is supported by having Office "required" (processes immediately when target receives instructions) versus "available" (user driven).
This also explains why I can see Firefox working correctly with the IME while Office does its own thing.

 

I wish this was more clear in the docs for installing Office through Intune.

 

Paul

1 best response

Accepted Solutions
best response confirmed by Paul Saldanha (Brass Contributor)
Solution

Hi,

 

I think the issue is based on the following fact. As long as software is installed via Intune Management Extension (IME) Agent the IME can coordinate the behavior. This can also be seen in the log files like checking ESP phase etc.

The Office 365 ProPlus install is not driven by IME it is a separate Configuration Service Provider (CSP)

https://docs.microsoft.com/en-us/windows/client-management/mdm/office-csp

The Office CSP basically gets the XML definition by MDM channel, then uses the ODT to do the install and monitors everything to report on it. So, we are talking about a kind of side channel. The process how Windows and Intune is handling the enrollment is driven by no specific order, meaning there is no defined sequence like first install am then b, then c... This means the MDM driven instruction for the Office CSP does get the command to trigger Office install and the IME does have it's own channel to get the apps to install. IME does respect the ESP phase where the MDM Office CSP driven channel does not. This is why you especially with Office see this install during ESP. As the Office CSP will kick off the process as soon as he gets the MDM SyncML instructions.

 

I think there is no mechanism currently to coordinate this...

 

best,

Oliver

View solution in original post