04-23-2020 05:24 PM
04-23-2020 05:24 PM
Hi. Working with a client to deploy Autopilot. We are running into a problem where we would like to have Office installed but only after the desktop is released to the user. Meaning, on the Enrollment Status Page, we have selected the apps that must be installed before the user access the desktop. These are typically security apps. The client would like to have Office installed automatically too (so its assignment is "Required" and assigned to a user group). However, as long as Office is "Required" it always gets added to the list of apps to install while the device is blocked by the ESP page. Is there anyway to have Office install after the desktop is released? I have tested other apps that are required and they install after the user gets to the desktop. Why not Office? Bug? What have I configured wrong?
04-23-2020 07:40 PM
04-24-2020 12:49 AMSolution
I think the issue is based on the following fact. As long as software is installed via Intune Management Extension (IME) Agent the IME can coordinate the behavior. This can also be seen in the log files like checking ESP phase etc.
The Office 365 ProPlus install is not driven by IME it is a separate Configuration Service Provider (CSP)
The Office CSP basically gets the XML definition by MDM channel, then uses the ODT to do the install and monitors everything to report on it. So, we are talking about a kind of side channel. The process how Windows and Intune is handling the enrollment is driven by no specific order, meaning there is no defined sequence like first install am then b, then c... This means the MDM driven instruction for the Office CSP does get the command to trigger Office install and the IME does have it's own channel to get the apps to install. IME does respect the ESP phase where the MDM Office CSP driven channel does not. This is why you especially with Office see this install during ESP. As the Office CSP will kick off the process as soon as he gets the MDM SyncML instructions.
I think there is no mechanism currently to coordinate this...
04-24-2020 07:36 AM
Thank you for the reply. I guess this is supported by having Office "required" (processes immediately when target receives instructions) versus "available" (user driven).
This also explains why I can see Firefox working correctly with the IME while Office does its own thing.
I wish this was more clear in the docs for installing Office through Intune.