In this post I’m going to cover how we are using a ConfigMgr Baseline to control the user experience. I’m not suggesting everyone do it this way, but for us, we wanted to provide a good user experience, even to those on slow links, and make it look pretty while still looking legit, and native.
The Microsoft 365 Baseline is how we control two things, the Microsoft 365 Application in the Software Center and the 365 Toast Notification. The Baseline consists of two Configuration Items, one running as system to determine the state of the machine, and one that runs in the end user context to display a toast notification. The PreReq CI enables or disables the Toast Launch CI, so we really wanted to have the PreReq CI run and remediate before the Toast Launch CI.. which we never were able to do, more on that later.
- Pre-Req Discovery [The discovery script is also being used to make changes, which typically would be broken out into 2 scripts, this couple be a post of it’s own]
- Toast Launch Discovery [Checks Registry Key which tells the CI to launch the Toast (Run the Remediation Script) or go back to sleep]
- Toast Launch Remediation [This is the Actual Toast Content and probably needs a post of it’s own]
The Baseline in the Console:
Originally we had put these into one CI with two different settings, but we wanted to try to control the order of operation, which is just not possible. There is a UserVoice out there now to allow us to control it, but for now, we can’t. We wanted to have the Pre Req Discovery and Remediation both run before the Toast Notification Launch Discovery even ran, but we found out that Baselines run everything in serial.
IE, for all of the CIs in a baseline, it will go through each of the Discovery scripts in Pass 1, then come back around on Pass 2 and run any remediation scripts for CIs that have remediation that were flagged as Non-Compliant.
For this reason, we combined the Discovery and Remediation into one script and placed it into the Discovery section for the Pre-Reqs, to hopefully get to run and set items which the Toast Launch Discovery Script rely on… but even this has proven only partially helpful.
Lets look at the Pre-Req CI first.
- Runs as System
- Checks for the M365 Content in the CCMCache
- Checks if M365 is already Installed
- Checks if Microsoft 365 Semi-Annual Channel Deployment is targeted to machine and if so, is it visible in the Software Center
- Checks if Microsoft 365 Semi-Annual Channel Deployment is targeted to machine and if so, checks if has Required Deadline
Based on the returned values, it performs different actions. Currently we account for 15 different permutations of those values.
Lets take a few Scenarios: [you’ll see a full list in the script of the 15 case statements]
- M365 Content NOT Cached, M365 NOT Installed: The Baseline will see the machine does NOT have the content, and that M365 is NOT already installed. It will make sure that application does not show up in Software Center until the content is available.
- M365 Content Cached, M365 NOT Installed: The Baseline will see the machine has the content, and that M365 is not already installed. It will make sure the Application (Microsoft 365 Semi-Annual Channel) is available in the software center (visible), remove the deadline and set a registry key to enable the toast notification.
- M365 Content Cached, M365 is Installed: The Baseline will see that M365 is already installed. It will set a registry key to disable the toast notification.
While there are other options, those are the big ones.
Actions the CI will take
- Toggle the Application Deployment Policy in WMI (“ROOT\ccm\Policy\(USER GUID\ActualConfig classname = “CCM_ApplicationCIAssignment”)
- Toggles UserUIExperience from False to True (This will make it visible in the software center)
- Deletes EnforcementDeadline property (This will change the application from required with a deadline to “available” in Software Center)
- Toggles custom registry key [HKLM\SOFTWARE\SWD\O365 – Property:Enable_0365_Toast – Value: True or False]
Client: You’ll see the Microsoft 365 Self-Service Notification Baseline.
Client Side Logging:
When Machine first gets policy, but has not downloaded the content yet.
After Content is downloaded, you’ll see a bit more action here: (Please note that our Discovery & Remediation are in the same script, and the script is in the “Discovery” Script in the CI. We are NOT using the Remediation Script in the CI.
Those are logs from the “PreReq” Configuration Item, which logs toc:\windows\temp\o365_baseline.log
Now to the Launch Toast CI
- Runs under the User Context (So the Toast will display in their Context and be seen by the end user)
- Checks Registry Value HKLM\Software\SWD\O365 – Enable_0365_Toast
The Launch-Toast Log runs as the end user, so the logs go into the end user’s temp folder (c:\users\%username%\appdata\local\temp\o365_baseline.log)
The CI has two Scripts
- Discovery Script
- If Registry Key = True… Report Non-Compliant to CM which will activate Remediation
- If Registry Key = False… Report Compliant to CM and not run Remediation.
- Remediation Script
Lets look at the logs which might help explain more.
Here you can see if the CI runs and the Registry Key is set to false, it does nothing and goes back to sleep. If the Registry key is set to True, ittriggers the toast notification:
The Toast Image: (The Launch Toast Remediation Script)
So that explains how the toast works…Baseline works.
The scripts are all on GitHub and I’ve tried to add a lot of comments, but if you think they are deserving of blogs, let me know -Gary
Check out the other posts in this series:
See how Right Click Tools are changing the way systems are managed.
Immediately boost productivity with our limited, free to use, Community Edition.
Get started with Right Click Tools today: