Create/Manage Organizational Messages from Microsoft Intune

 Organizational messages can be used to send important messages to users on Microsoft Intune managed Windows 11 devices. It’s designed for taskbar area, notification area and get started app and you can monitor the delivery status and cancel if its not required. Taskbar messages can be used to send important notification (Ex. Critical update) and it will show in the Desktop taskbar. It will be visible in the taskbar until user dismiss the message. Notification area messages can be used to send informational messages (Ex. Training, optional update) and it will pop up and then disappear. Get Started app messages can be used to welcome new employees, support information & policies after they enrolled the device and then open the get started app.

Prerequisites:

Organizational messages can be delivered to the machines running with Windows 11, version 22H2 or later. This feature is included in the Microsoft 365 E3, Microsoft 365 E5, Endpoint Management + Security E3 and Windows Enterprise E3 and Endpoint Management + Security E5 and Windows Enterprise E5.

Administrator who creates the organizational messages needs to be part of any one of the following roles (Azure AD Global administrator, Intune administrator, Organizational messages manager (Microsoft Intune role), Organizational messages writer (Azure AD role)).

Logos and size requirements are PNG file, transparent background, taskbar messages (64×64 pixels), notification area messages (48×48 pixels), Get started app messages (50 pixels long x 50 – 100 pixels wide).

There are some policies will block the delivery of organizational messages to devices and we need to adjust the settings to work as expected. The policies are required for the devices running with Windows 11 22H2 and later version and its not required for earlier builds.

Enable the below delivery of organizational messages policy to the targeted devices. Go to Settings Catalog -> Experience -> Enable delivery of organizational messages (User), Switch the toggle to Enabled.

Configure Windows Spotlight policy to Non configured to control organizational messages and messages coming from Microsoft. To configure Windows Spotlight policy using template profiles, Go to Devices -> Windows -> Configuration profiles. In a new template profile, select Device restrictions -> Windows spotlight and configure below settings to allow messages.

  • Taskbar messages:
    • Windows Spotlight: Select Not configured.
    • Windows Tips: Select Not configured.
  • Notification area messages:
    • Windows Spotlight: Select Not configured.
    • Windows Spotlight in action center: Select Not configured.
  • Get Started app messages:
    • Windows Spotlight: Select Not configured

Configure profile using settings catalog profiles, select settings catalog -> Add settings and adjust the setting toggles. In the experience category.

  • Taskbar messages:
    • Add Allow Windows Spotlight (User): Switch the toggle to Allow.
    • Add Allow Windows Tips: Switch the toggle to Allow.
  • Notification area messages:
    • Add Allow Windows Spotlight (User): Switch the toggle to Allow.
    • Add Allow Windows Spotlight on Action Center (User): Switch the toggle to Allow.
  • Get Started app messages:
    • Add Allow Windows Spotlight (User): Switch the toggle to Allow.
    • Add Disable Cloud Optimized Content: Switch the toggle to Disabled.

Configure Microsoft messaging policy to allow organizational messages to devices. Go to -> Microsoft Endpoint manager admin center and tenant administration -> Organizational messages. In overview tab, decide whether to block messages directly from Microsoft, while allowing admin messages to display: Switch the toggle to Allow to allow both Microsoft messages and organizational messages. Switch the toggle to Block to block Microsoft messages and allow organizational messages.

Limitations:

  • You can send messages only to users, not to devices & mixed groups.
  • If the users are newly added to Azure AD, the messages can be sent only after 36 to 64 hours and the users belongs to more than 200 groups, it is not supported.
  • Intune will set the delivery end date to 12/31/2035 if you send the messages to Get started app and the messages will deliver till that date.
  • If you send multiple messages to users, they will receive the message in random order and you can set the priority to the messages.
  • Sometimes when you send the message to users and you will receive success confirmation, but it will fail in the background, the status still shows as scheduled.

Create Taskbar message:

Sign into Microsoft Endpoint manager portal. Go to Tenant administration -> Organizational messages (preview). Go to Message tab and select Create.

Choose Message Type which message type you want configure and, in this case, I selected Taskbar and Message theme is Mandatory update to install a mandatory update and click ok.

On the organizational message page, choose logo you want to display in the message and the logo should meet the mandatory requirements, or else it will show error message. Please provide a link of the message and you can drop down and choose your domain in your tenant. You can also add the link of the path but its optional. Choose language to display in the message and its supported up to 18 languages. If your preferred language is not supported, the message will show in the preferred fallback language. Preview the message and turn on the toggle to view the message in dark theme. Click Next to schedule the message.

On Schedule page, specify the delivery of the message.
First day to show message: Specify the date when the message should show first and configure this setting at least 24 hours before the delivery date.
Last day to show message: Specify the date when the message should show last and it should be at least 7days after start date.
Message repeat frequency: Specify the frequency of the message need to appear for the entire time i.e. once a week, once a month or once a year and click next to proceed with assignments.

On assignments page, include groups or users you want to deliver the message and I have added all users and there is an option to exclude groups if needed. You can not mix users and device groups in the include and exclude. Click Next to review and create the message.

On Review + Create page, verify the configured settings Message, Schedule, URL and Assignments and click Create. If required, you can edit the message in organizational messages(preview) under message tab.

Microsoft Intune

Taskbar message: Taskbar message will appear in the user’s taskbar, on top of everything else on the desktop. The message will appear again with the frequency you specified.

Notifications area message: Notification area message will appear in the notifications area of your devices and will repeat until the user acts on the message.

Get Started app message: The message will appear in the get started app the first time when the user open after enrolled the device in Intune. You can use this message to welcome the new employee to the organization and provide the information about HR raining, policies and technical support details.

Microsoft Intune

Monitoring

You can monitor the existing organizational messages using reporting details in Intune and the below details are included in the messages. Go to Microsoft Endpoint Manager portal -> Tenant administration -> Organizational messages (preview) -> Message tab and it will list all existing messages.

Message type: Shows whether it’s a taskbar message, notification message or Get Started App message.
Message theme: Shows the theme details for message type.
Date created: Shows the created date of the message.
Status: Shows the status,
Active: The message is currently being shown to users according to your schedule.
Scheduled: The message isn’t currently being shown to users but has been scheduled.
Canceled: The message was canceled and is no longer scheduled to go out to users.
Completed: The message was sent out during the scheduled time and is done being shown.
Start date: Shows the start date for the message.
End date: Shows the end date for the message.
Times shown: Shows an estimate of the total number of times the message has been shown to users in the past 180 days.
Times clicked: Shows an estimate of the total number of times users clicked the message in the past 180 days.
Click-through rate: Shows how often, in percentage, that users clicked the message when shown. This data is determined by dividing times clicked by times shown.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
WME Cybersecurity Briefings No. 008
Cyber Security

WME Security Briefing 03 May 2024

Security Bulletin: MITRE Corporation Targeted by Nation-State Cyber Attack Overview The MITRE Corporation, a prominent security and cybersecurity researcher in the USA, has fallen prey to compromise in its environment because of a sophisticated cyberattack from

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=