Jump to content


anyweb

Using remediation scripts to automate a setting for Copilot

Recommended Posts

Introduction

In a previous blog post I discussed how you can disable (or enable) Microsoft’s new flagship service called Copilot. Copilot is a very hot topic today as it gives the power of AI to all users of Windows.

As it’s going to be included with Windows 11 version 23H2 coming later in Q4 you need to start testing it now. To test it you’ll probably want to have two groups of users, those where you’ve disabled Copilot and a smaller subset where you enable it. Based on my own testing, in order to automate enabling Copilot you need to have some things in place in your environment right now, and those requirements are listed below.

  • Windows 11 version 22H2 with KB5030310 installed
  • Turn on the “Get the latest updates as soon as they are available” windows Update setting
  • Locations needs to be North America, parts of Asia/South America regions only (for now)

In this blog post I’ll focus on the second point above highlighted in red, and we’ll solve the problem by using the remediation scripts ability in Microsoft Intune. You can do this other ways, there’s a CSP listed here that probably does the same thing, I’ll test that and update here as appropriate.

./Device/Vendor/MSFT/Policy/Config/Update/AllowOptionalContent

Keep in mind though the text below:

This policy enables devices to get optional updates (including gradual feature rollouts (CFRs) – learn more by visiting aka.ms/AllowOptionalContent). This CSP contains some settings that are under development and only applicable for Windows Insider Preview builds. These settings are subject to change and may have dependencies on other features or services in preview.

What we need to automate is flipping the switch shown below from Off to On. The switch is for: Get the latest updates as soon as they’re available so that it downloads things like Copilot preview bits from Windows Update.

turn-on-this-setting.png

This actually sets a registry value to 1 when flipped to On and that’s how we’ll solve it.

Note: Whether you set the toggle to Off or On, you’ll still get the regular security updates as usual. The toggle determines how quickly you get the additional non-security updates, fixes, feature updates, and improvements

Download the scripts

The scripts used in this blog post are available here, unzip before use. There are 2 scripts in the zip file, one for detection, and another for remediation.

copilot ux registry key

Create the remediation

As an Intune admin, navigate to Devices, select Windows, select Scripts, ensure you are in Remediations and click on + Create to create a new remediation.

navigate-here.png

Give the remediation a useful name such as Turn ON – Get the latest updates as soon as they’re available

name-the-remediation-1.png

Click next and add the scripts in the highlighted sections here:

add-scripts-here.png

so that it looks like so, make sure to select Yes for Run script in 64-bit PowerShell

run-script-in-64-bit-PowerShell.png

Click through the wizard and select an appropriate Assignment group and schedule. In the example below I previously created a dynamic Azure AD group called called All Windows 11 version 22H2 build 2361 based on OSVersion = Version 10.0.22621.2361. I also set the schedule to run hourly, but you can set it any way you wish.

Note that this specific version of Windows 11 is only necessary to test Copilot today as this ability will be native to Windows 11 version 23H2 later in Q4.

assignment-group-and-schedule.png

Click Create once done. Next you wait, and review the status after it’s reached your target devices.

Monitor the remediation

In the Device Status section of your newly created remediation, you should see the status of all devices targeted by the remediation. Note that it does take some time before this data flows back up to Intune.

issue-fixed.png

and afte running again it’ll change Detection status to Without issues.

without-issues.png

Verify on target devices

On a device targeted with this policy, you can review the logs created by the remediation scripts for troubleshooting, they’ll be placed in the following folder:

 C:\ProgramData\IntuneRemediations\Copilot

remediation-logs.png

Next, verify that the Windows Update setting is indeed turned on:

turned-on.png

and finally, you can review the registry key that it enables, in HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

IsContinuousInnovationOptedIn = 1

registry-key-set.png

and of course after this setting is set it will auto download the Copilot bits

kb5030509.png

So once the required KB’s are installed (KB5030310 + KB5030509) and after restarting the targeted device, Copilot is enabled !

niall-copilot.png

job done !

Related reading

see you in the next one

cheers

niall.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.