How to batch create Outlook profiles with Intune
You would like to learn how to centrally deploy a new Outlook profile and set it as default for all users or group(s) of users in your organization by using Microsoft Intune.
To achieve these two goals, first you need to prepare a file with a simple PowerShell script that adds a new Outlook profile and sets it as default in the Windows registry on a user’s machine. Next, configure Intune to run the script locally for each user belonging to the defined scope of users (e.g. entire organization, Sales Team, etc.).
Prepare the file with the PowerShell script
- Open any text editor (e.g. Notepad) and paste the code below into it. You can replace NewProfile with a custom name of your new Outlook profile.
Set-Location -Path 'HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\' Get-Item -Path 'HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\' | New-Item -Name 'NewProfile' -Force Set-ItemProperty -Path "HKCU:\Software\Microsoft\Office\16.0\Outlook" -Name "DefaultProfile" -Value 'NewProfile' -Force
- Use the Save As option (Ctrl+Shift+S) to save the file in the .ps1 format, e.g. Outlook.ps1 (Fig. 1.).
Fig. 1. Saving the file with the PowerShell script.
Configure Intune to run the script for given users
- Log in to the Microsoft Endpoint Manager admin center.
- Go to Devices > Scripts, click Add, and choose the Windows 10 and later option (Fig. 2.).
If the Devices item is not displayed in the left-hand navigation menu, you can access it by clicking All services.
Fig. 2. Adding a new script to be executed with Microsoft Intune.
- Name your script, provide an optional description for it, and click Next (Fig. 3.).
Fig. 3. Naming and describing the script.
- In the Script settings step, load the file you’ve prepared in the previous section of this article and configure the settings as follows:
- Run this script using the logged on credentials: Yes
- Enforce script signature check: No
- Run script in 64 bit PowerShell Host: Yes
The final configuration should look as shown in Fig. 4. below. If you’re OK with your settings, click Next.
Fig. 4. Correct configuration in the Script settings step.
- If you use the Scope tags feature, you can configure scope tags for this script policy. If not, simply click Next to go to the next step.
- In the Assignments step, choose all users or group(s) of users in your organization for whom the script will be executed. You can also exclude certain group(s), configuring the setting in the Excluded groups section (Fig. 5.).
Remember to define assignments according to users and NOT devices, as the script modifies an entry in the Current User registry key. If more than one person uses the same machine, the script must be executed for each user that logs in to it.
Fig. 5. The Assignments step allows you to decide for which users the script will be executed.
- The last step, Review + add, lets you check all the settings for your script policy. If you’re fine with them, click Add (Fig. 6.) – the script will be added to the scripts list.
Fig. 6. Review your configuration and click Add to start executing the script.
From now on, the script will be executed for each assigned user once they log in to their machine. Upon a successful execution, a new Outlook profile will be created and set as the default one for a given user. Proceed to next sections to learn how to manage the implementation and troubleshoot any potential issues.
Track the implementation
You can track the progress of script executions by clicking script name on the scripts’ list (Devices > Scripts).
The Overview page allows you to check for how many devices & users the script was executed successfully and unsuccessfully (Fig. 7.).
Fig. 7. Charts showing successful/unsuccessful script executions.
To get more detailed information about devices or users, e.g. particular device names, user names, etc., click the Device status or User status option (Fig. 8.).
Fig. 8. Detailed information on script execution for particular devices and users.
The successful script execution can be also verified locally, on a given user’s machine. In the case of a failure to execute the script, you can go to:
In this location, you can find the IntuneManagementExtension.log file which will contain error details.
Troubleshoot the implementation
One of the common errors that you can spot in the IntuneManagementExtension.log file is:
Cannot find path 'HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\' because it does not exist
Usually, there are 2 reasons why it happened:
- Appropriate registry keys are missing because a user has never launched the Outlook desktop app on their machine. To solve the problem, launch the Outlook desktop app on that user’s machine – Intune will attempt to execute the script at a certain point in the future.
- A user uses an Outlook version that is older than 2016. To solve the problem, prepare another script file that contains updated registry tree information (e.g. 'HKCU:\Software\Microsoft\Office\15.0\Outlook\Profiles’ for Outlook 2013) or use GPO to add a new Outlook profile.
|Related products:||CodeTwo Exchange Migration, CodeTwo Office 365 Migration|
|Last modified:||October 20, 2021|
|Created:||October 20, 2021|