Removing Teams Chat from Windows 11

Screenshot of Teams Chat 'Meet and chat with friends and family' page
Hooray, Teams! Hang on, when it says ‘chat with friends and family’, it means that! No work chat!

As you’ve probably already noticed, Windows 11 comes with a Teams client baked in. It’s the shiny new Edge WebView2 client! Hooray no more Electron! Unfortunately it only supports personal accounts at the moment – so it’s anything from a nuisance to added confusion on any sort of managed desktop. Luckily there are a few ways to get rid of it and I’ll run through them here. It doesn’t matter if you’re on-prem, hybrid or pure Azure AD as there’s a GPO setting and Intune policy setting to achieve this, as well as a Policy CSP/OMA URI if you want to use that instead.

Firstly we can remove the app using the following PowerShell – perhaps as part of a task sequence if you are deploying the OS using ConfigMgr. This would need to run before anyone has logged on (as it doesn’t make any change to existing user profiles).

Get-AppxProvisionedPackage | Where {$_.DisplayName -eq "MicrosoftTeams"} | Remove-AppxProvisionedPackage -Online

If you’ve already got a script which removes various AppX packages you can simply add MicrosoftTeams to the list, if you haven’t – the above PowerShell is how to do it. This removes Teams from the Start menu and apps search, but doesn’t remove the task bar button – you will also need to remove the icon using GPO/MEM/Registry settings.

Continue reading “Removing Teams Chat from Windows 11”

MEM: Setting Client Registry Keys

With domain joined clients we’ve been able to push out registry setting changes with things like Group Policy Preferences. Unfortunately there isn’t an equivalent to this in MEM. While your best plan here would be to find the setting within the Settings Catalog or Templates in a configuration profile, or even look for an OMA-URI which can be set, there will always be some tasks which can only be achieved by directly setting a registry key.

Within MEM we can create PowerShell scripts which run once per user/device. We can specify whether we want these to run in user context or system context. The scripts are downloaded to the device by the Intune Management Extension (IME) and run once per user. If the script is running under the system context then the user does not need to be logged in for the script to execute. If you update the script, it will run again. If it is set to run in user context, and the user is a local administrator, it will run with administrative privileges.

This seems perfect for any registry keys we may wish to change once only. We can of course use Proactive Remediation instead (part of Endpoint Analytics, mentioned briefly in this post however I do plan a detailed look at Proactive Remediation soon) which would allow us to schedule the script to run frequently, as a detect/remediate script pair. Continue reading “MEM: Setting Client Registry Keys”

MEM: Updating to Windows 11

Updating devices to Windows 11 is fairly simple through Intune, using the Feature Updates settings. To get this working you’ll need Intune licences (…obviously) along with one of the following:

  • Windows Enterprise E3/E5, included in Microsoft 365 E3/E5/F3
  • Windows Education A3/A5 (M365 A3/A5)
  • Windows VDA per user
  • Microsoft 365 Business Premium

You’ll also need the devices to be on a supported version of Windows 10, enrolled in Intune and either Hybrid or Azure AD joined. Telemetry will need to be enabled – this can be enforced with a Device Restriction policy.

Continue reading “MEM: Updating to Windows 11”