Using remediation scripts to automate a setting for Copilot

Introduction

In a previous blog post I discussed how you can disable (or enable) Microsoft’s new flagship service called Copilot. Copilot is a very hot topic today as it gives the power of AI to all users of Windows.

As it’s going to be included with Windows 11 version 23H2 coming later in Q4 you need to start testing it now. To test it you’ll probably want to have two groups of users, those where you’ve disabled Copilot and a smaller subset where you enable it. Based on my own testing, in order to automate enabling Copilot you need to have some things in place in your environment right now, and those requirements are listed below.

  • Windows 11 version 22H2 with KB5030310 installed
  • Turn on the “Get the latest updates as soon as they are available” windows Update setting
  • Locations needs to be North America, parts of Asia/South America regions only (for now)

In this blog post I’ll focus on the second point above highlighted in red, and we’ll solve the problem by using the remediation scripts ability in Microsoft Intune. You can do this other ways, there’s a CSP listed here that probably does the same thing, I’ll test that and update here as appropriate.

./Device/Vendor/MSFT/Policy/Config/Update/AllowOptionalContent

Keep in mind though the text below:

This policy enables devices to get optional updates (including gradual feature rollouts (CFRs) – learn more by visiting aka.ms/AllowOptionalContent). This CSP contains some settings that are under development and only applicable for Windows Insider Preview builds. These settings are subject to change and may have dependencies on other features or services in preview.

What we need to automate is flipping the switch shown below from Off to On. The switch is for: Get the latest updates as soon as they’re available so that it downloads things like Copilot preview bits from Windows Update.

This actually sets a registry value to 1 when flipped to On and that’s how we’ll solve it.

Note:¬†Whether you set the toggle to Off or On, you’ll still get the regular security updates as usual. The toggle determines how quickly you get the additional non-security¬†updates, fixes, feature updates, and improvements

Download the scripts

The scripts used in this blog post are available here, unzip before use. There are 2 scripts in the zip file, one for detection, and another for remediation.

copilot ux registry key

Create the remediation

As an Intune admin, navigate to Devices, select Windows, select Scripts, ensure you are in Remediations and click on + Create to create a new remediation.

Give the remediation a useful name such as Turn ON – Get the latest updates as soon as they’re available

Click next and add the scripts in the highlighted sections here:

so that it looks like so, make sure to select Yes for Run script in 64-bit PowerShell

Click through the wizard and select an appropriate Assignment group and schedule. In the example below I previously created a dynamic Azure AD group called called All Windows 11 version 22H2 build 2361 based on OSVersion = Version 10.0.22621.2361. I also set the schedule to run hourly, but you can set it any way you wish.

Note that this specific version of Windows 11 is only necessary to test Copilot today as this ability will be native to Windows 11 version 23H2 later in Q4.

Click Create once done. Next you wait, and review the status after it’s reached your target devices.

Monitor the remediation

In the Device Status section of your newly created remediation, you should see the status of all devices targeted by the remediation. Note that it does take some time before this data flows back up to Intune.

and afte running again it’ll change Detection status to Without issues.

Verify on target devices

On a device targeted with this policy, you can review the logs created by the remediation scripts for troubleshooting, they’ll be placed in the following folder:

 C:\ProgramData\IntuneRemediations\Copilot

Next, verify that the Windows Update setting is indeed turned on:

and finally, you can review the registry key that it enables, in HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

IsContinuousInnovationOptedIn = 1

and of course after this setting is set it will auto download the Copilot bits

So once the required KB’s are installed (KB5030310 + KB5030509) and after restarting the targeted device, Copilot is enabled !

job done !

Related reading

see you in the next one

cheers

niall.

This entry was posted in 22H2, Copilot, Remediation scripts, Windows 11. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.