This blog post will be about setting default app associations, or file type associations, on Windows 10 devices. Starting with Windows 10, version 1703, it’s possible to set the default app associations via Windows 10 MDM. In this post I’ll briefly go through this setting and I’ll show how to configure the setting via Microsoft Intune hybrid and Microsoft Intune standalone. I’ll end this post by showing the end-user experience.
Configuration
Starting with Windows 10, version 1703, a new setting was introduced that allows an administrator to set the default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. Every sign-in. In other words, the end-user can make adjustments. However, once the end-user signs-out and signs-in again, the default associations will be applied again. This does require the PC to be Azure AD joined.
Get the required information
Let’s start by getting the required information to configure the custom OMA-URI setting. The required OMA-URI setting is available in the Policy CSP.
OMA-URI setting: ./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration
The required OMA-URI value requires the following steps to get it in the correct format.
| 1 | On Windows 10, version 1703, navigate to Settings > Apps > Default apps and configure the required default apps; |
| 2 | Open Command Prompt and run DISM /Online /Export-DefaultAppAssociations:DefAppAss.xml to export a required app associations file; |
| 3 |
In my example I was only interested in switching to Internet Explorer as the default browser and keeping Microsoft Edge as the default for PDF reading. That allowed me to remove all the remaining content from the DefAppAss.xml. Then I used base64encode.org to easily encode the remaining content of the DefAppAss.xml to Base64 format (see screenshot). |
| 4 | The result in Base64 format is the OMA-URI value. |
Configure the setting
After getting the required information, let’s have a closer look at the configuration of the setting. The setting can be used in Microsoft Intune hybrid and Microsoft Intune standalone, by using the configuration guidelines shown below.
| Environment | Configuration guidelines |
| Microsoft Intune hybrid |
Once the configurations are finished, the created configuration items can be added to a configuration baseline and can be deployed to Windows 10 devices. |
|
Microsoft Intune standalone (Azure portal) |
Once the configurations are finished, the profile can be saved and can be deployed to Windows 10 devices. |
Note: This post is based on the custom OMA-URI settings configuration. At some point in time this configuration can come available via the UI of Microsoft Intune standalone and/or hybrid.
End-user experience
Now let’s end this post by having a quick look at the end-user experience. Below on the left is the default Windows configuration and below on the right is the applied policy with the custom app associations. I know that this doesn’t provide a lot of information. However, it does show one important fact, which is that there is nothing preventing the end-user from making adjustments. The end-user can still make adjustments, but those adjustments will be reverted during the next sign-in.
 |
 |
More information
For more information about the Policy CSP, please refer to this article about the Policy CSP.
Question on this – I am developing a Guest \ Kiosk style modern managed device – I have set this in our policy to default to Chrome. As I am using the new shared PC Guest account, which generates a new profile on each login, I am not seeing this default being set. Any thoughts?
Hi Nigel,
Why not simply using the KIOSK-mode?
Regards, Peter
We need the profile to be cleared per use, and the machine to log out after 15mins (client requirements). I am using the new Guest mode with profile management enabled to clear out the local profile on log off. The machine is public use and needs to have many applications available and the machine mostly useable (full office 365 suite installed). If you have any ideas on best accomplishing this I’m all ears 🙂
Hi Nigel,
So are those devices MDM-managed. If not, there are easier ways to set the default associations. See: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/export-or-import-default-application-associations
Regards, Peter
They are MDM managed – AzureAD \ InTune joined.
Hi Nigel,
Did you cast the content to Base64 form? If so, can you provide some more details about your configuration?
Regards, Peter
This one works like a charm!
Thank you Peter!
Great to hear, Michel!
How do we set a default site in chrome (its in kiosk mode). We got kiosk mode to work with it adding a chrome shortcut to the desktop but need it to be a specific site.
Hi Adam,
I would either look at ingesting ADMX-files (https://www.petervanderwoude.nl/post/deep-dive-ingesting-third-party-admx-files/), or using PowerShell script.
Regards, Peter
Hi Peter
Great guide.
Weird problem that I’m running into is that neither the export or if I display them with get-defaultappassociations display the real associated apps. It just returns Edge for PDF and mail for mail.
Any ideas?
Is there a way to not just have this applied one? Then leave it to the Users to set the Default Apps?
Hi Angelo,
Not even after a restart?
Regards, Peter
Hi Nico,
I would say that it depends on your configuration of the XML.
Regards, Peter
Hi Peter
No, apparently when I used elevated PS it used the admin account’s ‘profile’ which I elevated with, which ofcourse was blank and therefor default.
After making the user, that had the right settings, local admin, it worked.
Thank you for the update, Angelo!
Hi Peter Base64 Encode asks which new line seperator to use (linux or Windows)
Does this affect the OMA URI output?
Hi Chris,
I haven’t used it recently, but the result is different. So I would think that it differs. I would go for Windows.
Regards, Peter
It worked like a charm for the Windows. You saved our organization so much headaches. 950+ devices thank you.
Great to hear, Chris!
Great work Peter….been using your solutions to setup and test intune and has helped enormously!…..
Thank you, Wayne!
Hi,
In the new release it’s now possible to push the XML directly into de Intune MDM without conversion by Bash64. Maybe handy to know 😉
That’s good information, Gerard! Thank you!
Regards, Peter
This might be a dumb question, but I can’t find the information anywhere as to where this command outputs the .xml file?
Hi Jim,
I’m not completely sure anymore what the default path is. That being said, you can simply add any custom path that you want.
Regards, Peter