Disable email signatures in Outlook for Windows using Intune

Solution

You can disable the native email signature experience in Outlook for Windows via Intune in two ways – either by using the Configuration profiles feature or a PowerShell script to be run on users’ machines.

Disable Email Signatures in Outlook with the Configuration Profiles Feature

To disable email signatures in Outlook for Windows using a configuration profile, proceed as follows:

1. Log in to the Microsoft Endpoint Manager admin center.
2. Go to Devices > Configuration profiles and click Create profile (Fig. 1).

Fig. 1. Accessing the configuration profile creation settings in the Microsoft Endpoint Manager admin center.

3. Platform and Profile type, select Windows 10 and later and Templates, respectively. Then, choose Administrative Templates under Template name, and click on Create to add a new configuration profile (Fig. 2.).

Fig. 2. Choosing the right settings template for Outlook for Windows.

4. Now, configure the profile settings. In the Basics step, provide a profile name (mandatory) and description (Fig. 3.). Click Next to proceed.

Fig. 3. Configuring basic profile settings.

5. Select User Configuration from the left-hand menu and type Do not allow signatures in the search box to display the setting you're looking for.

Fig. 4. Finding the appropriate setting from the User Configuration group.

6. Click the setting name (Do not allow signatures for e-mail messages) to open its pane. To disable signatures in Outlook for Windows, select Enabled and click OK > Next to proceed (Fig. 5.).

Fig. 5. Disabling the native signature experience in Outlook for Windows. 

7. Scope tags if you use this feature. Click Next to move on.
8. The Assignments step allows you to define the scope of users for whom the signatures will be disabled. Simply click Add all users to disable signatures for all users in your organization (Fig. 6.). Alternatively, you can click Add groups to turn off signatures for selected Azure Active Directory user groups.
   If you wish to allow users belonging to certain Azure AD groups to use the native signature experience in Outlook for Windows instead, you can exclude them from this policy by clicking Add groups under Excluded groups (See middle of screenshot on Fig. 6.)

Fig. 6. Assigning the policy to all users in the organization.

9. In the final step, which is Review + create, you can double-check if all the settings are accurate. If everything appears as expected, click on Create to save and apply your policy (Fig. 7). From this point forward, the native signature experience in Outlook for Windows will be disabled on the machines of all or selected users, based on your configuration.

Fig. 7. Reviewing the profile settings and applying it.

Tracking the configuration change

The Overview page allows you to check for how many devices & users the configuration profile was assigned successfully and unsuccessfully. To get more detailed information on devices, users, or particular settings, click the Device status, User status, or Per-setting status option respectively (Fig. 8.).

Fig. 8. The configuration profile menu allows you to monitor profile assignments.

Disable email signatures in Outlook with a PowerShell script

Prepare a PowerShell script file

1. Open any text editor (e.g. Notepad) or the PowerShell ISE app and paste the code below into it.
   

   New-ItemProperty -path
   "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings" -Name
   "DisableSignatures" -Value '1' -PropertyType 'DWORD' -Force

2. Use the Save As option (Ctrl+Shift+S) to save the file in the .ps1 format, e.g. Disable_signatures.ps1 (Fig. 9.).

Fig. 9. Creating a PowerShell script file.

Configure Intune to Run the Script for Given Users

1. Log in to the Microsoft Endpoint Manager admin center
2. Go to Devices > Scripts, click Add, and choose the Windows 10 and later option (Fig. 10.).

Fig. 10. Adding a new script to be executed with Microsoft Intune.

3. Name your script, provide an optional description for it, and click Next (Fig. 11.).

Fig. 11. Naming and describing the script.

4. In the Script settings step, load the file into Script Location that you prepared in the previous section of this article and configure the settings as follows:
   1. Run this script using the logged-on credentials: Yes (this will allow running the script for each specific user that logs in on a machine and disable signatures for their specific account)
   2. Enforce script signature check: No
   3. Run script in 64-bit PowerShell Host: Yes (in the case the users’ machines are in 32-bit architecture, choose No)
      The final configuration should look as shown in Fig. 12. below. If you’re OK with your settings, click Next.

Fig. 12. Correct configuration in the Script settings step.

5. If you use the Scope tags feature, you can configure scope tags for this script policy. If not, simply click Next to go to the next step.
6. In the Assignments step, choose users in your organization for whom the script will be executed (you can select all users or specific Azure AD user groups only). You can also exclude certain AAD group(s) by configuring the setting in the Excluded groups section (Fig. 13.).
   Remember to define assignments according to users and NOT devices, as the script modifies an entry in the Current User registry key. If more than one person uses the same machine, the script must be executed for each user that logs in to it.

Fig. 13. The Assignments step allows you to decide for which users the script will be executed.

7. For the last step, Review + add, lets you check all the settings for your script policy. If you’re fine with them, click Add (Fig. 14.) – the script will be added to the scripts list.

Fig. 14. Review your configuration and click Add to start executing the script.

Tracking the configuration change

The Overview page allows you to check for how many devices & users the script was executed successfully and unsuccessfully. To get more detailed information on devices or users, e.g. particular device names, user names, etc., click the Device status or User status option respectively (Fig. 15.).

Fig. 15. The configuration profile menu allows you to monitor profile assignments.