Clean start layout policy
Today there are two options to apply a start layout to users, fully locked or partial locked.
Fully locked start layout will clean the start layout from "consumer things" and nicely only show what have been deployed centrally. But lack support of user customizations such as pinning and resize.
Partial locked start layout will allow the users to customize the start layout and show what have been centrally deployed, but it will also show the default start layout/"consumer things" on the desktop that are not wanted in an enterprise.
I would like to see an option to either clean start layout for existing users and apply partially locked or modify the "C:\users\default\appdata\local\Microsoft\windows\shell\LayoutModification.xml" before the first user logs on with i.e. autopilot.
i would like to see user can still Pin to Start if it is set as Partial locked...
Yes please. It is annoying being stuck with all of these applications the user will never use. Especially the "Install Office" link when we already deployed office. Super annoying.
This seems to be a basic set of features that are missing from the Start Menu management via Intune. Testing today, although I am able to apply a Device Configuration Restrictions policy with the Start menu XML, it fails with an error when attempting to apply the tag 'LayoutCustomizationRestrictionType' to make this a Partial lock.
Eivind N commented
Absolutely. Not being able to do so currently is horrendous.
How about admins being able to CLEAN the Start Menu, apply and Tiles but also leave it completely open to the user to modify it as well?
Emil Skibsted commented
Yes, please make it possible to both clean AND partially lock the startmenu at the same time.
The modification of the LayoutModification.xml could be done by a powershell script that is configured in the Autopilot profile. Of course this script would run in a system context only since no user is logged on yet. It would be a great way to hook in other pre-installations, e.g. software monitoring the deployment process after user has logged, AD joined the device and enrolled in MDM