Patch My PC / Blog

Improving Onboarding Experience: Automatically Launch the Company Portal

by | Nov 26, 2024 | Blog

What if I told you we could automatically launch /startup the Company Portal after the first user logins? Imagine skipping the User Status Page entirely and letting the Company Portal guide users through the apps still being installed or even showing them if the device is compliant without the user lifting a finger. And here’s the funny part: this isn’t just for the Company Portal. You can do it for any app you need to take center stage. Ready to make it happen? Let’s dive in.

Introduction

At Ignite 2024, Microsoft announced the automatic startup feature for the new Company Portal UI, a potential game-changer for streamlining Autopilot Device Preparation (AP-DPP) and enhancing the user onboarding experience.

While we eagerly await its production rollout, there’s no reason we can’t take matters into our own hands and achieve similar functionality today.

By leveraging its enhanced capabilities, we can start shifting away from the traditional Enrollment Status Page (ESP) and let the Company Portal take center stage. This approach simplifies onboarding while ensuring users are informed about app installations and compliance in a seamless, intuitive way.

How the New UI Enhances Onboarding

The revamped Company Portal UI transforms how users interact with app installations and compliance checks. If you haven’t already read my blog introducing the new Company Portal experience, now’s the time to dive in!

Instead of waiting for the traditional ESP to complete its phases, users could be greeted with a more dynamic interface that provides real-time feedback. By configuring the onboarding flow to rely on the Company Portal, you’re giving users an experience that’s:

  • Clear and Transparent: They can see which apps are installing and track progress.
  • Efficient and Informative: Compliance checks and device readiness are communicated directly.
  • Intuitive: Users are empowered to take action if necessary, reducing IT support queries.

Integrating the Company Portal into your onboarding strategy enhances efficiency and enhances the user experience. Let’s dive into the technical steps to make this a reality.

Skipping the User Status Page (APv1 Only)

The first step in automatically starting up the Company Portal after login, is skipping the User Status Page, unless you use Autopilot Device Preparation (AP-DPP). With AP-DPP, the account setup phase is already skipped, which pretty much confirms Microsoft’s intent to phase out the user status page (Account Phase) entirely.

By configuring a CSP to disable this step (SkipUserStatusPage), you allow the Company Portal to handle app and compliance statuses. This approach streamlines the flow and ensures a smoother user experience.

  • OMA-URI ./Device/Vendor/MSFT/DMClient/Provider/MS DM Server/FirstSyncStatus/SkipUserStatusPage
  • Choose Boolean as Data type
  • Choose True as Value

Just to clarify: We’re NOT skipping the Device ESP here, only the User ESP (which, let’s be honest, is broken half the time anyway). This ensures that all your Autopilot-required and device-targeted apps, like Office, VPN tools, and more, are still properly installed on the device as expected

Once the SkipUserStatusPage setting is configured, it will be applied to the device and recorded in the FirstSync registry key.

configuring the skipuserstatuspage is a good thing

That’s a key detail we’ve touched on before, right? If not, you’ll want to check out this blog, it dives deep into how the ESP evaluates and progresses through its phases.

With SkipUserStatusPage configured, the next step is to ensure the Company Portal launches automatically on the first login. But how do we make that happen for APv1 and APv2???

Taking It a Step Further: Automatically Startup the Company Portal

Here’s the catch: there’s still no built-in feature to automatically startup the Company Portal automatically after the first boot (even though it was announced at Ignite, it’s not here yet). That’s where a little customization comes in. By configuring the Company Portal as a Line of Business (LOB) app in the device context and using a PowerShell script, you can auto-launch it after login.

Step 1: Adding The Company Portal App

  • Download the LOB version of the Company Portal.
  • Deploy it through Intune and assign it to devices, and ensure the Install Context is set to: Device Context
  • Ensure the app is included in your Autopilot APv1 profile as a required app or the Autopilot Device Preparation Profile if you’re using APv2

Once configured, I also needed to ensure that the Company Portal app would be automatically launched when the user logs in to Windows—and only once! To do so, I needed a PowerShell script (works for APv1 and Apv2)

Step 2: The PowerShell Script to automatically start the Company Portal


# Path to store the PowerShell script
$scriptsFolder = "C:\Scripts"
$scriptPath = Join-Path -Path $scriptsFolder -ChildPath "LaunchCompanyPortal.ps1"

# Path to the All Users Startup folder
$startupFolder = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp"
$shortcutPath = Join-Path -Path $startupFolder -ChildPath "LaunchCompanyPortal.lnk"

# Ensure the scripts folder exists
if (-Not (Test-Path -Path $scriptsFolder)) {
    New-Item -ItemType Directory -Path $scriptsFolder -Force | Out-Null
    Write-Host "Scripts folder created: $scriptsFolder"
} else {
    Write-Host "Scripts folder already exists: $scriptsFolder"
}

# Define the content of the LaunchCompanyPortal.ps1 script
$scriptContent = @"
# Define the registry key and value for the flag
`$regPath = `"HKCU:\Software\CompanyPortalLauncher`"
`$regValue = `"Launched`"

# Check if the flag is already set in the registry
if (-Not (Test-Path -Path `$regPath) -or -Not (Get-ItemProperty -Path `$regPath -Name `$regValue -ErrorAction SilentlyContinue)) {
    # Launch the Company Portal
    Start-Process `"companyportal:`"

    # Set the registry key to indicate the script has run
    try {
        New-Item -Path `$regPath -Force | Out-Null
        Set-ItemProperty -Path `$regPath -Name `$regValue -Value `$true
        Write-Host `"Registry flag set: `$regPath`"
    } catch {
        Write-Host `"Error setting registry flag: `$($_.Exception.Message)`" -ForegroundColor Red
    }
} else {
    Write-Host `"Company Portal has already been launched for this user. Skipping.`"
}
"@

# Create the PowerShell script in the scripts folder
try {
    Set-Content -Path $scriptPath -Value $scriptContent -Force
    Write-Host "PowerShell script created at: $scriptPath"
} catch {
    Write-Host "Error creating script: $($_.Exception.Message)" -ForegroundColor Red
    exit 1
}


# Create a shortcut in the Startup folder
try {
    # COM Object to create the shortcut
    $WshShell = New-Object -ComObject WScript.Shell
    $shortcut = $WshShell.CreateShortcut($shortcutPath)

    # Properly escape arguments for cmd.exe and hide the powershell window
    $cmdArguments = "/c start /min `"`" powershell.exe -NoProfile -WindowStyle hidden -ExecutionPolicy Bypass -File `"$scriptPath`""

    $shortcut.TargetPath = "cmd.exe"
    $shortcut.Arguments = $cmdArguments
    $shortcut.WorkingDirectory = $scriptsFolder
    $shortcut.Save()

    Write-Host "Shortcut created at: $shortcutPath"
} catch {
    Write-Host "Error creating shortcut: $($_.Exception.Message)" -ForegroundColor Red
    exit 1
}


# Final success message
Write-Host "The LaunchCompanyPortal.ps1 script and its shortcut have been deployed successfully." -ForegroundColor Green



This PowerShell script performs the following tasks:

Creates a Scripts Directory: Ensures the C:\Scripts folder exists, creating it if necessary.

Defines a PowerShell Script: Creates a script named LaunchCompanyPortal.ps1 in the C:\Scripts folder. This script:

  • Checks a specific registry key (HKCU:\Software\CompanyPortalLauncher) to see if the Company Portal app has already been launched for the current user.
  • Launches the Company Portal app (companyportal:) if the registry flag does not exist or indicates it hasn’t been launched yet.
  • Sets a registry flag to record that the app has been launched for the user.

Creates a Startup Shortcut: Adds a shortcut named LaunchCompanyPortal.lnk to the All Users Startup folder (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp). The shortcut:

  • Executes the LaunchCompanyPortal.ps1 script silently during user login using PowerShell with cmd.exe /c /start /min

Logs Success or Errors: Provides feedback during each step of the process (script creation, registry flag setting, shortcut creation), outputting messages to the console for troubleshooting.

Automates Company Portal Launch: This ensures that the Company Portal app automatically launches during startup only if it hasn’t been launched for the current user before.

It is obvious we still need to configure/upload the script, so let’s do so!

Step 3: Configuring the Auto Launch Script

I uploaded the PowerShell script to Intune, which you will find below, and ensured it would run in the system context.

Also please ensure you assigned it to the proper device group. So for Autopilot Device Preparation, this is the Enrollment Time group you also configured in the AP-DPP Profile.

If you are using AP-DPP, you also need to ensure that after uploading and assinging the script, it is also added to the AP-DPP Profile as an allowed script. (otherwise, it won’ t be executed during AP-DPP)

Adding the PowerShell Script to the autopilot device preparation profile settings

The Startup Delay?

With the prerequisites configured, the next step is to ensure the Company Portal launches automatically upon first login. Initially, the PowerShell script placed the shortcut for the PowerShell script in the Startup folder, which worked—but not as expected. Instead of launching immediately after login, there was an annoying delay (about 60/90 seconds).

At first, I thought, “What’s causing this lag?” The shortcut was in the right place, so why wasn’t the Company Portal launching the same second the desktop loaded? This behavior left me digging into the startup process to figure out why it wasn’t as instant as it should be.

Taking It a Step Further: Fixing the Delay

After some investigation, I found the culprit: the startup delay introduced by Windows Explorer. By default, Windows 11 staggers the launch of startup applications to optimize the user experience. While this works for most scenarios, in our case, it was creating an unnecessary delay in launching the Company Portal.

To fix this, I used the following PowerShell script to tweak the registry and disable the startup delay by adding this WaitForIdleState registry key to the HKCU. (Current User)

# Path to the registry key
$regPath = "HKCU:\Software\
Microsoft\Windows\CurrentVersion\Explorer\Serialize"

# Ensure the registry key exists
if (-Not (Test-Path -Path $regPath)) {
    New-Item -Path $regPath -Force | Out-Null
    Write-Host "Registry key created: $regPath"
}

# Set the WaitForIdleState value to disable delay
Set-ItemProperty -Path $regPath -Name "WaitForIdleState" -Value 0 -Type DWord
Write-Host "WaitForIdleState set to 0 to disable startup delay."

# Optionally set StartupDelayInMSec to 0
Set-ItemProperty -Path $regPath -Name "StartupDelayInMSec" -Value 0 -Type DWord
Write-Host "StartupDelayInMSec set to 0 to further reduce delay."

Write-Host "Startup delay registry changes applied successfully." -ForegroundColor Green

What This Script Does

  • Ensures the Registry Key Exists: Creates the Serialize registry key under Explorer if it doesn’t already exist.
  • Disables Startup Delay: Sets WaitForIdleState to 0, preventing the startup delay for scripts and apps.
  • Optional Delay Reduction: Sets StartupDelayInMSec to 0 for an even faster launch.

With this additional registry tweak, the Company Portal now launches almost immediately after login, providing the seamless onboarding experience we aimed for.

The Results

I decided to record it and showcase the results—it’s much easier than trying to explain how it works!

And the funny thing about this solution? We can also use the same approach for other processes that need to be executed when the user logs in to the device for the first time!

The Summary

In summary, here’s what needs to be done to ensure the Company Portal launches automatically after enrollment

If you are using Autopilot V1,

  • You need to configure the SkipUserStatusPage setting
  • You need to ensure you upload the MSI
  • You need to Upload Both PowerShell Scripts (AutoStart and Fix Delay)

If you are using Autopilot Device Preparation

  • You need to ensure you upload the MSI and assign it to the enrollment time group
  • You need to Upload Both PowerShell Scripts (AutoStart and Fix Delay)
  • Assign both PowerShell scripts and the MSI app to the AP-DPP Profile as allowed app and PowerShell Script

Wrapping It Up

By addressing the startup delay and automating the launch of the Company Portal, you can ensure users have instant access to app statuses and compliance updates right after logging in.