Organizational messages prerequisites
Applies to Windows 11
This article describes the tenant, message, and configuration requirements for organizational messages. Employees will not receive messages until you complete all prerequisites.
Version requirements
Organizational messages are supported on devices running Windows 11, version 22H2 or later.
Licensing requirements
The organizational message feature is included with the following licenses:
- Microsoft 365 E3
- Microsoft 365 E5
- Windows 10/11 Enterprise E3 with Microsoft Intune Plan 1
- Windows 10/11 Enterprise E5 with Microsoft Intune Plan 1
For more information about license options, see Microsoft Intune licensing.
Role-based access control requirements
To create organizational messages in Microsoft Intune, you must be assigned one of these roles:
- Microsoft Entra Global Administrator
- Intune administrator
- Organizational messages manager (Microsoft Intune role)
- Organizational messages writer (Microsoft Entra role)
You can also create a custom role for people managing organization messages by using role-based access control (RBAC). For more information about how to use built-in roles and custom roles, see RBAC with Microsoft Intune.
Logo requirements
Logos must meet these requirements:
- PNG file
- Transparent background
- Size requirements:
- Taskbar messages: 64 x 64 pixels
- Notification area messages: 48 x 48 pixels
- Get Started app messages: 50 pixels long x 50 - 100 pixels wide
Policy requirements
There are certain experience and Windows Spotlight policies in Microsoft Intune that block the delivery of organizational messages. This section describes how to adjust all settings so that delivery is always allowed and works as intended.
Organizational messages delivery policy
Important
This policy is required for devices running Windows 11, version 22H2, build 10.0.22621.900 and later. If you don't enable this policy, these devices can't receive organizational messages. The policy isn't required on devices running earlier builds.
Enable the delivery of organizational messages in all new and existing policies that are targeted at users and devices receiving organizational messages.
- Go to Settings catalog > Experience > Enable delivery of organizational messages (User).
- For Enable delivery of organizational messages, switch the toggle to Enabled.
Windows Spotlight policy
Sign in to the Microsoft Intune admin center and configure the Windows Spotlight policies using a Microsoft Intune device restrictions profile template or the settings catalog. Make sure to adjust these policies in all new and existing policies that are targeted at users and devices receiving organizational messages.
Note
If you use the Windows 10/11 MDM security baseline, you will need to change the Windows Spotlight policy to Not configured. The Windows Spotlight policy controls organizational messages and messages coming from Microsoft. To continue blocking messages from Microsoft as defined in the Windows 10/11 MDM security baseline, configure the Microsoft messaging policy.
Template profiles
Go to Devices > Windows > Configuration profiles, and in a new or existing template profile, select Device restrictions > Windows Spotlight.
- To allow taskbar messages:
- Windows Spotlight: Select Not configured.
- Windows Tips: Select Not configured.
- To allow notification area messages:
- Windows Spotlight: Select Not configured.
- Windows Spotlight in action center: Select Not configured.
- To allow Get Started app messages:
- Windows Spotlight: Select Not configured.
Settings catalog profiles
In a new or existing Windows configuration profile, select Settings catalog > Add settings. Use the Settings picker to add the settings to your profile. Then adjust the setting toggles as needed under Configuration settings.
All of these settings are in the settings catalog, in the Experience category.
- To allow taskbar messages:
- Add Allow Windows Spotlight (User): Switch the toggle to Allow.
- Add Allow Windows Tips: Switch the toggle to Allow.
- To allow notification area messages:
- Add Allow Windows Spotlight (User): Switch the toggle to Allow.
- Add Allow Windows Spotlight on Action Center (User): Switch the toggle to Allow.
- To allow Get Started app messages:
- Add Allow Windows Spotlight (User): Switch the toggle to Allow.
- Add Disable Cloud Optimized Content: Switch the toggle to Disabled.
Policy CSP
The configuration service provider (CSP) policies available for Windows 11 include:
- Experience/AllowWindowsSpotlight
- Experience/AllowWindowsTips
- Experience/AllowWindowsSpotlightOnActionCenter
- Experience/DisableCloudOptimizedContent
Microsoft messaging policy
If you currently block messages that come from Microsoft, you can continue to do so while also allowing organizational messages to come through.
- Sign in to the Microsoft Intune admin center.
- Go to Tenant administration > Organizational messages.
- In the Overview tab, go to step 2 under Before you create a message.
- Decide whether to block messages directly from Microsoft, while allowing admin messages to display: Switch the toggle to Allow to allow both Microsoft messages and organizational messages. Switch the toggle to Block to block Microsoft messages and allow organizational messages.
Attention: New Microsoft Entra tenants
If you recently created your Microsoft Entra tenant, the organizational messages feature won't be available to use right away. It will become available 36 to 64 hours after you create the tenant.
Next steps
Now that prerequisites are complete, you can create organizational messages in Microsoft Intune.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for