How to configure default apps on Windows using Intune

Default apps in Windows are the programs or applications that are set to automatically open and handle specific file types on your computer. For example: When you open a document with .docx extenstion, it will open it in Microsoft word. A saved document with .pdf extention will open in Adobe reader or if you want to set a default browser to Microsoft Edge or Google chrome etc.

There are some standard set of applications which are used by each user in a organization. Therefore, its best to configure those apps as default apps.

Recently, I got a requirement to set Microsoft Edge as the default browser on all Intune managed devices. I have written a blog post on how to Set Microsoft Edge as default browser using Microsoft Intune.

However, In this blog post, we are going to explore further and set default apps for different programs in Windows 10 or Windows 11. Let’s check the steps:

You can either use an OMA-URI ApplicationDefaults/DefaultAssociationsConfiguration or apply Default association configuration from device configuration profile > settings catalog to configure the default apps. We will first look at how to configure default apps using device configuration profile.

Generate Default app Association XML

First, generate a default app association XML file from any Windows 10 or Windows 11 PC. To generate default app association xml file follow below steps:

Configure Default apps on a Windows device manually

First, we will be configuring default apps on a windows device manually. I have configured Email Application to Outlook, Video Player to VLC and Web browser to Microsoft Edge on a Windows 10 device.

Configure Default apps on a Windows device manually

Generate App Associations XML File

  • Create an empty folder anywhere in your system. For example: C:\temp.
  • Open command prompt as an administrator and run below command:
Dism /Online /Export-DefaultAppAssociations:"C:\temp\AppAssociations.xml"
Generate App Associations XML File.
  • Open the AppAssociations.xml file and remove all other app associations except Microsoft Edge, VLC and Outlook. You an customize the file and remove the lines which you do not need. For example: If you do not want to associate .pdf files with Microsoft Edge then you can remove the line with .pdf from the XML and proceed.

AppAssociations.xml

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>  
  <Association Identifier=".avi" ProgId="VLC.avi" ApplicationName="VLC media player" />  
  <Association Identifier=".wmv" ProgId="VLC.wmv" ApplicationName="VLC media player" />  
  <Association Identifier=".m4v" ProgId="VLC.m4v" ApplicationName="VLC media player" />
  <Association Identifier=".mkv" ProgId="VLC.mkv" ApplicationName="VLC media player" />  
  <Association Identifier=".mov" ProgId="VLC.mov" ApplicationName="VLC media player" /> 
  <Association Identifier=".mp2v" ProgId="VLC.mp2v" ApplicationName="VLC media player" /> 
  <Association Identifier=".mp4" ProgId="VLC.mp4" ApplicationName="VLC media player" />
  <Association Identifier=".mp4v" ProgId="VLC.mp4v" ApplicationName="VLC media player" />  
  <Association Identifier=".htm" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier=".html" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier=".pdf" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier="http" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier="https" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" /> 
  <Association Identifier="read" ProgId="MSEdgeHTM" ApplicationName="Microsoft Edge" />
  <Association Identifier="mailto" ProgId="Outlook.URL.mailto.15" ApplicationName="Outlook" /> 
</DefaultAssociations>

Encode App associations XML to base64 format

Now you have your AppAssociations.xml file. We need to use a base64 encoder app to convert it to a base64 encoded XML:

  • Click on base64encode link.
  • Copy the contents of App associations XML file into the encoder and click on Encode button.
  • You will get an Output. Copy and paste the Output somewhere in notepad.
Encode App associations XML to base64 format

Create Intune Device Configuration Profile

To create a Device Configuration Profile, Please follow below steps:

  • Login on Microsoft Intune admin center.
  • Click on Devices -> Configuration profiles -> Create Profile.
  • Select Platform type as Windows 10 and later.
  • Select Profile type as Settings Catalog.
  • Click on Create.

Basics Tab

  • Provide a Name and Description of the Policy.
  • Click on Next to Proceed.

Configuration Tab

  • Click on + Add settings.
  • Search for Application Defaults in the Settings Picker.
  • Check / Select Default Associations Configuration.
  • Close the Settings Picker.
  • Copy the base64 encoded value generated in previous step in the Default Associations configuration Textbox.
Important Note
Please note that if you already have another device configuration profile with Default Associations Configuration then creating this Default Association Configuration will result in Conflict and the new configuration will not be applied. Please make sure that you only have one Device Association Configuration applied on a device.
Default Associations configuration Intune

Assignments Tab

Either Add all devices or an Azure AD security group containing specific devices.

Default Associations configuration assignment

Review + Create

Review the policy and click on Create to create the policy.

End User Experience

Now, lets check one of the Windows 10 device where we have targetted this policy. You can either wait for the Intune Policy refresh to complete or speed up the sync to download the policies as soon as possible, you can force initiate a Intune sync from the Device itself. In case if it still does not work, then you need to restart your device once and check if the policy has been applied and default apps are configured as per the configuration profile.

From Settings App

  • Go to the Settings App on the device.
  • Click on Apps -> Default Apps.
  • You will find that the Default Apps are configured now as per the configuration via Device configuration profile.

From Microsoft EndPoint Manager Admin Center

To check if the Device Configuration Profile has been deployed successfully. Please follow below steps:

  • From Microsoft Intune admin center, Click on Devices on the left hand side.
  • Click on Configuration Profiles.
  • Search for Default Apps Windows device configuration profile or whatever name you had provided at the time of creation of this policy.
  • In the Overview section you can check the deployment status. You can also click on View report to find more information about the deployment status.
Default Apps configuration monitoring on windows

How to check Default Association Configuration from Registry Editor

Follow below steps to Verify if Default Association setting has been applied successfully.

  • Go to Start -> Type Regedit and click on Registry Editor.
  • Find the Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\ApplicationDefaults
  • You can check an Regisry Entry on the right hand side: DefaultAssociationsConfiguration which should be now set to base64 encoded value configured via Intune.
How to check Default Association Configuration from Registry Editor

How to check Default Association Configuration from Event Viewer

You can also check via Event viewer if Default Association Policy has been pushed to this machine now. Please follow below steps to check:

  • Go to Start -> Search for Event Viewer and click on it to Launch Event Viewer MMC.
  • Expand Application and Services logs -> Microsoft -> Windows.
  • Find DeviceManagement-Enterprise-Diagnostics-Provider folder.
  • Click on Admin and Filter for Event ID 814.
  • Go through the logs to find the this particular policy status.
How to check Default Association Configuration from Event Viewer

Conclusion

In this blog post, we have seen how to configure default apps on windows Microsoft Intune. We have just configured VLS, Microsoft Edge and Outlook apps as default apps on the device. But you can add more default apps associations as per your requirement.

You can also use an OMA-URI setting to configure default apps but using Settings Catalog option seems a bit simpler. If you wish to use OMA-URI then you can create a Custom device configuration profile and then Add below OMA-URI Setting:

NameDefaultAppsonWindows
DescriptionSet Default apps on windows devices
OMA-URI./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration
Data typeString
Valuebase64 encoded output value

1 thought on “How to configure default apps on Windows using Intune”

  1. Hello Jatin,

    Thanks for the article, I created the profile as per article and applied it on Hyper-V Virtual machine. Profile is successfully applied. Can see the in registry Key also in logs but in Default application for mailto is not changed to outlook. also in EventLog it is showing error like for enrollment ID requesting Set : The operating system drive is not protected by Bitlocker Drive Encryption.

    Reply

Leave a Comment