Intune as your Email Signature Manager for Outlook
Looking for a free and lightweight solution for Microsoft Intune to manage company e-mail signatures for Outlook? Look no further!
You manage Windows 10 devices that are:
- Azure AD Joined;
- Managed with Microsoft Intune;
- Deployed with the Microsoft 365 Apps (Outlook)
Note: The app leverages the -AccountId parameter of the Connect-AzureAD cmdlet for Single Sign-On. Please note that this has only been tested on Azure AD Joined devices. It may or may not work on Hybrid Azure AD Joined devices.
On GitHub, I published the source for a Win32 app that can be wrapped with the Microsoft Win32 Content Prep Tool for Microsoft Intune. The application queries Azure Active Directory as the signed-in user, generates their signatures from a template included in the app, and then deploys them to the user’s Outlook signatures in
Pros & Cons
- Supports Single Sign-On. Signatures are seamlessly deployed to a user!
- When managing devices with Microsoft Intune, no other (commercial) 3rd party tools required are required.
- Free of charge!
- Email signatures are only deployed to Outlook. Does not support Outlook on the Web and Mobile apps.
- More complex to update an email signature template compared to 3rd party tools that offer a WYSIWYG (What you see is what you get) editor.
How does it work?
- Download the source files from https://github.com/jseerden/IntuneEmailSignatureManagement
- Modify the email signature template files to your liking and include placeholder values. Supported placeholder values for the templates are listed below.
An option to modify the templates is to temporarily put them in your
%APPDATA%\Microsoft\Signaturesfolder, edit them from the Outlook Signatures editor and put them back in the source folder.
Note: It is important that the actual values are available on the Azure AD user, either managed from Active Directory or directly in Office 365 / Azure AD. The placeholder values are replaced with the actual values configured on the user object.
An example signature template is included, that looks like this:
- Package the source folder with the Microsoft Win32 Content Prep Tool, for example:
IntuneWinAppUtil.exe -c '.\Source' -s '.\Source\install.ps1' -o '.\Package'
- Deploy the .intunewin app with Microsoft Intune to your users!
Supported placeholder values
Deploying the Win32 app
Upload the .intunewin file you generated as a Win32 app in Microsoft Intune and use the install values below.
PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "install.ps1"
PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "uninstall.ps1"
- Manually configure detection rules
- Rule type: File
- Path: %APPDATA%\Microsoft\Signatures
- File or folder: Default signature.htm
- Detection method: File or folder exists
Note: You can change the signature’s display name in Outlook by changing the file names in the Source\Signatures folder. Make sure to translate the changes into the detection rules!
When the app is deployed to the user, the placeholder values in the template are replaced with the actual values on the user object and the signatures are saved in the user’s signatures folder.
33 thoughts on “Intune as your Email Signature Manager for Outlook”
i tried to deploy your signature but it wan´t install on the clients.
If i deploy it by Hand (create folder c:Signatures an run the install.ps1) it will create the signature for the users
Make sure it’s running in User context rather than System. Also check if the install cmdlet is correctly entered.
I just wanted to say that what youve made is incredibly cool! great work
Any work around when deploying this during Autopilot? Win32 apps doesn’t mix well with LOB apps.
Hi Jeo Anderson,
You could wrap your LOB apps as Win32?
I’m getting this error.
“The unmonitored process is progress, however it may timeout 0x87D300C9”
Going to at the logs in “(C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\”.
Wondering if you have an idea of what the issue may be in the meantime.
I did not experience this in my testing, not sure what is causing the timeout. Would be happy to hear if you found a solution to this issue.
Hi John, this looks overall fantastic. But unfortunately it only works on my laptop and the laptop of my co-admin.
The rest of my key users get an unspecific timeout (in the Intune install status view).
The Intune Logs are no help as well.
I’ve got the feeling that “-ExecutionPolicy Bypass” doesn’t work for some reason and the users devices cannot execute the script at all, whereas me and my co-admin are set to “Bypass” by default. I’ve set Install behaviour to USER and copied your install command.
Do you have any idea what could prevent the script from running?
I just ran this on a standard user’s device that has the execution policy set to “Restricted”. Deployment was successful. I’m not sure what causes the time-out. Perhaps any policies you’ve configured are blocking one of the cmdlets in the install.ps1 file? Would love to hear what causes this if you manage to figure it out.
Just thought id give everyone a update on this one as i had the same issue
The unmonitored process is in progress, however it may timeout. (0x87D300C9)
it turns out the the script is excellent…however the process gets stuck on the AzureAD module install, After running the command to install the module manually on a few previous failed users and devices the NuGet Package manager is required to install the module if its not been done previously. This is where the script falls short and doesnt continue…normally when you run
Install-Module -Name AzureAD -Scope CurrentUser -Force you get a prompt that requires attention.
I haven’t worked on it any further yet but if you run a script on the users machine that installs the AzureAD module before Intune tries to install the signature it will work as intended.
Thanks, appreciate your comment. CLinton also noted this. The script has been updated on GitHub to install the NuGet Package Provider before installing the AzureAD PowerShell Module.
We use Intune with Windows PCs and Macs. Any way to deploy an email signature to Outlook on a Macintosh using Intune?
I don’t have any experience with that and would probably look into other 3rd party solutions for that.
The script works great, excellent job!
Any way to make this run on logon via intunes?
Thanks! Currently, it only runs once, until the user deletes or renames the signatures manually (this forces an update due to the detection rule).
To run this on logon, logic needs to be added to the install.ps1 file, that stores the script locally on the device and creates a scheduled task or “Run” registry key to that runs the locally stored PowerShell file on logon. Perhaps something I’ll look into another day!
A big thanks for writing this script! It works seamlessly while running the script locally on the machine, but installation fails while deploying via Intune. I followed exact same steps mentioned in the blog. Can you tell me where can i find the logs or how to troubleshoot this issue.
I’m not sure why it doesn’t run when you deploy it from Intune. Can you verify that the ‘IntuneSignatureManagerForOutlook-log.txt’ file is created in the %temp% folder for the user? If so, I would probably add more debug lines to the install.ps1 file to check where things went wrong.
Absolutely amazing work! About to deploy this to 1000 users next week. Any ideas how to get it to re run only when a users attributes are changed or updated? Would rather it not reinstall or re run unless required?
Thanks for this
Thanks for your comment. Currently re-run is not supported. The signatures will only re-install if they are missing / removed.
Hi Great Script , Thankyou. When I tried in my enviroment I was getting Access to Cloud File denied and wondered if it was to do with onedrive redirection so changed the -Scope CurrentUser to -Scope Allusers to install to programfiles and works
If you are able to install to Program Files you might be running the application in System context, instead of User context. You may experience problems if a device is shared amongst users when installing to Program Files.
I get the following error messages in the log.
Failed to get AAD token
What is the cause of the failure? I don’t use any proxy.
Ran into a few issues with this not installing automatically requiring manual intervention – resolved by adding “Install-PackageProvider -Name NuGet -RequiredVersion 18.104.22.168 -Scope CurrentUser -Force” to install.ps1
Thanks, appreciate your comment. I’ve updated the script on GitHub. This is probably related to the issues some users reported.
you need to encode the text for HTML, see https://stackoverflow.com/questions/10082217/what-is-the-best-way-to-escape-html-specific-characters-in-a-string-powershell
Is it not possible to add an option so that it is possible to get the user’s profile picture into the signature?
I have tried to update your \source\install.ps1 with the option below – but I do not get the users thumbnail photo into the signature, its just blank (and the thumbnailPhoto is present in azure ad)
This is what I have added to the install.ps1 file:
$signatureFileContent = $signatureFileContent -replace “%thumbnailPhoto%”, $userObject.thumbnailPhoto
I have also added the %thumbnailPhoto% varable to the .RTF document.
Can it be done? and if it can how do I add the profile picture to the script.
this is really wonderfull.
But i can’t set it as Default signature. can you help me with that?
I got around this by adding the following to the powershell script – note this will prevent users from editing their signature Set-ItemProperty -Path “HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings” -Name “NewSignature” -Type “STRING” -Value “(ADD SIGNATURE NAME HERE)”
Set-ItemProperty -Path “HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings” -Name “ReplySignature” -Type “STRING” -Value “(ADD SIGNATURE NAME HERE)”
is it possible to integrate a hyperlink for the users?
havent been able to set it up.
We’re having an interesting issue over the last few weeks with missing images, interestingly doesn’t happen when running the install script manually only when applied through Intune – anyone else having this issue? Happening across multiple tenants
I have the same issue. Were you able to sort out the pictures?