Intune as your Email Signature Manager for Outlook

Intune as your Email Signature Manager for Outlook

Looking for a free and lightweight solution for Microsoft Intune to manage company e-mail signatures for Outlook? Look no further!


You manage Windows 10 devices that are:

  • Azure AD Joined;
  • Managed with Microsoft Intune;
  • Deployed with the Microsoft 365 Apps (Outlook)

Note: The app leverages the -AccountId parameter of the Connect-AzureAD cmdlet for Single Sign-On. Please note that this has only been tested on Azure AD Joined devices. It may or may not work on Hybrid Azure AD Joined devices.

On GitHub, I published the source for a Win32 app that can be wrapped with the Microsoft Win32 Content Prep Tool for Microsoft Intune. The application queries Azure Active Directory as the signed-in user, generates their signatures from a template included in the app, and then deploys them to the user’s Outlook signatures in %APPDATA%\Microsoft\Signatures.

Pros & Cons


  • Supports Single Sign-On. Signatures are seamlessly deployed to a user!
  • When managing devices with Microsoft Intune, no other (commercial) 3rd party tools required are required.
  • Free of charge!


  • Email signatures are only deployed to Outlook. Does not support Outlook on the Web and Mobile apps.
  • More complex to update an email signature template compared to 3rd party tools that offer a WYSIWYG (What you see is what you get) editor.

How does it work?

  1. Download the source files from
  2. Modify the email signature template files to your liking and include placeholder values. Supported placeholder values for the templates are listed below.

    An option to modify the templates is to temporarily put them in your %APPDATA%\Microsoft\Signatures folder, edit them from the Outlook Signatures editor and put them back in the source folder.

    Note: It is important that the actual values are available on the Azure AD user, either managed from Active Directory or directly in Office 365 / Azure AD. The placeholder values are replaced with the actual values configured on the user object.

    An example signature template is included, that looks like this:
  3. Package the source folder with the Microsoft Win32 Content Prep Tool, for example: IntuneWinAppUtil.exe -c '.\Source' -s '.\Source\install.ps1' -o '.\Package'
  4. Deploy the .intunewin app with Microsoft Intune to your users!

Supported placeholder values

  • %DisplayName%
  • %GivenName%
  • %Surname%
  • %Mail%
  • %Mobile%
  • %TelephoneNumber%
  • %JobTitle%
  • %Department%
  • %City%
  • %Country%
  • %StreetAddress%
  • %PostalCode%
  • %Country%
  • %State%
  • %PhysicalDeliveryOfficeName%

Deploying the Win32 app

Upload the .intunewin file you generated as a Win32 app in Microsoft Intune and use the install values below.

Install command

PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "install.ps1"

Uninstall command

PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "uninstall.ps1"

Install behavior


Detection rules

  • Manually configure detection rules


  • Rule type: File
  • Path: %APPDATA%\Microsoft\Signatures
  • File or folder: Default signature.htm
  • Detection method: File or folder exists

Note: You can change the signature’s display name in Outlook by changing the file names in the Source\Signatures folder. Make sure to translate the changes into the detection rules!


When the app is deployed to the user, the placeholder values in the template are replaced with the actual values on the user object and the signatures are saved in the user’s signatures folder.

33 thoughts on “Intune as your Email Signature Manager for Outlook

  1. i tried to deploy your signature but it wan´t install on the clients.

    If i deploy it by Hand (create folder c:Signatures an run the install.ps1) it will create the signature for the users

  2. I’m getting this error.

    “The unmonitored process is progress, however it may timeout 0x87D300C9”

    Going to at the logs in “(C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\”.

    Wondering if you have an idea of what the issue may be in the meantime.

  3. Hi John, this looks overall fantastic. But unfortunately it only works on my laptop and the laptop of my co-admin.
    The rest of my key users get an unspecific timeout (in the Intune install status view).
    The Intune Logs are no help as well.

    I’ve got the feeling that “-ExecutionPolicy Bypass” doesn’t work for some reason and the users devices cannot execute the script at all, whereas me and my co-admin are set to “Bypass” by default. I’ve set Install behaviour to USER and copied your install command.

    Do you have any idea what could prevent the script from running?

    Kind regards

    1. Hi Rob,

      I just ran this on a standard user’s device that has the execution policy set to “Restricted”. Deployment was successful. I’m not sure what causes the time-out. Perhaps any policies you’ve configured are blocking one of the cmdlets in the install.ps1 file? Would love to hear what causes this if you manage to figure it out.

      Best regards,


    2. Hi All,

      Just thought id give everyone a update on this one as i had the same issue
      The unmonitored process is in progress, however it may timeout. (0x87D300C9)

      it turns out the the script is excellent…however the process gets stuck on the AzureAD module install, After running the command to install the module manually on a few previous failed users and devices the NuGet Package manager is required to install the module if its not been done previously. This is where the script falls short and doesnt continue…normally when you run
      Install-Module -Name AzureAD -Scope CurrentUser -Force you get a prompt that requires attention.

      I haven’t worked on it any further yet but if you run a script on the users machine that installs the AzureAD module before Intune tries to install the signature it will work as intended.

      1. Hi Tory,

        Thanks, appreciate your comment. CLinton also noted this. The script has been updated on GitHub to install the NuGet Package Provider before installing the AzureAD PowerShell Module.

        Best regards,


    1. Hi Frankie,

      Thanks! Currently, it only runs once, until the user deletes or renames the signatures manually (this forces an update due to the detection rule).

      To run this on logon, logic needs to be added to the install.ps1 file, that stores the script locally on the device and creates a scheduled task or “Run” registry key to that runs the locally stored PowerShell file on logon. Perhaps something I’ll look into another day!

      Best regards,


  4. A big thanks for writing this script! It works seamlessly while running the script locally on the machine, but installation fails while deploying via Intune. I followed exact same steps mentioned in the blog. Can you tell me where can i find the logs or how to troubleshoot this issue.

    1. Hi Vibin,

      I’m not sure why it doesn’t run when you deploy it from Intune. Can you verify that the ‘IntuneSignatureManagerForOutlook-log.txt’ file is created in the %temp% folder for the user? If so, I would probably add more debug lines to the install.ps1 file to check where things went wrong.

      Best regards,


  5. Absolutely amazing work! About to deploy this to 1000 users next week. Any ideas how to get it to re run only when a users attributes are changed or updated? Would rather it not reinstall or re run unless required?

    Thanks for this

  6. Hi Great Script , Thankyou. When I tried in my enviroment I was getting Access to Cloud File denied and wondered if it was to do with onedrive redirection so changed the -Scope CurrentUser to -Scope Allusers to install to programfiles and works

    1. Hi Darren,

      If you are able to install to Program Files you might be running the application in System context, instead of User context. You may experience problems if a device is shared amongst users when installing to Program Files.

      Best regards,


  7. Hi,

    I get the following error messages in the log.



    Failed to get AAD token

    What is the cause of the failure? I don’t use any proxy.

    greeZ Rob

  8. Ran into a few issues with this not installing automatically requiring manual intervention – resolved by adding “Install-PackageProvider -Name NuGet -RequiredVersion -Scope CurrentUser -Force” to install.ps1

  9. Hi John
    Is it not possible to add an option so that it is possible to get the user’s profile picture into the signature?

    I have tried to update your \source\install.ps1 with the option below – but I do not get the users thumbnail photo into the signature, its just blank (and the thumbnailPhoto is present in azure ad)

    This is what I have added to the install.ps1 file:
    $signatureFileContent = $signatureFileContent -replace “%thumbnailPhoto%”, $userObject.thumbnailPhoto

    I have also added the %thumbnailPhoto% varable to the .RTF document.

    Can it be done? and if it can how do I add the profile picture to the script.

    1. I got around this by adding the following to the powershell script – note this will prevent users from editing their signature Set-ItemProperty -Path “HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings” -Name “NewSignature” -Type “STRING” -Value “(ADD SIGNATURE NAME HERE)”
      Set-ItemProperty -Path “HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\MailSettings” -Name “ReplySignature” -Type “STRING” -Value “(ADD SIGNATURE NAME HERE)”

  10. Hi John,

    is it possible to integrate a hyperlink for the users?
    havent been able to set it up.

    best regards
    Elson H.

  11. We’re having an interesting issue over the last few weeks with missing images, interestingly doesn’t happen when running the install script manually only when applied through Intune – anyone else having this issue? Happening across multiple tenants

Leave a Reply

Your email address will not be published. Required fields are marked *