Update: Microsoft have now documented a configuration item here, which you can add to an unattend file to preset the registry key mentioned in the article.

After mastering a new Windows 11 Enterprise image, and starting to test deployments, it wasn’t long before I observed some perplexing behaviour.

Despite there being no AppX package for the new consumer Teams client in the image, my freshly deployed operating system seemed to have it installed.

This was highly undesirable, as my images already contained the Microsoft Teams client for work accounts, and when both clients were installed they were listed in the start menu with an identical name, the only differentiating factor being a minor difference in colours of the icon.

Upon further investigation, I noticed that the consumer Teams client would be deployed automatically by the operating system after a random period of time. Sometimes the deployment would happen a few minutes after the first login, at other times it would take several hours, or even days, before it appeared.

To make matters worse, these deployments seemingly ignored well known registry keys like HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent that prevent similar unwanted behaviour.

I poked around a bit with sysinternals tools and discovered that the App Readiness service seemed to be the culprit. It would periodically download an MSI that contained the AppX for the consumer Teams client and install it.

Eventually I concluded that Microsoft were so desperate to shovel this new client on their users for the Windows 11 release, that they had resorted to this reprehensible behaviour.

Fortunately, my colleague offered to take one for the team and engage Microsoft support. After a protracted correspondence, Microsoft were kind enough to provide an undocumented registry entry that purportedly resolved the issue:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications]
"ConfigureChatAutoInstall"=dword:00000000

Frustratingly, by default this registry key has ACLs that prevent Administrators from writing to it, but after adjusting the ACLs in my test machine, I was able to confirm the fix was working.

I promptly baked this into my image and tried to ignore the deeply unsettling feeling I had about the whole affair.