How to fix: Office 365 Autopilot – Error 640 StorageError

The Error

Internal error
ERROR CODE:
640 - StorageError
CSV LINE NUMBERS AFFECTED:
x
Office 365 Autopilot - Error 640 StorageError
Office 365 Autopilot – Error 640 StorageError

Usually it means the Office 365 has the device detail in the system.

Which means you have added the device to Office 365/Azure Active Directory (AAD) beforehand.

Even after you have removed the device from AAD from device settings.

The same error will appear if you try to import CSV again.

The Fix

Method 1: We can try add the device back to the AAD, then delete the device from Office 365/AAD not on the device.

Method 2: We can try to delete remove the device from Office 365/AAD from the device (not Office 365/AAD) then wait till next day or 24 hours, then try to import the CSV again.

How to: Enable/Disable Windows Hello / Windows Hello for Business via Group Policy, Registry, Command Prompt (CMD)

This guide is suitable for both domain joined/Intune Managed and non-domain joined/non-Intune Managed Windows 10.


Table of contents


If you are not sure which kind of Windows 10 you are using, jump to Section 2

1 For Domain Joined / Intune Managed Windows 10

If configuring with domain joined/Intune managed Windows 10, sometimes we want to give the user option to use the Windows Hello or not. Then follow this guide first “Windows 10 Sign-in options and Windows Hello Set up button greyed out After Joined AAD (Azure Active Directory)” After we have done with the above guide (The above guide modify the Windows Hello for Business organisation wide for future enrol Windows 10), next time we have new Windows 10 enrolled to the AAD, the system will request us to setup PIN/Windows Hello or Windows Hello for Business on enrolment but sometimes we don’t want to setup Windows Hello / Windows Hello for Business for some devices. We can follow Section 2 to enable and disable Windows Hello for Business individually.

2 For domain joined/ Intune Managed, non-domain joined/non-Intune managed and all other average users of Windows 10

2.1 Enable and Disable Windows Hello for Business via Group Policy

GUI

2.1.1 Use Win + R to lunch “RUN” window

Microsoft Windows - Run window
Microsoft Windows – Run window

2.1.2 Type gpedit.msc then hit Enter key to open Local Group Policy Editor

Windows 10 Local Group Policy Editor
Windows 10 Local Group Policy Editor

2.1.3 Navigate to “Computer Configuration” -> “Administrative Templates” -> “Windows Components” -> “Windows Hello for Business”

"Computer Configuration" -> "Administrative Templates" -> "Windows Components"
“Computer Configuration” -> “Administrative Templates” -> “Windows Components”
-> "Windows Hello for Business"
-> “Windows Hello for Business”

2.1.4 Double click on “Use Windows Hello for Business”

Double click on "Use Windows Hello for Business"
Double click on “Use Windows Hello for Business”

2.1.5 From the pop-up window, we can Enable or Disable Windows Hello for Business, also Enable or Disable “Do not start Windows Hello provisioning after sign-in”

Enable or Disable Windows Hello for Business
Enable or Disable Windows Hello for Business

To Enable Windows 10 to ask users to setup Windows Hello for Business right after login, we can leave the “Do not start Windows Hello provisioning after sign-in” option unchecked. (Useful for pre-configuration, then deliver to the end user, a form of forcing the end user to setup the Windows Hello for Business, If you have Multi-factor authentication (MFA) configured, it might ask them to configure MFA first before configuring Windows Hello for Business.)

To disable Windows 10 to ask users to setup Windows Hello for Business right after login, we need check the “Do not start Windows Hello provisioning after sign-in” option.

2.2 Enable and Disable Windows Hello for Business via Registry

2.2.1 Follow Step 2.1.1 to 2.1.2, Instead typing “gpedit.msc” we replace it with “regedit”

Windows 10 Registry Editor
Windows 10 Registry Editor

2.2.2 Navigate to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork”

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork

2.2.2.1 (If “PassportForWork” Key does not exist, create it manually) Right click on “Microsoft” -> Select “New” -> “Key” -> Name it “PassportForWork”

Create PassportForWork key
Create PassportForWork key

2.2.3 We need to create two Values “Enabled” and “DisablePostLogonProvisioning” Right click on right panel, Select “New” -> “DWORD (32-bit) Value”

Enabled value: 0 = Disabled, 1 = Enabled

DisablePostLogonProvisioning value: 0 = Disabled, 1 = Enabled

Create "Enabled" and "DisablePostLogonProvisioning" DWORD
Create “Enabled” and “DisablePostLogonProvisioning” DWORD

(To change it to “Not Configured”, we can just delete the “PassportForWork” Key)

.reg file

Save following as “filename.reg” file then double click and import will have same effect

  • Enable “Windows Hello for Business” and “Start Windows Hello provisioning after sign-in”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000001
"DisablePostLogonProvisioning"=dword:00000000

  • Enable “Windows Hello for Business” but “Do not start Windows Hello provisioning after sign-in”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000001
"DisablePostLogonProvisioning"=dword:00000001

  • Disable “Windows Hello for Business”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000000
"DisablePostLogonProvisioning"=dword:00000000

  • Change back to “Not Configured” (Remove “PassportForWork” Key)
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]

2.3 Command Prompt (CMD), .bat, .cmd

Save following as “filename.bat” or “filename.cmd” file then double click or entry following commands directly in Command Prompt window (Admin) to make the changes

  • Enable “Windows Hello for Business” and “Start Windows Hello provisioning after sign-in”
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 0 /f

  • Enable “Windows Hello for Business” but “Do not start Windows Hello provisioning after sign-in”
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 1 /f 

  • Disable “Windows Hello for Business”
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 0 /f  

  • Change back to “Not Configured” (Remove “PassportForWork” Key)
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /f

How to: Hide/Show Office 365 group from GAL and other address lists using PowerShell

1 Login to Office 365 via PowerShell by following this guide: How to: Connect PowerShell to Office 365 Exchange with Multi-factor authentication (MFA) enabled

2 Use following PowerShell command to hide Office 365 group.

Set-UnifiedGroup -identity "Group Name" -HiddenFromExchangeClientsEnabled:$true

To show Office 365 group in GAL and other address lists use the following command

Set-UnifiedGroup -identity "Group Name" -HiddenFromExchangeClientsEnabled:$false

(The default value is $false, which means show in GAL and other address lists)

Extended Reading

Set-UnifiedGroup