docs(customization): document AppX removal

docs/configure/customization.md

@@ -1,6 +1,6 @@
 ---
 title: Customization
-description: Configure machine naming and Windows OOBE behavior in Foundry OSD for Foundry Deploy.
+description: Configure machine naming, Windows OOBE behavior, and provisioned AppX removal in Foundry OSD for Foundry Deploy.
 ---
 
 # Customization
@@ -51,10 +51,34 @@ Use OOBE customization when deployment media should produce the same first-run p
 Capture the Customization page with the Windows OOBE controls expanded.
 :::
 
+## Provisioned AppX removal
+
+Foundry OSD can stage removal of selected Windows 11 provisioned AppX packages before OOBE. This affects packages provisioned for new users; it does not run per-user AppX removal.
+
+Available controls include:
+
+- Enable or disable AppX removal.
+- Select all packages.
+- Remove all package selections.
+- Select one or more profiles from the AppX categories.
+- Manually select packages grouped by category.
+
+Profiles are based on the package categories shown in the control. Selecting multiple profiles applies the union of their package lists. Clearing a profile clears that category's package checkboxes. The profile selector shows a category when one complete profile is selected, a profile count when multiple complete profiles are selected, `Custom` when the package selection is mixed or partial, and `None` when no packages are selected. Selecting `Remove all` clears every package and returns the profile state to `None`.
+
+:::caution[Review native utilities before removing them]
+Some AppX packages are Windows inbox tools such as Calculator, Notepad, Photos, Paint, Snipping Tool, Terminal, and Quick Assist. Remove native utilities only when the deployment standard intentionally excludes them.
+:::
+
+:::info[Screenshot placeholder]
+Capture the Customization page with the provisioned AppX removal controls expanded.
+:::
+
 ## Runtime impact
 
 Machine naming affects the Foundry Deploy wizard. OOBE customization is applied to the offline Windows installation during deployment by writing unattend and policy values.
 
+Provisioned AppX removal is staged as a pre-OOBE PowerShell script. Foundry Deploy writes the selected package list into `Windows\Temp\Foundry\PreOobe\Data\Remove-AppX.packages.json`, and Windows executes the script through `SetupComplete.cmd` before user profiles are created.
+
 Staging this behavior from Foundry OSD makes the live deployment path faster and more consistent.
 
 ## Recommended approach
@@ -64,6 +88,8 @@ Staging this behavior from Foundry OSD makes the live deployment path faster and
 - Allow manual suffix editing only when local exceptions are expected.
 - Enable OOBE customization when you want a consistent privacy and license-term baseline.
 - Keep optional privacy features disabled unless the deployment policy requires them.
+- Start AppX removal with one or more category profiles, then use `Custom` only when the deployment standard needs a mixed or partial package set.
+- Avoid selecting every native utility unless the image is intentionally locked down.
 
 ## Next step
 

docs/configure/expert-mode.md

@@ -21,7 +21,7 @@ Create media with the standard workflow first unless the deployment environment
 | Network | Wired 802.1X and Wi-Fi settings for Foundry Connect |
 | Localization | Visible languages, default language, and time zone |
 | Autopilot | Imported or downloaded Autopilot profiles and the default profile |
-| Customization | Machine naming rules and Windows OOBE defaults used later in Foundry Deploy |
+| Customization | Machine naming rules, Windows OOBE defaults, and provisioned AppX removal used later in Foundry Deploy |
 
 :::info[Screenshot placeholder]
 Capture the expert-mode shell with all section tabs visible.
@@ -45,6 +45,7 @@ Export deploy configuration when the WinPE deployment session should start with
 - Autopilot
 - Machine naming
 - Windows OOBE defaults
+- Provisioned AppX removal
 
 :::info[Screenshot placeholder]
 Capture the import and export actions, including the deploy configuration export action.
@@ -55,4 +56,4 @@ Capture the import and export actions, including the deploy configuration export
 - Open [Network Configuration](./network) for wired and Wi-Fi settings.
 - Open [Localization](./localization) for language and time zone behavior.
 - Open [Autopilot](./autopilot) for profile handling.
-- Open [Customization](./customization) for machine naming and Windows OOBE behavior.
+- Open [Customization](./customization) for machine naming, Windows OOBE behavior, and provisioned AppX removal.

docs/deploy/deployment-flow.md

@@ -115,7 +115,7 @@ During execution, Foundry Deploy shows:
 - Current step progress
 - Step counter
 
-The deployment pipeline runs ordered steps for validation, cache resolution, disk layout, operating system download and apply, computer naming, OOBE defaults, recovery configuration, drivers, firmware, Autopilot staging, and final logs. Download steps can be skipped when the required content is already available in cache.
+The deployment pipeline runs ordered steps for validation, cache resolution, disk layout, operating system download and apply, computer naming, OOBE defaults, recovery configuration, pre-OOBE customization staging, drivers, firmware, Autopilot staging, and final logs. Download steps can be skipped when the required content is already available in cache.
 
 ![Foundry Deploy target validation progress](/img/docs/foundry-deploy/progress-validate-target.png)
 

docs/reference/telemetry.md

@@ -72,6 +72,9 @@ Media creation properties include:
 - `customization_oobe_online_speech_recognition_enabled`: whether online speech recognition is allowed.
 - `customization_oobe_inking_typing_diagnostics_enabled`: whether inking and typing diagnostics are allowed.
 - `customization_oobe_location_access`: `user_controlled` or `force_off`.
+- `customization_appx_removal_enabled`: whether provisioned AppX removal is enabled with at least one selected package.
+- `customization_appx_removal_package_count`: number of selected provisioned AppX packages.
+- `customization_appx_removal_profile`: `none`, `custom`, `multiple`, or the selected category profile token.
 - `localization_any_enabled`: whether any Localization page setting is configured.
 - `localization_visible_languages_count`: number of visible deployment languages selected.
 - `localization_default_language_configured`: whether a default deployment language is configured.
@@ -138,6 +141,7 @@ Telemetry does not collect:
 
 - User names, domain names, email addresses, computer names, IP addresses, or Wi-Fi SSIDs.
 - Machine naming prefixes or generated computer names.
+- Provisioned AppX package names.
 - Disk numbers, disk names, serial numbers, file paths, URLs, file names, hashes, passwords, secrets, tokens, or passphrases.
 - Localization values such as selected language codes, default language codes, or Windows time-zone identifiers.
 - Network values such as SSIDs, passphrases, certificate paths, profile paths, profile contents, probe URLs, gateway details, adapter names, or Wi-Fi signal strength.

docs/technical/post-winpe-handoff.md

@@ -35,13 +35,33 @@ The pre-OOBE runner model keeps `SetupComplete.cmd` small. `SetupComplete.cmd` l
 
 `Windows\Temp\Foundry\PreOobe`
 
+Generated data files used by the runner are staged under:
+
+`Windows\Temp\Foundry\PreOobe\Data`
+
 The runner executes enabled PowerShell scripts in deterministic order:
 
 1. Script priority
 2. Script id
 
 Driver provisioning is priority `100` and runs before customization scripts. Customization scripts are registered only when the corresponding Foundry OSD or Foundry Deploy configuration enables them.
 
+Provisioned AppX removal is a customization script. It runs before OOBE and uses online provisioned package removal so new user profiles are created without the selected packages. Foundry stages only supported provisioned package identifiers, such as `Microsoft.BingWeather`, in `Data\Remove-AppX.packages.json`; the script skips packages that are not provisioned in the applied image.
+
+Foundry writes a launcher log at:
+
+`Windows\Temp\Foundry\Logs\PreOobe\SetupComplete.log`
+
+If the launcher starts successfully, each PowerShell script also writes its own transcript under the same folder, for example:
+
+`Windows\Temp\Foundry\Logs\PreOobe\Remove-AppX.transcript.log`
+
+If no Foundry pre-OOBE logs exist after first boot, check Windows setup logging under:
+
+`Windows\Panther\UnattendGC\Setupact.log`
+
+[Microsoft documents](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup?view=windows-11) that `SetupComplete.cmd` is disabled when an OEM product key is used, except on Enterprise editions and Windows Server operating systems. In that case, Windows setup logs that it skipped `SetupComplete.cmd`.
+
 ## Deferred driver provisioning
 
 Most driver packs are applied offline with DISM. Some packages, such as selected executable or MSI packages, must run after Windows boots. In those cases, Foundry stages the package under:
@@ -50,6 +70,8 @@ Most driver packs are applied offline with DISM. Some packages, such as selected
 
 The pre-OOBE runner then invokes the driver PowerShell script during first boot.
 
+When deferred driver provisioning and AppX removal are both enabled, Foundry stages one shared pre-OOBE runner. Driver provisioning runs first, AppX removal runs in the customization bucket, and cleanup runs last.
+
 ## Operational artifacts
 
 Foundry stores logs, deployment summaries, staged packages, and pre-OOBE manifests under: