Tech Community Live: Microsoft Intune
Oct 01 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Detection script changes run context when adding dependent Application

Brass Contributor

Hello fellow contributors, 

 

I've recently noticed the following behavior and I hope someone here will help me to understand if this is a bug or a feature 🙂

 

while I deploy an app in System context with PowerShell detection script, everything works as expected.

but the moment I add to said app a dependency of an app what configured to run in User context, the following happens:

  • dependent app deployed as expected in User context
  • targeted app Installs in System Context, as expected
  • targeted app detection script runs in User context

the same happens if I use application group.

 

The scenario, is for deploying Azure VPN Client along with Always on VPN profile (that have to run as System due to current limitations).

Currently I don't have logs on my hands, but if someone seen/heard of this behavior, event if this by design, please share 🙂

 

Thank in advance,

MM

2 Replies
Hi Michael,

Forgive me if I’m not understanding the question. What are you trying to achieve at the end? Pushing Azure VPN client with Always on Profile? If yes, here is a really good way to push Azure VPN and publish Always On VPN Config file using Intune.

https://www.joeyverlinden.com/p2s-azure-vpn-gateway-and-azure-vpn-client/

Hope this helps!
Moe

Hi @Moe_Kinani,

 

Thank you for your input! you're absolutely right, for Intune managed devices this is definitely the way to go.

but we use MECM, hence, there is a deferent procedure provided by Microsoft to deploy the VPN profile, and it has to run in System context. you can find more information in the following links.
Configure an Always-On VPN user tunnel - Azure VPN Gateway | Microsoft Docs

Configure Windows 10 Client Always On VPN Connections | Microsoft Docs

 

Although the suggestion is to use a Package, it lacks the ability to detect if a current working profile is already deployed and will disconnect active sessions. for that reason I've created a detection script and implemented the solution as an application.

 

The app, when deployed by itself, works perfectly, the issue starts when I add the Azure VPN Client app as a dependency, witch is a Store for Business app and deployed in User context.  and the issue affects only detection script, not the deployment itself, so you can say the the solution is working, but I cant really track the actual deployment result.

it's just I'm losing my mind because of the unexpected behavior.

 

Best regards,

Michael