Intune Custom Compliance Policy - Struggling
Any assistance or guidance on this is greatly appreciated. For over a week I struggled with a custom compliance policy that will do the following. - Search for a specific installed software and version and produce the following results: - Application is not installed - Compliance Status set to "Not Applicable" - Application is installed but is not the desired version. - Compliance status set to "Not Compliant" - Application is installed, meets the version requirements - Compliance status set to "Compliant" - Multiple versions of application exist, one of which meet the requirements. Compliance status set to "Not Compliant" If I run the discovery script on a local device and output the findings it is 100% successful, every time. However, when applying the policy in Intune not every works correctly. Here are both the JSNO file and discovery script. -------JSON------ { "Rules":[ { "SettingName":"ComplianceStatus", "Operator":"IsEquals", "DataType":"String", "Operand":"Compliant", "MoreInfoUrl":"https://example.com/compliance-info", "RemediationStrings":[ { "Language":"en_US", "Title":"SoftwareComplianceCheck", "Description":"Therequiredsoftwareversionisinstalledandcompliant." } ] }, { "SettingName":"ComplianceStatus", "Operator":"IsEquals", "DataType":"String", "Operand":"NonCompliant", "MoreInfoUrl":"https://example.com/compliance-info", "RemediationStrings":[ { "Language":"en_US", "Title":"SoftwareComplianceCheck", "Description":"Therequiredsoftwareversionisnotinstalledorisoutdated.Pleaseinstallorupdatetotherequiredversion." } ] }, { "SettingName":"ComplianceStatus", "Operator":"IsEquals", "DataType":"String", "Operand":"NotApplicable", "MoreInfoUrl":"https://example.com/compliance-info", "RemediationStrings":[ { "Language":"en_US", "Title":"SoftwareComplianceCheck", "Description":"Thesoftwareisnotapplicableforthisdevice." } ] } ] } ------- Discovery Script _------- $softwareName="AutodeskSingleSignOnComponent" $requiredVersion=[version]"13.7.7.1807" #Gettheinstalledsoftwareinformation $installedSoftware=Get-CimInstance-ClassNameWin32_Product|Where-Object{$_.Name-eq$softwareName} #Initializetheresulthash $result=@{ SoftwareInstalled=$false SoftwareVersion="0.0.0.0" ComplianceStatus="NotApplicable" } #Processeachinstanceifanyarefound if($installedSoftware){ $result.SoftwareInstalled=$true $isCompliant=$false $multipleCopies=($installedSoftware.Count-gt1) foreach($softwarein$installedSoftware){ $installedVersion=[version]$software.Version $result.SoftwareVersion=$installedVersion.ToString() if($installedVersion-ge$requiredVersion){ $isCompliant=$true } } #Determineoverallcompliancestatus if($multipleCopies){ $result.ComplianceStatus="NonCompliant" }else{ $result.ComplianceStatus=$isCompliant?"Compliant":"NonCompliant" } } #ReturntheresultasJSON $result|ConvertTo-Json-CompressCustom profile: hide known file extensions
Hi, i would like to configure our WIndows 10 clients so that they show all the file extensions. There is a GPO to configure this but i would like to configure this through MS Intune. Do you have any advice on how to achive this? (I already know how to use custom admx policies, how to ingest them, but i don't know how to configure this.) Is there a way to do this via OMA-URI or any other possibilities to set a registry value? (I don't like the powershell via intune way) Thank you in advance. 🙂 Kind regards Patrick
