Any assistance or guidance on this is greatly appreciated.
For over a week I struggled with a custom compliance policy that will do the following.
- Search for a specific installed software and version and produce the following results:
- Application is not installed - Compliance Status set to "Not Applicable"
- Application is installed but is not the desired version. - Compliance status set to "Not Compliant"
- Application is installed, meets the version requirements - Compliance status set to "Compliant"
- Multiple versions of application exist, one of which meet the requirements. Compliance status set to "Not Compliant"
If I run the discovery script on a local device and output the findings it is 100% successful, every time. However, when applying the policy in Intune not every works correctly.
Here are both the JSNO file and discovery script.
-------JSON------
{
"Rules": [
{
"SettingName": "ComplianceStatus",
"Operator": "IsEquals",
"DataType": "String",
"Operand": "Compliant",
"RemediationStrings": [
{
"Language": "en_US",
"Title": "Software Compliance Check",
"Description": "The required software version is installed and compliant."
}
]
},
{
"SettingName": "ComplianceStatus",
"Operator": "IsEquals",
"DataType": "String",
"Operand": "NonCompliant",
"RemediationStrings": [
{
"Language": "en_US",
"Title": "Software Compliance Check",
"Description": "The required software version is not installed or is outdated. Please install or update to the required version."
}
]
},
{
"SettingName": "ComplianceStatus",
"Operator": "IsEquals",
"DataType": "String",
"Operand": "NotApplicable",
"RemediationStrings": [
{
"Language": "en_US",
"Title": "Software Compliance Check",
"Description": "The software is not applicable for this device."
}
]
}
]
}
------- Discovery Script _-------
$softwareName = "Autodesk Single Sign On Component"
$requiredVersion = [version]"13.7.7.1807"
# Get the installed software information
$installedSoftware = Get-CimInstance -ClassName Win32_Product | Where-Object { $_.Name -eq $softwareName }
# Initialize the result hash
$result = @{
SoftwareInstalled = $false
SoftwareVersion = "0.0.0.0"
ComplianceStatus = "NotApplicable"
}
# Process each instance if any are found
if ($installedSoftware) {
$result.SoftwareInstalled = $true
$isCompliant = $false
$multipleCopies = ($installedSoftware.Count -gt 1)
foreach ($software in $installedSoftware) {
$installedVersion = [version]$software.Version
$result.SoftwareVersion = $installedVersion.ToString()
if ($installedVersion -ge $requiredVersion) {
$isCompliant = $true
}
}
# Determine overall compliance status
if ($multipleCopies) {
$result.ComplianceStatus = "NonCompliant"
} else {
$result.ComplianceStatus = $isCompliant ? "Compliant" : "NonCompliant"
}
}
# Return the result as JSON
$result | ConvertTo-Json -Compress