Intune Custom Compliance Policy – Struggling
Any assistance or guidance on this is greatly appreciated.
For over a week I struggled with a custom compliance policy that will do the following.
– Search for a specific installed software and version and produce the following results:
– Application is not installed – Compliance Status set to “Not Applicable”
– Application is installed but is not the desired version. – Compliance status set to “Not Compliant”
– Application is installed, meets the version requirements – Compliance status set to “Compliant”
– Multiple versions of application exist, one of which meet the requirements. Compliance status set to “Not Compliant”
If I run the discovery script on a local device and output the findings it is 100% successful, every time. However, when applying the policy in Intune not every works correctly.
Here are both the JSNO file and discovery script.
——-JSON——
Any assistance or guidance on this is greatly appreciated. For over a week I struggled with a custom compliance policy that will do the following.- Search for a specific installed software and version and produce the following results:- Application is not installed – Compliance Status set to “Not Applicable”- Application is installed but is not the desired version. – Compliance status set to “Not Compliant”- Application is installed, meets the version requirements – Compliance status set to “Compliant”- Multiple versions of application exist, one of which meet the requirements. Compliance status set to “Not Compliant”If I run the discovery script on a local device and output the findings it is 100% successful, every time. However, when applying the policy in Intune not every works correctly. Here are both the JSNO file and discovery script.——-JSON——{ “Rules”: [ { “SettingName”: “ComplianceStatus”, “Operator”: “IsEquals”, “DataType”: “String”, “Operand”: “Compliant”, “MoreInfoUrl”: “https://example.com/compliance-info”, “RemediationStrings”: [ { “Language”: “en_US”, “Title”: “Software Compliance Check”, “Description”: “The required software version is installed and compliant.” } ] }, { “SettingName”: “ComplianceStatus”, “Operator”: “IsEquals”, “DataType”: “String”, “Operand”: “NonCompliant”, “MoreInfoUrl”: “https://example.com/compliance-info”, “RemediationStrings”: [ { “Language”: “en_US”, “Title”: “Software Compliance Check”, “Description”: “The required software version is not installed or is outdated. Please install or update to the required version.” } ] }, { “SettingName”: “ComplianceStatus”, “Operator”: “IsEquals”, “DataType”: “String”, “Operand”: “NotApplicable”, “MoreInfoUrl”: “https://example.com/compliance-info”, “RemediationStrings”: [ { “Language”: “en_US”, “Title”: “Software Compliance Check”, “Description”: “The software is not applicable for this device.” } ] } ]} ——- Discovery Script _——-$softwareName = “Autodesk Single Sign On Component”$requiredVersion = [version]”13.7.7.1807″# Get the installed software information$installedSoftware = Get-CimInstance -ClassName Win32_Product | Where-Object { $_.Name -eq $softwareName }# Initialize the result hash$result = @{ SoftwareInstalled = $false SoftwareVersion = “0.0.0.0” ComplianceStatus = “NotApplicable”}# Process each instance if any are foundif ($installedSoftware) { $result.SoftwareInstalled = $true $isCompliant = $false $multipleCopies = ($installedSoftware.Count -gt 1) foreach ($software in $installedSoftware) { $installedVersion = [version]$software.Version $result.SoftwareVersion = $installedVersion.ToString() if ($installedVersion -ge $requiredVersion) { $isCompliant = $true } } # Determine overall compliance status if ($multipleCopies) { $result.ComplianceStatus = “NonCompliant” } else { $result.ComplianceStatus = $isCompliant ? “Compliant” : “NonCompliant” }}# Return the result as JSON$result | ConvertTo-Json -Compress Read More
