Share via

Intune Detection methods Groups

Matt Dillon 437 Reputation points
2022-05-03T15:57:40.48+00:00

In SCCM, I have the ability to use the parenthesis ( ) to group Detection Method rules. This is extremely helpful when the rules require an OR statement. For example, I deploy Cisco AnyConnect Secure Mobility, Umbrella + XML Files, ISE Posture, and the Start Before Logon modules through a detailed PowerShell script. I used a File Detection method for each app except for the Start before Login module. For that I grouped two registry options that would satisfy my deployment.

(Side note - I deploy a current version, but detect the current or newer as successful. Since there is not a file I can reference to show the version number (if there is - please share!), I use the reg entry at HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ for the Start Before Login Module which is different depending on the version installed. I do this because the version deployed sometimes gets auto updated when our engineers connect to other appliances set to auto update)

In any case, as I move towards Intune, I am not seeing a way to create a detection rule that uses the OR statement? Is this a possibility or is the answer to create a custom script to detect what I need?

Microsoft Security | Intune | Application management
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 54,201 Reputation points Microsoft External Staff
    2022-05-04T03:11:35.907+00:00

    @Matt Dillon , Thanks for posting in Q&A. From your description, it seems you want to detect the app as installed when one registry key is there or one file version met. If there's any misunderstanding, feel free to let us know.

    And you want to know if the custom script can accomplish this. Based on my experience, I would like to say yes. In fact, Intune agent checks the results from the script. It reads the values written by the script to the STDOUT stream, the standard error (STDERR) stream, and the exit code. If the script exits with a nonzero value, the script fails and the application detection status is not installed. If the exit code is zero and STDOUT has data, the application detection status is installed. We can see more details in the following link:
    https://learn.microsoft.com/en-us/mem/intune/apps/apps-win32-add#step-4-detection-rules

    So in our situation, we can set the script to exit with 0 when the registry is there or the related version of the file is there.

    Here is a link with one script example for your reference:
    https://www.techuisitive.com/post/intune-understanding-win32-app-detection-rules#viewer-97kh0
    Note: Non-microsoft link, just for the reference.

    Hope it can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.