Working with Scripts for detection rules with Win32app for Intune apps

by | Jul 28, 2023 | Intune, PowerShell | 0 comments

On this short post I want you how to create detection scripts for Win32application.

I’m writing that post, because for my previous post about Juniper Secure Connect has information about detection and I suggested to use MSI GUID without checking application version.

But there is a better idea for detection rules.

Scripts!

I love PowerShell language.

So we can create simple script for detection Juniper Secure Connect and I will give you some information – how those scripts should looks like and works.

Exit codes?!

First and the most important information for you is how to properly end script if detection was done properly (for example, requirements from registry was found). Just… write something on the console. For example:

Write-host "Application was detected, continuing... 
Exit 0

Nothing more.

If you want to inform Intune that detection wasn’t finished successfully – for example, registry keys are not exist… Do something like on below code: Just exit code, without any output information.

Exit 0

There are also another additional consideration what you can check:

Write-host "Application wasn't detected"
Exit 1

Or…

Exit 23

For the last three codes – the process of installation of application will be not continued, because detection wasn’t performed properly.

And to be clear – if you want to proceed with installation, you should use:

Write-host "Application was detected, continuing... 
Exit 0

Live example for Juniper Secure Connect.

So if we want to check registry value for required version we can use that script:

$versionKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE373804-E6A1-4CF6-AFA7-6D76F403C1DF}"
$value = "DisplayVersion"
$requiredVersion = "22.4.12.20.48591"

try
{
    $installedVersion = Get-ItemPropertyValue -Path $versionKey -Name $value

}
catch
{
    write-host "Value or path is not exist"
    exit 1
}

if ($installedVersion -ge $requiredVersion)
{
    write-host "Application is installed in proper version"
    exit 0
}
else
{
    write-host "Installed version is lower that required"
    exit 1
}

On this code, script is checking what version of application is installed. If is installed in proper version, is throwing write-host and exit 0.

If is not installed – throwing write-host and exit 1.

And if is installed on lower version that required – throwing write-host and exit 1.

And….?

It’s everything. Now you know how to work with detection rules for Win32apps 🙂

Jakub Piesik

Jakub Piesik

Microsoft 365 Consultant

I’m writing not only about Intune and Windows 365. I’m writing about everything what I leared previously and want to share with you!

#security #microsoft365 #intune #windows365 #powershell #automation 🙂