Demystifying Intune Custom App Detection Scripts

I’m sure everyone reading this has deployed many applications within Intune using the win32 format and most likely used an MSI code or a file/registry detection method to monitor for a completed install (and why wouldn’t you, they work perfectly)

Sometimes however, you might come across an application which is more tricky to detect, or you want to look for two things before you’re confident it’s installed ok. This is where a custom detection script comes into play.

As with my previous post on Proactive Remediations, Intune is looking for specific outputs for the script to return a success code.

In this case, it is looking for BOTH an exit with a 0 code and output on STDOUT. For those of you rapidly opening a new tab to google STDOUT, basically, it needs output of some sort, a simple:

write-output "hello world"
exit 0

Will work fine, so that is what we need the script to return at the end in order for it to be marked as successful.

Passing an exit code 1 or even an exit 0 without any output will flag as an install failure.

Now for some examples:

A basic file check (in case you’re feeling scripty)

$File = "C:\windows\system32\notepad.exe"
if ($file) {
    write-output "Notepad detected, exiting"
    exit 0
}
else {
    exit 1
}

A registry key (checking both it exists and the value is correct, good for versioning)

$Path = "HKLM:\SOFTWARE\7-Zip"
$Name = "Path"
$Type = "STRING"
$Value = "C:\Program Files\7-Zip\"

Try {
    $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
    If ($Registry -eq $Value){
        Write-Output "Detected"
       Exit 0
    } 
    Exit 1
} 
Catch {
    Exit 1
}

Now for the ones it can’t do out of the box!

Check if a service exists

$service = get-service -name "MozillaMaintenance"
if ($service) {
    write-output "MozillaMaintenance detected, exiting"
    exit 0
}
else {
    exit 1
}

Service exists and is running:

$service = get-service -name "MozillaMaintenance"
if ($service.Status -eq "Running") {
    write-output "MozillaMaintenance detected and running, exiting"
    exit 0
}
else {
   exit 1
}

Both file and service exist

$File = "C:\windows\system32\notepad.exe"
$service = get-service -name "MozillaMaintenance"
if (($service) -and ($file)) {
    write-output "MozillaMaintenance and Notepad detected, exiting"
    exit 0
}
else {
    exit 1
}

File is of a certain version

$fileversion = (Get-Command C:\Windows\System32\notepad.exe).Version
$build = 19041
$detectedbuild = $fileversion.Build
if ($detectedbuild -eq $build) {
    write-output "Detected"
    exit 0
}
else {
    exit 1
}

Or even the file was last modified today

$filedate = (Get-Item C:\Windows\System32\notepad.exe).LastWriteTime
if ($filedate -gt (Get-Date).AddDays(-1)) {
    write-output "Detected"
    exit 0
}
else {
    exit 1
}

I hope that makes them easier to understand! Happy scripting…

Posted in Intune