Messages

Thank you for your insight.
Did it behave as I suspected in that each instance would have its own separate set of applications published to Intune?

Or did both instances recognise and attempt to enforce their own configs to the same published applications?
Resulting in your above commentary regarding customising the same settings to avoid conflicts?

Thanks for the response.

By "manually deploy" does that mean going into Intune and filling in the assignments manually to the existing (but empty assignment) non-CVE published apps?

The reason I was thinking of dual instances of the publisher was that doing so I would think it would enable me to fully automate one instance for CVE dynamic assignments only.

Then use the other for my monthly manual sync process and let this instance manage the assignments as they are currently.

I would assume this would duplicate packages in Intune for sure... But the end objective would be to get CVE patches out on an accelerated timeframe and not wait for the monthly process.

Hi All!

I understand that dynamic assignments exist and can be leveraged to target certain groups based on defined rules.
What I am hoping to do though is automatically deploy updates only if a CVE is present.

So I could turn on the daily sync schedule but that it will only actually assign the new updates if a CVE exists.
Otherwise it will either not publish at all... Or will publish without any assignments.

I will then perform my standard monthly manual sync at which point outstanding non-CVE related patches will be published and assigned. My CIO does not want us fully automating it. Only approved for standard updates at the beginning of the month.

I have discussed this somewhat with support and have been informed that PMPC does not support this, or similar, workflows. But I am wondering if there is some creative use of existing functionality that I could cobble something together that may begin to approach the desired outcome?

Maybe something like running two instances of the publisher? One with my usual config that I manually run monthly... The other with zero standard assignments configured and only the dynamic CVE assignments. This second instance set to automatically sync daily.

Is this possible? How would the two instances interplay with each other? Would they recognise Intune apps published by each other?

Is it even possible to have dual instances even on separate machines?

Any other ideas?

I've looped into this situation via some rather loud CVE's on our Defender dashboard.
Though I am wondering if perhaps we are over thinking the problem?

Could we not just set the Exe version of VLC to supersede (With uninstall) the MSI version? Then target the exe to the same endpoints as the MSI?

I understand that PMPC doesn't have these options and would need to be done directly in Intune/SCCM.