Demo
Log In
Support

PATCH MY PC DOCS

Knowledge Base

We’re here to help if needed

Catalog Releases
Open Support Case

Scan Microsoft Intune for Supported Third-Party Products for Patching

The Patch My PC Publisher can scan Microsoft Intune inventory to detect products that are supported for Win32 application creation. You can auto-enable products detected.

This article discusses the Intune scanning feature. This article includes what features are available and existing limitations. The ability to scan Intune for products that are supported by Patch My PC is actively under development and will continue to change.

Topics covered in this article:

Current Features

The intent with this feature was to provide some parity to our Configuration Manager scan feature shown here. The Configuration Manager database contains a monumental amount of data allowing us to provide a good representation of what our product can patch in your environment.

The Intune scanning UI can be seen below.

Scan Intune Utility

     

    Intune Connection:

    • This Intune Connection will share the configuration of the other Intune based features in the product. The configuration for API permissions can be found here.

    More InfoThere are additional permissions required with this feature beyond what is required for creating applications. Please review the article to ensure your permissions are configured correctly.

    Auto Publishing Rules:

    • If this feature is enabled (checkbox in a checked stated) the Intune scanning will occur every time a Publisher synchronization occurs. Based on the results of the scan Win32 Intune Applications, or Intune Updates will be published to Intune if the count threshold is met.
      • The number specified will act as a threshold. When the scan is performed, any software found on at least that number of devices will be automatically selected to be published as an Intune application.
        • ie. The threshold set to 30, Zoom Meetings found on 55 devices, Zoom Meetings will be automatically selected for publishing

    More InfoIf you have Manage assignments configured at the “All Products” or vendor level, and a product becomes enabled via auto-publishing rules, the newly enabled product will not inherit the assignments. This is by design to prevent customers experiencing an Intune policy size limit issue.

    Filter:

    • The table of data can be filtered based on four fields
      • Product
      • Vendor
      • Count greater than…
      • Already enabled
        • The radio buttons to the right of the filters provide the ability to include, or exclude products which are already enabled as Win32 Intune Applications
    • The filter is cosmetic only, it does not affect the scans or the Export to CSV feature

    Export to CSV

    • The data table can be exported out to a CSV file. This can be useful to pass to management or your cybersecurity team. Keep in mind the filters do not apply to the resulting CSV file.

    Click OK

      • Intune Connection will be saved to your settings
      • Auto-publishing rules will be saved to your settings
        • Auto-publishing will occur during the next Publisher synchronization.
      • Changes in product selection in the data table will be saved to your settings.
        • Newly selected applications will be published during the next Publisher synchronization.

    Limitation

    This feature retrieves data directly from Intune’s Discovered Apps report, with the primary limitation relating to the scan wizard’s results based on inventoried applications.

    Intune inventories applications installed on a device, which are viewable in the Discovered Apps report. The Intune Management Extension service collects inventory data for EXE, MSI, and user-installed software, as displayed in Add or Remove Programs, Apps and Features, or Installed Apps. This data is sourced from the Win32_InstalledWin32Program WMI class.

    However, you may encounter multiple entries for the same software in the scan wizard report. This occurs because the Discovered Apps report cannot differentiate between certain variants of the same application due to the limited properties available for each installed app. To ensure accuracy, we present all matching options.

    For example, 7-Zip x86 and 7-Zip x64 are indistinguishable in the Discovered Apps report. Consequently, both options are displayed in the Publisher’s report.

    In summary, because Discovered Apps relies on the application name, publisher, and version from the Discovered Report, it cannot distinguish between different architectures or installer types for software variants.