Close Menu
    Facebook X (Twitter) Instagram
    Sunday, May 18
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»Office 365»EMS»Application Deployment with Hybrid Joined Requirement Rules in Intune

    Application Deployment with Hybrid Joined Requirement Rules in Intune

    Eswar KonetiBy Eswar KonetiOctober 06, 8:59 pm3 Mins Read EMS 833 Views
    Share
    Facebook Twitter LinkedIn Reddit

    Requirement rules in Microsoft Intune offer a powerful way to manage application deployments . By ensuring that applications are installed only on devices that meet specific criteria, organizations can enhance security, improve user experience, and streamline IT processes.

    Limitations of Intune's GUI Requirement Rules

    Intune provides requirement rules through its GUI, but these options are somewhat limited to operating system and hardware checks. If you come from a SCCM/ConfigMgr background, you may be familiar with "global conditions," which allow you to reuse conditions across multiple applications. Unfortunately, Intune does not currently support this feature.

    Custom Scripts for Flexibility

    One of the unique aspects of Intune is the ability to create custom scripts for requirement rules specific to individual applications. These scripts determine whether a device satisfies the necessary conditions before allowing the application installation. If a device meets the defined criteria, the application is installed; otherwise, the installation is skipped.

    It's important to note that if you create multiple requirement rules through either script or the UI, they operate on an AND basis. If you need an OR operation, you must create a custom script to achieve that.

    Real-World Example: Hybrid Azure AD Joined Devices

    While working with a customer, we had a requirement to allow application installations on hybrid joined devices while excluding Azure AD joined devices. To fulfill this need, we can create a custom script to identify whether a device is hybrid joined.

    To determine the device state, we utilized the dsregcmd command. Here are some key parameters to check:

    • AzureADJoined
    • DomainJoined

    When both parameters return "YES," the device is classified as "Microsoft Entra hybrid joined."

    image

    Here’s a sample output of the dsregcmd /status command for reference:

    image

    And the output of the PowerShell script will look like this:

    image

    Implementing the Script in Intune Requirement Rules

    To use the script in Intune requirement rules, follow these steps:

    1. Edit Your Win32 Application: Navigate to the application you want to modify and go to the "Requirement Rules" section.image

    2. Add a Script: Click on "Add" and choose "Script."

      image

    3. Upload the Script: Download the script from GitHub repository, then upload or select it in Intune.

    4. Set the "Select output data type" to "String," operator to "Equals," and the value to "Yes"

      image

    5. Review and Save: After configuring the settings, click on "Review" and then "Save."

    6. image

    Now, Intune will validate whether the device state is hybrid joined before allowing the application installation. If the device is not hybrid joined, the application installation will be skipped, and the status will be updated accordingly.

    References

    • Troubleshoot devices by using the dsregcmd command
    • Intune requirement rules

    Application dsregcmd EMS Entra hybrid joined intune requirement rule win32
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Troubleshooting Windows Hello for Business PIN Reset Issues – Something went wrong

    March 06, 9:48 pm

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.