Microsoft Intune Advanced Endpoint Analytics - Notepad++ Use Case

Written By Steve Walsh

Notepad++ User Case

Scenario:  A small company has learned through the news that there is a critical vulnerability with an outdated version of Notepad++ (pick your favorite app to patch).  Due to the fact that most folks who use the app are developers, management is concerned about negatively impacting their engineering community and losing productivity data.

The company does not have a packaging team, tools, nor other resources needed but they are trialing Microsoft Intune Suite and want to integrate with their ITSM tool of choice to record automation, enhance their CMDB, etc.

Intune Suite Solution - Advanced Endpoint Analytics

Using Windows Presentation Framework, it is easy to generate a simple dialog box to ask the customer if they would like to proceed with a custom and specific piece of PowerShell code that will impact them negatively if executed immediately.

This proves useful in cases where the remediation requires to close software or restart the computer. If we combine this capability with Winget to upgrade Notepad++ we can work on the case exposed.

As it is needed to interact with the user, let’s create a new Proactive Remediation with scope of “Run this script using the logged-on credentials”:

The detection script will use the Winget upgrade tool silently and parse using a regex, comparing the current installed version to the latest available, and if its greater, then it will “Exit 1” so the remediation script can trigger.

The Remediation script will prompt the user if they would like to upgrade the software, and with public or custom code, it is extremely easy to generate a custom message box and script the result of what the user selected. Once the user clicks “Yes” another window pops up informing that the software will be upgraded and the process then begins using the Winget upgrade Notepad++ command line:

After this process has been completed, we can integrate with your ITSM tool of choice (or in our case we used ServiceNow) by doing something similar to what was explained in the last article, as the same PowerShell script can be used the logic is now built-in ServiceNow Alert Management tools. In this case, these are the scenarios:

-        If the user does not have an outdated version of the software, it will report “Without issues”

-        If the upgrade is necessary and the user clicks on “Yes”, the upgrade process will begin and if it's successful, it will be marked as “Issue Fixed” on the Remediation status column

-        If the previous scenario takes place but the upgrade fails, “With Issues” will appear on the Remediation status column

-        If a user answers “No” to the prompt, it will also be displayed as “With Issues”

For Case 1, no action is needed, so in our logic we should do nothing with that information.

On Case 2, a ticket will be created and auto resolved for reporting purposes, as we already have some alert management rules in place

On Case 3 and 4, we want to open an incident assigned to the local field services team so they can either find a time that works for the customer for further troubleshooting:

Conclusion

 

Thoughts?  Please comment below!

Steve Walsh https://www.aylaconsultingllc.com
Previous

Is Now the Right Time to Invest in Digital Employee Experience?
Next

Microsoft Intune Advanced Endpoint Analytics - In Depth Review w/ServiceNow Integration