📚 Intune Windows Update Compliance Reporting Automation | Automating Intune Reports | Intune Patch Compliance Reports | Patching Report in Intune | Intune Reports and Dashboard Overview | Intune patching compliance report | Update rings Automate report In Intune 👉 In this video I will show you how to generate Intune Windows Patch Compliance and get email subscription.By implementing this simple and custom solution you can automate the process of monitoring patch compliance with the email subscription feature for the Intune Patch Compliance Dashboard and Reports. 🔔 Subscribe and hit the bell to get notified about my weekly videos th-cam.com/channels/gMvCTBB2bXSexzvQO4C8Cg.html 📚 Github Location for scripts github.com/ChanderManiPandey2022/Intune_Windows_Patching_Report_-_Email_Subscription.git ✅ Intune Report Automation Intune windows Patching automated Report using proactive remediation scripts th-cam.com/video/hAVgNvEAdKc/w-d-xo.html Windows Update for Business Reports(Wufb) Implementation Setup Guide th-cam.com/video/hAVgNvEAdKc/w-d-xo.html Windows Autopatch Implementation Setup Guide th-cam.com/video/It4wzhvMbH8/w-d-xo.html ✅ Intune Application Management Module Microsoft Intune - Module7.1 - Basics of Intune Win32 App Deployment | Deploy Intune Win32 Application th-cam.com/video/kWk7hXlWdPQ/w-d-xo.html Microsoft Intune -Module7.2- Basics of Intune Management Extension in Win32 Apps | Win32 App IME Log th-cam.com/video/rQrD17cQ2oc/w-d-xo.html Microsoft Intune -Module7.3- Intune Win32 App Client Side Deep Dive | Troubleshoot Intune Win32 Apps th-cam.com/video/tyDVBHPw5ww/w-d-xo.html ✅ Intune Patch Management Module Microsoft Intune - Module5.1- Intune Patch Management | Intune Update Ring & Feature Update | Basics th-cam.com/video/rqrlb4R1KMY/w-d-xo.html Microsoft Intune - Module5.2- Intune Update Rings for Windows 10 & 11 | Windows Update Ring Patching th-cam.com/video/hUtiZcddVpU/w-d-xo.html Microsoft Intune - Module5.3- Configure and Deploy Intune Feature updates for Windows 10 / 11 Policy th-cam.com/video/HazjPuS0wOM/w-d-xo.html Microsoft Intune - Module5.4- Configure and Expedite Windows Quality Updates ( OOB ) Policy In Intune th-cam.com/video/gFYs6GsKmgI/w-d-xo.html ✅ AutoPilot Module Microsoft Intune - Module3.1- Windows Autopilot Overview | What is Microsoft Autopilot | How It Work th-cam.com/video/56JUOodoimE/w-d-xo.html Microsoft Intune - Module3.2- Autopilot Device Registration & Generate | Import | Get Hardware Hash th-cam.com/video/O-CIfxF6a8A/w-d-xo.html Microsoft Intune - Module-3.3 - User Driven Azure AD Join Windows Autopilot | How to | Step by Step th-cam.com/video/Zt5MXnj2P98/w-d-xo.html ✅ Device Enrollment Module Microsoft Intune - Module 2.1- Intune Different Methods of Device Enrollment | Types of Enrollment th-cam.com/video/a2_kLESHF6I/w-d-xo.html Microsoft Intune - Module2.2- Intune Enrollment Methods for Windows Devices | Enroll Device In Intune th-cam.com/video/Snl5W61E_oo/w-d-xo.html Microsoft Intune - Module2.3 - Linux Management with Intune | Manage Ubuntu with Endpoint Manager th-cam.com/video/dVY50GYlblI/w-d-xo.html ✅ Endpoint Analytics Module th-cam.com/video/HJk2in-kWpg/w-d-xo.html Microsoft Intune - Module4.1- What Is Endpoint Analytics and How To Configure | Step By Step Process ✅ Intune Introduction Module Microsoft Intune - Module1.1- Intune Introduction | Explained | Overview | Benefits | Features th-cam.com/video/HZd0__Ca_qk/w-d-xo.html Microsoft Intune - Module1.2- Intune Deployment Scenarios | Intune project plan | Planning and Design th-cam.com/video/bk74ypeRQWA/w-d-xo.html Microsoft Intune - Module1.3- Intune Free Trial Lab Setup | Create Intune Tenant | Setup Intune Infra th-cam.com/video/Y4D6eVNXchY/w-d-xo.html Microsoft Intune - Module1.4 - Intune Console Overview | Intune First Look | Walk through | Explained th-cam.com/video/s3hZORX1k3Y/w-d-xo.html 🏷 Tags #ChanderManiPandey #Intune #intunetraining #microsoftintune #intuneguide #autopilot #mdm #intunetutorials #windows11 #microsoftintune #msintune #IntunePatching #patching #patchtuesday #windows10 #windows10update #windows11updates #windows11update #windows11upgrade #AutoPilot #WindowsAutopilot
Dear @Chander Man Pandey. Your vidoe awson and i would wanted to configure the same. Could you please confirm If i configuration Microsoft API's (Microsoft Graph) will it be any charge will apply?
Love your work. Very concise, detailed and easy to implement. I was up and running on the email report via Task Scheduler in no time. I have one question though. All 180+ of my Win10 machines show all fields as "manually check", but all my Win11 machines show all the correct data in the fields. Now, I did just today manually touch everyone of my policies, so all machines are still needing to check in. Is that possibly the problem? I did sync, reboot, log back in and sync again, on a Win10 machine but a new compliance report shows the same. Is my assumption right and just wait until all machines have had time to get the Device Restriction policy and send stats back in? Thanks again.
@@ChanderManiPandey Sure! The 185 devices showing manually check in all fields are either 10.0.19045.3448 (2 count) or 10.0.19045.3570 (183 count). Looking forward to your thoughts on it. Thanks
@@JohnGregLyoni had the same issue, there's a line in the script that uses akams/WindowsUpdateHistory which i'm guessing used to redirect to Win 10 Updates but now redirects to Win 11 updates. I don't know if there's a new akams shortcut but just google "windows 10 update history" for the correct url and replace the shortcut in the script
Yes, Looks like MS redirected Windows 10 URL (Could be temporary issue ) (aka.ms/WindowsUpdateHistory)🙄 I am working on it to find workaround to fix this.
Thankyou for such a informative video. I have a question, how can you identify the location of the intune autopilot devices, eg. if I want a report that in US & India, how many systems are built using autopilot, how can we fetch this report. I know its easy in SCCM like ad site and boundary or hostname but not in Intune.
We have in-build report for autopilot deployment for last 30 days. It difficult to find the device build in India or other location.If you are using Group tag or adding location in user attributes then you can try to create something close to your requirement. and I think extension attribute can be used to achieve this
I've found one of the best ways to identify these is to actually bind Azure Sign in logs to Log Analytics then use KQL queries to obtain this information
Hi Chander Mani hope you are doing well. Need your help, Microsoft released 23H2 on 31 Oct. Existing windows 11 patch list URL unable to download 23H2 patch list which is why 23H2 devices are going under manually checked . I tried with one of the url but it is downloading 23H2, 22631 build number only, however 22631 is not being downloaded.
Hi @@ChanderManiPandeyhave you got a chance to check it? I tried with one URL and it is giving only 23H2 22621 build details, and not downloading 23H2 22631 OS build.
Please check API permission and Microsoft.Graph.Intune module installed or not. Run this command in Powershell as an admin and install this module. Install-Module -Name Microsoft.Graph.Intune -Force
@@ChanderManiPandey Am also facing same issue, in my envt script was not able to download device .zip file from report. Tried another way to get download the .zip file and after downloading , unzip file . Copy to "C:\Temp\MicroSoftPatchList\LatestCumulativeUpdateList\PD_Dump" . Script worked well.
@@sunilpal7933 Please check API permission and Microsoft.Graph.Intune module installed or not. Run this command in Powershell as an admin and install this module. Install-Module -Name Microsoft.Graph.Intune -Force
I don't think so. I am able to create it without any issue. run this command in Powershell as an admin and then try again. Install-Module -Name Microsoft.Graph.Intune
Thanks for your prompt reply. I did as you suggested but still same . After this message "Export Job initiated for reports" only dots are running continuously.
Running dots meaning is trying to export the Intune dump and on completed dot ends and you are able to see the file name. If it's urgent you can follow my other video showing how you nam manually create this reports. Check latest video
Thanks a lot for your quick revert as always. Actually there was some issue in my tenant, the report was not fetching even manually. Later MS fixed it.
you can replace line no 91 with this line . Enjoy 'filter' = "(DeviceType eq '1') and (OwnerType eq '1')" What you are getting when running only this variable? $attachments
@@ChanderManiPandey thanks I will update it, the problem is I'm not getting any errors when using $attachments 😅 it just fails to send, I tried looking at event viewer but was unable to find any logs related to it, appreciate your help!!! 👍
@@ChanderManiPandey no the email is not sent at all and when I remove $attachment it works fine, no worries I will test further tomorrow but many thanks for your support 🙏🙏
thank you a lot for your fast respond, @@ChanderManiPandey , i did not get any erreur its just the mail is not send it, i think in the script we have to add the abilitye to login to our office 365 so the mail can be send it
sounds like Microsoft Store is blocked. If deviice is managed via gpo then check this location. "Turn off the Store application" and "Disable Store application" must be set to not configured Computer Configuration >Policies >Administrative Templates >Windows Components >Store | Turn off the Store application = not configured Computer Configuration >Policies >Administrative Templates >Windows Components >Store | Disable Store application = not configured
Dear Chander Mani, hope you are doing good. It seems there is some change in windows 10 update history API. Windows 10 API also redirects to windows 11 update history that is why windows 10 devices are going in to manually check status.
Attention, please Those who are using my custom PowerShell script to generate the "Intune Windows update patching compliance", please note that due to a change in the URL or non-working URL, all Windows 10 machines are showing a 'Manually check' status. Please find this line in the script: $URI = 'aka.ms/WindowsUpdateHistory'; and update it with this line: $URI = 'support.microsoft.com/en-us/help/4043454'; I will update all impacted scripts and update them on GitHub." please confirm if its working.
Sounds like not a script issue. Check two things 1) Application registered for this script is still exist with required api permission and secret is valid ( not expired) 2) ensure that microsoft Intune graph module is already installed. Let me know the the outcome.
📚 Intune Windows Update Compliance Reporting Automation | Automating Intune Reports | Intune Patch Compliance Reports | Patching Report in Intune | Intune Reports and Dashboard Overview | Intune patching compliance report | Update rings Automate report In Intune
👉 In this video I will show you how to generate Intune Windows Patch Compliance and get email subscription.By implementing this simple and custom solution you can automate the process of monitoring patch compliance with the email subscription feature for the Intune Patch Compliance Dashboard and Reports.
🔔 Subscribe and hit the bell to get notified about my weekly videos
th-cam.com/channels/gMvCTBB2bXSexzvQO4C8Cg.html
📚 Github Location for scripts
github.com/ChanderManiPandey2022/Intune_Windows_Patching_Report_-_Email_Subscription.git
✅ Intune Report Automation
Intune windows Patching automated Report using proactive remediation scripts
th-cam.com/video/hAVgNvEAdKc/w-d-xo.html
Windows Update for Business Reports(Wufb) Implementation Setup Guide
th-cam.com/video/hAVgNvEAdKc/w-d-xo.html
Windows Autopatch Implementation Setup Guide
th-cam.com/video/It4wzhvMbH8/w-d-xo.html
✅ Intune Application Management Module
Microsoft Intune - Module7.1 - Basics of Intune Win32 App Deployment | Deploy Intune Win32 Application
th-cam.com/video/kWk7hXlWdPQ/w-d-xo.html
Microsoft Intune -Module7.2- Basics of Intune Management Extension in Win32 Apps | Win32 App IME Log
th-cam.com/video/rQrD17cQ2oc/w-d-xo.html
Microsoft Intune -Module7.3- Intune Win32 App Client Side Deep Dive | Troubleshoot Intune Win32 Apps
th-cam.com/video/tyDVBHPw5ww/w-d-xo.html
✅ Intune Patch Management Module
Microsoft Intune - Module5.1- Intune Patch Management | Intune Update Ring & Feature Update | Basics
th-cam.com/video/rqrlb4R1KMY/w-d-xo.html
Microsoft Intune - Module5.2- Intune Update Rings for Windows 10 & 11 | Windows Update Ring Patching
th-cam.com/video/hUtiZcddVpU/w-d-xo.html
Microsoft Intune - Module5.3- Configure and Deploy Intune Feature updates for Windows 10 / 11 Policy
th-cam.com/video/HazjPuS0wOM/w-d-xo.html
Microsoft Intune - Module5.4- Configure and Expedite Windows Quality Updates ( OOB ) Policy In Intune
th-cam.com/video/gFYs6GsKmgI/w-d-xo.html
✅ AutoPilot Module
Microsoft Intune - Module3.1- Windows Autopilot Overview | What is Microsoft Autopilot | How It Work
th-cam.com/video/56JUOodoimE/w-d-xo.html
Microsoft Intune - Module3.2- Autopilot Device Registration & Generate | Import | Get Hardware Hash
th-cam.com/video/O-CIfxF6a8A/w-d-xo.html
Microsoft Intune - Module-3.3 - User Driven Azure AD Join Windows Autopilot | How to | Step by Step
th-cam.com/video/Zt5MXnj2P98/w-d-xo.html
✅ Device Enrollment Module
Microsoft Intune - Module 2.1- Intune Different Methods of Device Enrollment | Types of Enrollment
th-cam.com/video/a2_kLESHF6I/w-d-xo.html
Microsoft Intune - Module2.2- Intune Enrollment Methods for Windows Devices | Enroll Device In Intune
th-cam.com/video/Snl5W61E_oo/w-d-xo.html
Microsoft Intune - Module2.3 - Linux Management with Intune | Manage Ubuntu with Endpoint Manager
th-cam.com/video/dVY50GYlblI/w-d-xo.html
✅ Endpoint Analytics Module
th-cam.com/video/HJk2in-kWpg/w-d-xo.html
Microsoft Intune - Module4.1- What Is Endpoint Analytics and How To Configure | Step By Step Process
✅ Intune Introduction Module
Microsoft Intune - Module1.1- Intune Introduction | Explained | Overview | Benefits | Features
th-cam.com/video/HZd0__Ca_qk/w-d-xo.html
Microsoft Intune - Module1.2- Intune Deployment Scenarios | Intune project plan | Planning and Design
th-cam.com/video/bk74ypeRQWA/w-d-xo.html
Microsoft Intune - Module1.3- Intune Free Trial Lab Setup | Create Intune Tenant | Setup Intune Infra
th-cam.com/video/Y4D6eVNXchY/w-d-xo.html
Microsoft Intune - Module1.4 - Intune Console Overview | Intune First Look | Walk through | Explained
th-cam.com/video/s3hZORX1k3Y/w-d-xo.html
🏷 Tags
#ChanderManiPandey #Intune #intunetraining #microsoftintune #intuneguide #autopilot #mdm #intunetutorials #windows11 #microsoftintune #msintune #IntunePatching #patching #patchtuesday #windows10 #windows10update #windows11updates #windows11update #windows11upgrade #AutoPilot #WindowsAutopilot
Dear @Chander Man Pandey. Your vidoe awson and i would wanted to configure the same. Could you please confirm If i configuration Microsoft API's (Microsoft Graph) will it be any charge will apply?
No charge.
Love your work. Very concise, detailed and easy to implement. I was up and running on the email report via Task Scheduler in no time. I have one question though. All 180+ of my Win10 machines show all fields as "manually check", but all my Win11 machines show all the correct data in the fields. Now, I did just today manually touch everyone of my policies, so all machines are still needing to check in. Is that possibly the problem? I did sync, reboot, log back in and sync again, on a Win10 machine but a new compliance report shows the same. Is my assumption right and just wait until all machines have had time to get the Device Restriction policy and send stats back in? Thanks again.
Thanks.
Manual check are mostly "preview build" or OOB version.
Could you provide me version details like 10.0.19042.xxxx
@@ChanderManiPandey Sure! The 185 devices showing manually check in all fields are either 10.0.19045.3448 (2 count) or 10.0.19045.3570 (183 count). Looking forward to your thoughts on it. Thanks
@@JohnGregLyoni had the same issue, there's a line in the script that uses akams/WindowsUpdateHistory which i'm guessing used to redirect to Win 10 Updates but now redirects to Win 11 updates. I don't know if there's a new akams shortcut but just google "windows 10 update history" for the correct url and replace the shortcut in the script
@@ChanderManiPandey Any thoughts on why my devices listed below, are showing as manually check?
Yes, Looks like MS redirected Windows 10 URL (Could be temporary issue )
(aka.ms/WindowsUpdateHistory)🙄
I am working on it to find workaround to fix this.
Thankyou for such a informative video. I have a question, how can you identify the location of the intune autopilot devices, eg. if I want a report that in US & India, how many systems are built using autopilot, how can we fetch this report. I know its easy in SCCM like ad site and boundary or hostname but not in Intune.
We have in-build report for autopilot deployment for last 30 days. It difficult to find the device build in India or other location.If you are using Group tag or adding location in user attributes then you can try to create something close to your requirement. and I think extension attribute can be used to achieve this
I've found one of the best ways to identify these is to actually bind Azure Sign in logs to Log Analytics then use KQL queries to obtain this information
Hi @Benmorgan86uk , yes that is also a good option. There are many ways to achieve it..
@@Benmorgan86uk please mention the link for the steps
Hi Chander Mani hope you are doing well. Need your help, Microsoft released 23H2 on 31 Oct. Existing windows 11 patch list URL unable to download 23H2 patch list which is why 23H2 devices are going under manually checked . I tried with one of the url but it is downloading 23H2, 22631 build number only, however 22631 is not being downloaded.
Will update this.
Hi @@ChanderManiPandeyhave you got a chance to check it? I tried with one URL and it is giving only 23H2 22621 build details, and not downloading 23H2 22631 OS build.
Waiting for coming patch Tuesday and then I will test and update the script to cover all windows 11 version.
@@ChanderManiPandey you are absolutely right, because you mentioned "- not match" Preview. Thanks a lot you always help.
Thanks again for this video! I was able to get everything setup but when I ran the report I got back 0 devices. Is there something I am missing?
Please check API permission and Microsoft.Graph.Intune module installed or not.
Run this command in Powershell as an admin and install this module.
Install-Module -Name Microsoft.Graph.Intune -Force
@@ChanderManiPandey Am also facing same issue, in my envt script was not able to download device .zip file from report. Tried another way to get download the .zip file and after downloading , unzip file . Copy to "C:\Temp\MicroSoftPatchList\LatestCumulativeUpdateList\PD_Dump" . Script worked well.
@@sunilpal7933 Please check API permission and Microsoft.Graph.Intune module installed or not.
Run this command in Powershell as an admin and install this module.
Install-Module -Name Microsoft.Graph.Intune -Force
@@ChanderManiPandey Thanks for reply.let me try and will update.
@@ChanderManiPandey after running microsoft.graph.intune in admin mode script able to download file. Thanks
PD dump file is not exporting, it was working fine till yesterday, it seems parameter change by MS or issue with API. Not sure please help.
Its working for me. Check the suggested points.
Same issue, even I tried manual one it is running but result is not expected fields are blank, it seems Microsoft has changed some parameters.
I don't think so. I am able to create it without any issue.
run this command in Powershell as an admin and then try again.
Install-Module -Name Microsoft.Graph.Intune
Thanks for your prompt reply. I did as you suggested but still same . After this message "Export Job initiated for reports" only dots are running continuously.
Running dots meaning is trying to export the Intune dump and on completed dot ends and you are able to see the file name.
If it's urgent you can follow my other video showing how you nam manually create this reports.
Check latest video
Thanks a lot for your quick revert as always. Actually there was some issue in my tenant, the report was not fetching even manually. Later MS fixed it.
Happy that your issue is now resolved.
Would it be possible to filter on just device with specific enrolment profile etc?
If you are talking about EnrollmentType then yes.
You have to add this in filter
And (EnrollmentType eq '1' )"
In line no 90
Thanks for video. Can you make video on device cleanup from intune ,aad,ad,sccm.
U mean cleanup from aad, ad and SCCM along with Intune?
@@ChanderManiPandey yes correct
My results come back empty. Total device count is 0. Has something changed since this video was published?
No,
I am using this regularly and not facing any issue.
Just recheck again. I am sure you are missing something.
Specially check API permission type.
@@ChanderManiPandey I sent the video to a coworker and asked him to try. Maybe he will spot something I did wrong. Thanks for the quick reply.
Let me know the outcome
Excellent Video. I followed all the steps and scripts are executed. However i did not received email.
Thank you.
May I know if the script has successfully generated the report?
Are you using on-prem SMTP or Gmail SMTP?
This is a great script, are you able to update to avoid looking at personal machines? also, my email fails to send when calling $attachments
you can replace line no 91 with this line . Enjoy
'filter' = "(DeviceType eq '1') and (OwnerType eq '1')"
What you are getting when running only this variable?
$attachments
@@ChanderManiPandey thanks I will update it, the problem is I'm not getting any errors when using $attachments 😅 it just fails to send, I tried looking at event viewer but was unable to find any logs related to it, appreciate your help!!! 👍
So u mean u r getting dashboard but with no attachment?
@@ChanderManiPandey no the email is not sent at all and when I remove $attachment it works fine, no worries I will test further tomorrow but many thanks for your support 🙏🙏
thank you a lot for your video, but the script is not sending the mail
Thanks.
May i know what error you are getting?
thank you a lot for your fast respond, @@ChanderManiPandey , i did not get any erreur its just the mail is not send it, i think in the script we have to add the abilitye to login to our office 365 so the mail can be send it
You have to provide SMTP server information under user input section to get the email notification.
Microsoft.Graph.Intune is deprecated now :(
Yes, but you can still use this using application registration
great vid ...but to complex to set and InfoSec will not like this 😁... so we stick we basic Intune reporting ... when it works as expected 😂
May i know what is complex in this ?
@@ChanderManiPandey complex for our "sensitive" InfoSec, who does not like to give a Azure permission for apps 😁 ... it is not complex to setup ;)
@@Timmy-Hi5 ok, but you can get this report even without app registration but few steps are manual
@@ChanderManiPandey thx :)
Hi bro how to resolve Error code 0x8a15001b while installing an app from intune it shows the following error
Is this win32 app or Store app ?
@@ChanderManiPandey store app having issue with snipping tool and power BI report builder
sounds like Microsoft Store is blocked.
If deviice is managed via gpo then check this location.
"Turn off the Store application" and "Disable Store application" must be set to not configured
Computer Configuration >Policies >Administrative Templates >Windows Components >Store | Turn off the Store application = not configured
Computer Configuration >Policies >Administrative Templates >Windows Components >Store | Disable Store application = not configured
@@ChanderManiPandey bro did u give training on intune if yes please let me know
@@girishkumarkoppolu ping me on LinkedIn.
Dear Chander Mani, hope you are doing good. It seems there is some change in windows 10 update history API. Windows 10 API also redirects to windows 11 update history that is why windows 10 devices are going in to manually check status.
Thanks,
I will check this and let you all know.
Attention, please
Those who are using my custom PowerShell script to generate the "Intune Windows update patching compliance", please note that due to a change in the URL or non-working URL, all Windows 10 machines are showing a 'Manually check' status.
Please find this line in the script:
$URI = 'aka.ms/WindowsUpdateHistory';
and update it with this line:
$URI = 'support.microsoft.com/en-us/help/4043454';
I will update all impacted scripts and update them on GitHub."
please confirm if its working.
Thanks a lot, it is fixed now and working fine. ❤😊
@manukamboj6626 happy it's working again 😊
Suddenly your script stop working, export job variable not exporting device report.
Sounds like not a script issue.
Check two things
1) Application registered for this script is still exist with required api permission and secret is valid ( not expired)
2) ensure that microsoft Intune graph module is already installed.
Let me know the the outcome.
Thanks for replying, checked every thing is fine and my other automation work fine using the same secrat and permissions.