This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
I am trying to setup a compliance policy to check that Crowdstrike is installed. I have tried running the script as the logged in user and not, etc.. same result. I know the script does not error out since I can run it on my workstation and it returns the correct value. Anyway regardless of what I do, Intune only shows "Not applicable" . Below is what the script and json file look like. Please note, I cannot take credit for this script which I found online and altered. I forget to mention the assignment is target to a group of test devices that are hybrid joined. :https://www.reddit.com/r/crowdstrike/comments/18cxacd/intune_custom_compliance_discovery_script_for/
$AVClient = 'CrowdStrike Falcon Sensor'
$AVProduct = Get-WmiObject -Namespace 'root\SecurityCenter2' -Class AntiVirusProduct | Where-Object { $_.displayName -eq $AVClient } | Select-Object -First 1
$AVSummary = New-Object -TypeName PSObject
If ($AVProduct) {
$hexProductState = [Convert]::ToString($AVProduct.productState, 16).PadLeft(6, '0')
$AVSummary | Add-Member -MemberType NoteProperty -Name "$AVClient" -Value $AVProduct.displayName
}
Else {
$AVSummary | Add-Member -MemberType NoteProperty -Name "$AVClient" -Value 'Error: Not Installed'
}
return $AVSummary | ConvertTo-Json -Compress
{
"Rules": [
{
"SettingName": "CrowdStrike Falcon Sensor",
"Operator": "IsEquals",
"DataType": "String",
"Operand": "CrowdStrike Falcon Sensor",
"MoreInfoUrl": "https://www.crowdstrike.com/en-us/",
"RemediationStrings": [
{
"Language": "en_US",
"Title": "Incorrect Antivirus solution detected. Value discovered was {ActualValue}.",
"Description": "Install correct Antivirus solution."
}
]
}
]
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@rr-4098, Thanks for posting in Q&A.
From your description, I know you want to create a custom compliance policy to detect whether the Crowdstrike is installed but got some error.
To solve this issue, here are some steps you can refer to.
1.The device must be Windows 10/11 (excluding Windows 10/11 Home)
2.The user has been assigned Intune license.
3.Check if there exist other compliance policies assign to the device, unassign them and change the custom compliance policy assignment to user group.
Also, I find sometimes it need to restart to make it work, you can try and see if the result will be different. Here is a link with more details:
https://call4cloud.nl/2021/11/the-last-days-of-custom-compliance/
Note: Non-Microsoft link, just for the reference.
Hope above information can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Even though in the Intune admin portal I "synced" the device, I still have to wait longer. Without doing anything it finally showed as compliant. Is the synced kicked off from the admin portal not a full sync?
@rr-4098, Thanks for your reply.
We are so glad to hear it finally showed as compliant, the sync in the Intune admin portal is a full sync, but since you assign the compliance policy to device group, it will cost the device more time to apply the policy than assigning it to user group even if you sync the device in Intune admin portal. Hope this information can solve your doubts.