You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Discovery scripts for Linux must be POSIX-compliant shell scripts, such as Bash and shell. However, the scripts can call more complex interpreters from inside the script, like Python. To successfully use other interpreters, they must be correctly installed and configured on the devices in advance of receiving the discovery script.
82
+
Discovery scripts for Linux must be POSIX-compliant shell scripts, such as Bash. However, the scripts can call more complex interpreters from inside the script, like Python. To successfully use other interpreters, they must be correctly installed and configured on the devices in advance of receiving the discovery script.
83
83
84
84
**About POSIX-compliant syntax**: Because the custom compliance script interpreter for Linux supports only a POSIX-compliant shell, it’s important to use POSIX-syntax.
Copy file name to clipboardExpand all lines: memdocs/intune/protect/compliance-policy-monitor.md
-3Lines changed: 0 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -233,11 +233,8 @@ Policy conflicts can occur when multiple Intune policies are applied to a device
233
233
234
234
- If you have deployed multiple compliance policies, Intune uses the most secure of these policies.
235
235
236
-
<<<<<<< HEAD
237
-
=======
238
236
To learn more about conflict resolution for policies, see [If multiple policies are assigned to the same user or device, how do I know which settings gets applied?](../configuration/device-profile-troubleshoot.md#if-multiple-policies-are-assigned-to-the-same-user-or-device-how-do-i-know-which-settings-gets-applied).
Copy file name to clipboardExpand all lines: memdocs/intune/protect/compliance-use-custom-settings.md
+8-18Lines changed: 8 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,13 +7,8 @@ keywords:
7
7
author: brenduns
8
8
ms.author: brenduns
9
9
manager: dougeby
10
-
<<<<<<< HEAD
11
10
ms.date: 10/19/2022
12
11
ms.topic: conceptual
13
-
=======
14
-
ms.date: 08/15/2022
15
-
ms.topic: how-to
16
-
>>>>>>> 94fa0b7f15a3a95565bfbcee045ae8f0b521149e
17
12
ms.service: microsoft-intune
18
13
ms.subservice: protect
19
14
ms.localizationpriority: medium
@@ -43,32 +38,27 @@ This feature applies to:
43
38
44
39
Before you can add custom settings to a policy, you’ll need to prepare a JSON file, and a detection script for use with each supported platform. Both the script and JSON become part of the compliance policy. Each compliance policy supports a single script, and each script can detect multiple settings:
45
40
46
-
- The JSON file defines the custom settings and the values that are considered as compliant. You can also configure messages for users to tell them how to restore compliance for each setting. You add your JSON file while creating a compliance policy, just after you select a discovery script for that policy.
41
+
- The JSON file defines the custom settings and the values that are considered as compliant. You can also configure messages for users to tell them how to restore compliance for each setting. You add your JSON file while creating a compliance policy, just after you select a discovery script for that policy.
47
42
48
-
- Scripts are specific to different platforms and delivered to devices through the compliance policy. When policy is evaluated, the script detects the settings from the JSON file, and then reports the results to Intune. Windows uses a PowerShell script and Linux uses a Bash script.
43
+
- Scripts are specific to different platforms and delivered to devices through the compliance policy. When policy is evaluated, the script detects the settings from the JSON file, and then reports the results to Intune. Windows uses a PowerShell script and Linux uses a POSIX-compliant shell script.
49
44
50
-
The scripts must be uploaded to the Microsoft Endpoint Manager admin center before you create a compliance policy. You select the script when you’re configuring a policy to support custom settings.
45
+
The scripts must be uploaded to the Microsoft Endpoint Manager admin center before you create a compliance policy. You select the script when you’re configuring a policy to support custom settings.
51
46
52
47
After you’ve deployed custom compliance settings and devices have reported back, you'll be able to view the results alongside the built-in compliance setting details in the Microsoft Endpoint Manager admin center. Custom compliance settings can be used for conditional access decisions, the same way built-in compliance settings are. Together they form a compound rule set, equally affecting the device compliance state.
Hybrid Azure AD-joined devices are devices that are joined to Azure AD and also joined to on-premises Active Directory. For more information, see [Plan your hybrid Azure AD join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan).
58
54
59
55
Devices that aren't Azure AD joined or aren't hybrid Azure AD-joined are evaluated as not applicable.
60
56
61
-
-**Discovery script** - A PowerShell or Bash script that you create that runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Endpoint Manager admin center before you create a compliance policy and then select the script you want to use when creating a policy.
62
-
63
-
To create a custom compliance script, see:
64
-
65
-
-[Custom Bash scripts for discovery on Linux](../protect/compliance-custom-bash-script.md)
66
-
-[Custom PowerShell scripts for discovery on Windows](../protect/compliance-custom-script.md)
57
+
-**Discovery script** - A PowerShell for Windows or a POSIX-compliant shell script for Linux that you create. The script runs on a device to discover the custom settings defined in your JSON file. The script returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Endpoint Manager admin center before you create a compliance policy and then select the script you want to use when creating a policy.
67
58
68
-
-**JSON file** - The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting. For guidance on creating a JSON for custom compliance, see the following platforms specific guidance:
59
+
To create a custom compliance script, see [Custom compliance discovery scripts for Microsoft Intune](../protect/compliance-custom-script.md).
69
60
70
-
-[Linux](compliance-custom-json.md)
71
-
-[Windows](compliance-custom-json.md)
61
+
-**JSON file** - The JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting. For guidance on creating a JSON for custom compliance, see [Custom compliance JSON files](compliance-custom-json.md).
72
62
73
63
## Create a policy with custom compliance settings
74
64
@@ -121,7 +111,7 @@ Check the device compliance reports for the following error codes and insight in
121
111
122
112
On Windows you can add the following line at the end of the PowerShell script to return errors related to the PowerShell script, ensure the following line is at the end of the PowerShell script file: `return $hash | ConvertTo-Json -Compress`
123
113
124
-
### PowerShell or Bash scripts aren’t visible to select, or remain visible after being deleted
114
+
### PowerShell or POSIX-compliant shell scripts aren’t visible to select, or remain visible after being deleted
125
115
126
116
Refresh the current view. If the issue persists, cancel the policy creation flow, and start again.
0 commit comments