With Intune remediations it's quite difficult to capture an output if it's run against multiple users. What I'd like to achieve is to pass Write-Output to a variable and then hopefully the remediation would output that variable (that being the results for all users into one output), as you would see it, if running it locally.
So, for example, my script is as follows:
# Get all the user profiles that are on the system
$users = Get-ChildItem (Join-Path -Path $env:SystemDrive -ChildPath 'Users') -Exclude 'Public', 'Administrator','svc*'
Generate a date code for accounts that have had activity in the last 180 days
$StaleAccountDate = (Get-Date).AddDays(-180)
if ($null -ne $users) { # Check for any firewall rules that block Teams access and disable them
Write-Host "Checking for firewall rules that block Teams Access"
$TeamsBlock = Get-NetFirewallRule -Name *Teams* | Where-Object {($_.action -eq "Block") -and ($_.Enabled -eq 'True')}
If ($null -ne $TeamsBlock)
{
Foreach ($Rule in $TeamsBlock)
{
Write-Host "Disabling blocking firewall rule $($Rule.DisplayName)"
Set-NetFirewallRule $Rule.Name -Enabled False
}
}
foreach ($user in $users)
{
# Check the last time something was written to the file path for the user we are checking
$LastAccessTime = Get-ChildItem $user.FullName | sort lastwritetime -Descending
If ($LastAccessTime[0].LastWriteTime -le $StaleAccountDate)
{
Write-Host "Skipping $($user.Name) because the last access time on the account is too old"
}
If ($LastAccessTime[0].LastWriteTime -ge $StaleAccountDate)
{
Write-Host "Checking $($user.Name)"
# Generate the path that will be checked
$progPath = Join-Path -Path $user.FullName -ChildPath "AppData\Local\Microsoft\Teams\Current\Teams.exe"
if (Test-Path $progPath)
{
# Check that the firewall rule already exists, if it does skip, if not, move to the remediation
$RuleCheck = Get-NetFirewallApplicationFilter -Program $progPath -ErrorAction SilentlyContinue
if ($Null -eq $RuleCheck)
{
Write-Host "Rules need adding for $($user.Name), proceed to remediate"
exit 1
}
If ($Null -ne $RuleCheck)
{
Write-Output "Looks like there are already rules in place for $($user.Name), so we will not add any"
exit 0
}
}
if ((Test-Path $progPath) -eq $false)
{
Write-Output "Looks like $($user.Name) has not launched Teams, we will be skipping"
exit 0
}
Clear-Variable RuleCheck
Clear-Variable progPath
}
# Clear the variables for the next user run
Clear-Variable TeamsBlock
}
}
So within the Intune remdiation, it's provided an output on an individual user if say the firewall rules were already in place. However, if I run it locally, it'd provide me with an output for all users with active accounts under 180 days.
Do you know how I could pass the entire output to a variable so it displays properly?