FAQs

The following table provides answers to frequently asked questions regarding Intune application.

FAQs

Question

Answer

Do endpoints need to have PowerShell execution policy to allow script execution?

Not required to have execution permissions for a patch to get installed. We made Enforce script signature check and run script silently in detection scripts to No for an Intune application. Hence it bypasses the execution-policy and runs irrespective of the execution policy being set in endpoint.

Do any files be excluded from virus scanning in endpoints?

Antimalware settings should exclude the following Intune directories:

On x64 client machines:
C:\Program Files (x86)\Microsoft Intune Management Extension\Content
C:\windows\IMECache
On x86 client machines:
C:\Program Files\Microsoft Intune Management Extension\Content
C:\windows\IMECache

More details, see https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-troubleshoot 

Is it possible to deploy the agent via Intune?

Yes via a feature in the product introduced in the April release of the Patch Daemon (version 5.0.385 and above).

What permissions does the Patch Daemon account require? Does it require PowerShell script execution rights?

It requires an account which has access directory as an administrator with rights to create new app registrations.
It does not require PowerShell execution permissions as PowerShell is not leveraged when publishing a package to Intune.