Occasionally you want to inform users about something, such as the need to update or install software, and the easiest way to do that is with some sort of a popup notification. The ability to do that in Microsoft Intune is not currently available in the product although it is a Uservoice item in progress. In the meantime however, if you need to send a notification to users of Windows devices in Microsoft Intune, it's possible using PowerShell and here's how to do it.
The idea here is that you can customize the PowerShell script to deliver the message you want (and if necessary take possible actions, however you need to add your custom code to the script and it must not exceed 200KB). the screenshots below are taken on a Windows 10 version 1709 device enrolled into Intune, the device is logged on as a user with normal permissions (not an Administrator) and this was configured with Windows AutoPilot.
Note: The Intune management extension which is used to run the PowerShell script has the following prerequisites:
Devices must be joined to Azure AD
Devices must run Windows 10, version 1607 or later
Launch PowerShell ISE and open the extracted downloaded script. Scroll down to the following values. The values are currently set as PowerShell Parameters with the hope that the current functionality in Microsoft Intune will support Params with PowerShell scripts in the future (I've requested this ability as a DCR to Microsoft directly). If this ability does come to Intune then I will blog an update to this post explaining how to make it dynamic.
When you've changed the message title and message body, you might also want to change the Type and Option available to the user, below are the values you can configure.
Finally after line 69 you can add any additional code you want, for example to check what key was pressed etc.
Step 3. Upload the script to Microsoft Intune
In the Intune service in Azure select Device Configuration and click on PowerShell Scripts.
In PowerShell scripts, click on Add.
Enter the following values:
Name: "Display a message in Intune"
Description: "Using PowerShell to messages in Intune"
Script location: DisplayMessageInIntune.ps1
Next click on Settings, Configure to see the options available,
Change the first option so that the script runs with the same permissions as the logged on user.
Click OK when done and then click on Create to create the PowerShell script in Intune.
Next click on Assignments to assign the PowerShell script to a Group of Users.
To do that, click on Select Groups and then select a Group of Users that you'd like to assign this to.
Next click on Save to save this group.
Step 4. Review what happens on a Windows device
On a Windows device, logon using the credentials of a user that is in the selected group that you assigned the PowerShell script to.
Tip: You can restart the Microsoft Intune Management Extension service (as a user account with Administrator permissions) rather than wait one hour for that extension service to run the PowerShell script.
Note: Your users don't need to do the service restart, this is just so you get instant gratification and can review the end-result.
After the policy is received the message popup is displayed on top of all windows.
result !
Troubleshooting
You can review 2 logs files, one is the log file for Microsoft Intune Management Extension:
and the other is generated by the PowerShell script itself:
C:\Windows\Temp\DisplayMessageInIntune.log
Note: If you want to display the message to a user in SYSTEM context then download serviceUI.exe from the MDT toolkit and launch powershell with that exe, like so... and create a Win32 App instead of using a PowerShell script option.
Introduction
Occasionally you want to inform users about something, such as the need to update or install software, and the easiest way to do that is with some sort of a popup notification. The ability to do that in Microsoft Intune is not currently available in the product although it is a Uservoice item in progress. In the meantime however, if you need to send a notification to users of Windows devices in Microsoft Intune, it's possible using PowerShell and here's how to do it.
The idea here is that you can customize the PowerShell script to deliver the message you want (and if necessary take possible actions, however you need to add your custom code to the script and it must not exceed 200KB). the screenshots below are taken on a Windows 10 version 1709 device enrolled into Intune, the device is logged on as a user with normal permissions (not an Administrator) and this was configured with Windows AutoPilot.
Note: The Intune management extension which is used to run the PowerShell script has the following prerequisites:
Step 1. Download the script
Download the DisplayMessageInIntune.ps1 script.
DisplayMessageInIntune.zip
Step 2. Edit the script in ISE
Launch PowerShell ISE and open the extracted downloaded script. Scroll down to the following values. The values are currently set as PowerShell Parameters with the hope that the current functionality in Microsoft Intune will support Params with PowerShell scripts in the future (I've requested this ability as a DCR to Microsoft directly). If this ability does come to Intune then I will blog an update to this post explaining how to make it dynamic.
When you've changed the message title and message body, you might also want to change the Type and Option available to the user, below are the values you can configure.
$Option can be any of the following values
"OK"
"OKCancel"
"AbortRetryIgnore"
"YesNoCancel"
"YesNo"
"RetryCancel"
$Type can be any of the following values
"Asterisk"
"Error"
"Exclamation"
"Hand"
"Information"
"None"
"Question"
"Stop"
"Warning "
Finally after line 69 you can add any additional code you want, for example to check what key was pressed etc.
Step 3. Upload the script to Microsoft Intune
In the Intune service in Azure select Device Configuration and click on PowerShell Scripts.
In PowerShell scripts, click on Add.
Enter the following values:
Name: "Display a message in Intune"
Description: "Using PowerShell to messages in Intune"
Script location: DisplayMessageInIntune.ps1
Next click on Settings, Configure to see the options available,
Change the first option so that the script runs with the same permissions as the logged on user.
Click OK when done and then click on Create to create the PowerShell script in Intune.
Next click on Assignments to assign the PowerShell script to a Group of Users.
To do that, click on Select Groups and then select a Group of Users that you'd like to assign this to.
Next click on Save to save this group.
Step 4. Review what happens on a Windows device
On a Windows device, logon using the credentials of a user that is in the selected group that you assigned the PowerShell script to.
Tip: You can restart the Microsoft Intune Management Extension service (as a user account with Administrator permissions) rather than wait one hour for that extension service to run the PowerShell script.
Note: Your users don't need to do the service restart, this is just so you get instant gratification and can review the end-result.
After the policy is received the message popup is displayed on top of all windows.
result !
Troubleshooting
You can review 2 logs files, one is the log file for Microsoft Intune Management Extension:
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log
and the other is generated by the PowerShell script itself:
C:\Windows\Temp\DisplayMessageInIntune.log
Note: If you want to display the message to a user in SYSTEM context then download serviceUI.exe from the MDT toolkit and launch powershell with that exe, like so... and create a Win32 App instead of using a PowerShell script option.
Recommended reading
Share this post
Link to post
Share on other sites