Patch for Intune
Ivanti Neurons Patch for Intune is a cloud-based solution that extends Microsoft Intune implementations to include third-party product management capabilities. You can publish a number of third-party products from the Ivanti Supported Products Catalog to the Intune Console, including: Google Chrome, Zoom Client, Mozilla Firefox, Adobe Acrobat, Slack, Dropbox, and more. In addition to this, you can add your own custom applications to Ivanti Neurons Patch for Intune. For information about adding your own products, see Creating Products.
Watch an overview video (2:27)
Ivanti Neurons Patch for Intune YouTube playlist
Some features of Patch Intelligence are also available with your Ivanti Neurons Patch for Intune license. For example, you can use the information in Patch Intelligence to gain insight into the risk and reliability ratings for each patch. To access Ivanti Neurons for Patch Intelligence, within the Ivanti Neurons platform navigate to Patch Management > Patch Intelligence.
Select the desired products in the table and then publish them to Microsoft Intune. The normal Intune processes are then used to deploy the products to endpoints. Ivanti Neurons Patch for Intune continually monitors the Ivanti Supported Products Catalog for new versions of your managed and unmanaged products. If a new version of a managed product becomes available, you can choose to be prompted for approval or have the new version automatically published to Intune without user interaction.
After Patch for Intune has published a product to Intune, the decision of when to actually try to deploy the product to an endpoint is made by Intune itself. This depends on your environment, and could be anywhere from a few minutes to a few hours later. If you have problems with Intune deploying products, see Troubleshoot Win32 app issues on Microsoft's website (opens in a new window).
For security reasons, to access some of the features of Ivanti Neurons Patch for Intune you need to authenticate using your Azure credentials when prompted. The frequency of this requirement depends on the configuration of your environment.
When you first start Patch for Intune, or whenever new configuration settings are required, a configuration wizard appears to help you to get started.
About the Ivanti Supported Products Catalog
You can find the Ivanti Supported Products Catalog in the Ivanti web site (opens in a new tab).
To receive email notifications when updates are available in the product catalog, go to the Ivanti Neurons Patch for Intune community page. Subscribe using Join Group and select the frequency of notifications.
System Requirements
The following are required to use Ivanti Neurons Patch for Intune:
- An Ivanti Neurons Patch for Intune license
- A valid Microsoft Intune environment
- A web browser
- One of the following roles:
- Application Administrator (Intune) AND Global Reader (Entra ID)
- Intune Administrator (Entra ID)
- To distribute the Ivanti Code Signing Certificate, you need the Policy and Profile manager role in Intune
- For the best results when distributing applications, you also need to distribute the Ivanti Code Signing Certificate as described below.
The Intune Administrator role is required only if you want to manage categories (see Publication Options) or for selecting scopes during on-boarding (see Select an Intune scope (optional)).
Alternatively, you can use Global Administrator (Entra ID).
To distribute the Ivanti Code Signing Certificate:
- In Ivanti Neurons Platform, under Admin, click Patch for Intune Settings.
The Patch for Intune Settings page appears. The Certificate Distribution section reports the current status of your Ivanti certificate, if it was distributed using Ivanti Neurons Patch for Intune. - If the latest Ivanti certificate is distributed to Intune, you can Check Again.
If you have an old Ivanti certificate distributed, or no Ivanti certificate distributed, click Distribute.
The Distribute Certificate dialog appears, showing details of the certificate that will be distributed. - Select Assign to all devices or in the Select groups box select the groups whose associated devices you want to distribute the certificate to.
- Click Distribute.
The certificate is distributed as configured.
Uninstalling applications
Most applications that are packaged in a .msi use msiexec to uninstall themselves. However, this method is less reliable if the application is packaged in a .exe. To handle this, Ivanti has developed a solution called IvantiLUAExecutor.exe that uses a compilation of scripts from uninstallation methods defined by the application vendor so that these applications can be uninstalled using Intune.
The uninstall method creates a log named ScriptExecutor.log when it is run by Intune. If an application uninstalls incorrectly, this file records errors that could have occurred during the uninstallation. This is only necessary if the application is packaged in a .exe.