# M365-Version Intune Remediation

# Table of Contents

• Purpose
• Overview
• Dependencies
• Detection Script
• Remediation Script
• Usage
• Inputs
• Outputs
• Notes

# Purpose

Documents both the detection and remediation scripts for Microsoft 365 Apps version compliance via Intune Remediation.

# Overview

This page covers both:

• Detection script: Determines if Microsoft 365 Apps is at the required Monthly Enterprise version, using robust scheduling and compliance logic.
• Remediation script: Updates Microsoft 365 Apps to the required version, with user-friendly prompts and safe update handling.

# Dependencies

• PowerShell 7+
• Internet access (for version checks and update downloads)
• Windows OS with Microsoft 365 Apps installed
• Access to registry: HKLM:\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
• expand.exe (built-in)
• Office Deployment Tool Configuration Options
• Monthly Enterprise Channel Release Notes

# Detection Script

Logic:

• Runs only on scheduled days, based on device hostname and day of week.
• Retrieves the installed Office build version from the registry.
• Fetches the latest Monthly Enterprise build version from Microsoft (via ofl.cab or web fallback).
• Compares installed and required versions.
  • Returns exit codes:
    • 0: Compliant
    • 1: Non-compliant (requires remediation)
    • 2: Off-schedule (skipped)
    • 4: Unidentifiable target group (symbol in device name)

Inputs: None required; uses environment and registry.

Outputs: Compliance status, installed and required version, detailed log file in %TEMP%.

Documentation:

• Get-ItemProperty
• PowerShell Exit Codes

# Remediation Script

Logic:

• Checks installed and latest required build versions.
  • If update is needed:
    • Detects running Office apps and prompts user (toast notification) to close them, with up to 2 reminders.
    • Proceeds with update after reminders or if user closes apps.
    • Runs OfficeC2RClient.exe to update to the required version, using non-disruptive flags.
• Logs all actions and outcomes.

Inputs: None required; uses environment and registry.

Outputs: Actions taken, update status, user prompts, detailed log file in %TEMP%.

Documentation:

• Update Options for Office 365 ProPlus
• Office Deployment Tool Configuration Options

# Usage

• Both scripts are deployed as part of an Intune Remediation package.
• Detection runs first; if non-compliant, remediation is triggered.

# Inputs

• No external parameters; all logic is self-contained.

# Outputs

• Detection: Compliance status, installed/required version, log file.
• Remediation: Actions taken, user prompts, update status, log file.

# Notes

• Scheduling logic ensures devices are checked on a rolling basis.
• User experience is prioritised: update is non-disruptive, with clear prompts.
• See project standards for logging, error handling, and accessibility.