This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 72%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHA%3C/text%3E%3C/svg%3E)
Attempting to create a custom policy in Microsoft Intune to discover non-updated machines leads to an error message stating "At least one rule must be specified" when uploading a JSON file.
The PowerShell discovery script being used is as follows:
# Check for Windows Updates
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$SearchResult = $UpdateSearcher.Search("IsInstalled=0")
# Check if there are any updates available
if ($SearchResult.Updates.Count -gt 0) {
# Updates are available, mark the machine as noncompliant
Write-Output "Machine is not compliant. Updates are available."
# Add your code here to mark the machine as noncompliant in your system
} else {
# No updates available, machine is compliant
Write-Output "Machine is compliant. No updates available."
# Add your code here to mark the machine as compliant in your system
}
The JSON file being uploaded contains the following:
{
"PolicyName": "WindowsUpdateCompliance",
"Description": "Mark Windows machines as noncompliant if they are not updated",
"ComplianceSettings": {
"CheckForUpdates": true,
"MarkAsNoncompliantIfNotUpdated": true,
"Rules": [
{
"ruleName": "WindowsUpdateCheck",
"ruleType": "Update",
"ruleDescription": "Check if Windows updates are installed",
"ComplianceCriteria": {
"UpdateStatus": "UpToDate"
}
}
]
}
}
A screenshot of the error when uploading the file is provided below:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@Houman Alavehzadeh, Thanks for posting in Q&A. The error message "At least one rule must be specified" suggests that Intune is not recognizing the rule you've defined in your JSON file.
Discovery script detects the settings from the JSON file. The JSON file defines the custom settings and the values that you considered to be compliant.
After reviewing the discovery script and JSON file, I find the format is not correct.
https://learn.microsoft.com/en-us/mem/intune-service/protect/compliance-use-custom-settings
For discovery script, it Identifies one or more settings, as defined in the JSON, and return a list of discovered values for those settings. You can change the script to add one variable to detect the windows update status and return the value with example like "return $hash | ConvertTo-Json -Compress"
For JSON File, we need to define the custom setting windows update status which you define in discovery script and the value we consider it to be compliant.
https://learn.microsoft.com/en-us/mem/intune-service/protect/compliance-custom-json
Here are some examples you can read as a reference:
https://call4cloud.nl/custom-compliance-policy-intune/
https://patchmypc.com/intune-compliance-policy
Note: None-Microsoft link, just for the reference.
Hope the above information can help.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.