Skip to content
Dell driver Intune
Home » Dell Drivers with Intune and Proactive Remediations

Dell Drivers with Intune and Proactive Remediations

If a device is delivered new by Dell, the drivers are usually up-to-date. After a year, or if the device is reinstalled, drivers are quickly missing or no longer up to date. This can open security gaps or cause problems for the end user. In order to avoid this situation, I use Intune to distribute the "Dell Command Update" program, which I then use to regularly check and update / install the Dell drivers via Proactive Remediations.

Table of Contents

Create filters for Dell devices

Before we start the distribution, let's create a filter for Dell devices.
You do this under: Tenant Administration > Filters

We give the filter a meaningful name and select "Windows 10 and later" as the platform.

Filter name: WIN Manufacturer Dell

As a filter rule, we only use the manufacturer "Dell".
To check the filter, you can click on the preview of the filter.
(device.manufacturer -eq "Dell Inc.")

Dell Filters, Settings and Preview

After clicking on "next" and "create" the creation of the filter is already complete. We will need this again later to install the "Dell Command Update" only on Dell devices.

Dell Command Update

In order to start the check via Proactive Remediations, the "Dell Command Update" program must first be installed. I have provided you with the finished Win32 package on GitHub.
The package includes the EXE with version 4.6.0.

Install Dell Command Update via Intune

For distribution with Intune you navigated to «Apps > Windows», choose «+Add» and «Windows app (Win32)».
Then upload the "install.intunewin" file.

Add Intune, win32 app

In the "App information" you fill in the name, the description and the publisher.
I have also made a logo available to you on GitHub.

Intune App Information, Dell Command Update

In the next steps you will add the installation parameters as listed below and set the requirements.

Install command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\install.ps1
Uninstall command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -command .\uninstall.ps1
Install command
Request win32

For the detection rule, you add a manual one with the following parameters:

File, Sting (version):

  • C:\Program Files (x86)\Dell\CommandUpdate\
  • dcu-cli.exe
  • 4.6.0.3
Dell Command Update detection rule

You can skip the "Dependencies" and "Supersedence" step.

In the assignment you now assign a target group. This can also include all devices. However, so that only Dell devices receive the program, we also apply the filter created in the first part of this blog.

Apply assignment and Dell filter

Create Proactive Remediations package

With the installation of the "Dell Command Update" we have fulfilled the requirements and can create the Proactive Remediations package.

As usual, I saved the scripts on GitHub for you:

If you do not have a Windows Enterprise or Education license, you cannot use this function.
I'll show you an alternative here: "Proactive Remediation for Business" | scloud

First you need to create a new PR package:
Reports > Endpoint analytics > Proactive remediations + Create script package

You give this a name.

Proactive Remediations Script, Dell Driver Intune

Then you upload the detection and remediation script.
Drivers and firmware updates are installed in my template, if you only want drivers, you can simply enter the "Drivers" in the 4th line of the two scripts.

Proactive Remediations Script, Dell Drivers

In the assignment, you select a group and also define the interval for checking this.
I chose to do this every 14 days. If the device is not running at this time, the script will be executed at the next start.
In addition, we apply the filter for the Dell devices here as well.

Proactive Remediations, Interval
Filters, Dell devices

That's it, now the drivers of your Dell devices are regularly updated via Endpoint Manager / Intune.

Proactive Remediation Report

When executing detection and remediation, the outputs are sent to the Microsoft Endpoint Manager and can be viewed there.

To do this, the additional columns must be displayed in the view. You can do this in the corresponding PR package via the "Columns" button.

Proactive Remediation view

If you then click on the corresponding "Review" links, the required drivers will be displayed, for example:

Proactive Remediations, Review
Proactive Remediations, Review Message

23 thoughts on “Dell Treiber mit Intune und Proactive Remediations”

  1. Hi,
    thanks for this great tutorial.
    I have various doubts... Do we have to install Dell-Command-Update-Application_T97XP_WIN_4.6.0_A00.EXE and both scripts (install.ps1 and uninstall.ps1)?

    Thanks!

    1. You're welcome!
      No, you only have to upload the "install.intunewin" which contains all files.
      The "install.ps1" then calls the exe for the silent installation process. The "uninstall.ps1" is only executed if you decide to uninstall the app via Intune.

    2. You have to add it to your netlogon folder where everyone has Read access and then use the below for the install and uninstall scripts:

      %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -File "\\YourNetworklocation\NETLOGON\Dell-Command-Update\DCU-Intune\install.ps1"

      %SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -File "\\YourNetworklocation\NETLOGON\Dell-Command-Update\DCU-Intune\uninstall.ps1"

      Otherwise Intune won't know where to look for the install and un-install files.

      Cheers

      1. If you use a win32 app, the intunewin will be "unzipped" on the target machine and all the sources will be available on the local machine. So you don't have to add a network share and can deploy it regardless of the network location.
        A UNC Path is only necessary if you use another solution than Intune to deploy the software.

  2. So what's the process/work-around for the proactive remediation if we don't have the appropriate licensing for that? We only have 365 business premium and do not have any of the E3/E5/A3/A5 that it requires to run proactive remediation.

  3. Thank you for this guide. I ran through it and was able to get things working properly in the end. The one thing that didn't work for me from your code was the update.count if/else in the detection script. Running $DCU_analyze.updates.update.count always produced 0 for the count, even if I have output in the xml and when I output the value on $DCU_analyze.updates.update. I still need to test this fully, but my initial changes made it work for me and reports back to remediation with the pending updates. I added "$var = $DCU_analyze.updates.update | Measure-Object" below the $DCU_analyze test-path and then changed the count in the if statement to "$var.Count -lt 1". No other changes in the scripts besides adding the bios flag to the check and it's now running in my qa environment.

    1. Hi Florian

      Excellent article. Dell have released version 4.7 of Dell Command, what are the steps to create an updared install.intunewin file?

      Also we are a all Dell house so in theory I could skip the use of Filtering of the devices?

      1. You can do so by downloading the "Dell Command Update.zip" from GitHub, unzip and replacing the EXE.
        In addition, you must change the EXE-Filename in line 12 of the install.ps1. after that you can create the intunewin (https://scloud.work/win32-app-intunewin/) and upload the newest version.
        Don't forget to also increase the version in the detection rule.

        Regarding the filtering, not necessarily, but I would do so... cause you never know if there will be another device.

  4. Excellent work. Just tested it in my test environment and working as expected.

    However, can we include a line in it to suspend bitlocker, for the firmware upgrade, or else it will ask for the Bitlocker key when booting up the computer.

      1. Buenas tardes,

        Me parece genial lo que has hecho con esto, lo estoy probando en el ambiente del cliente.
        pregunto?

        En la remediación se podría colocar este parametro:
        Start-Process $DCU_exe -ArgumentList "/configure -silent -autoSuspendBitLocker=enable -userConsent=disable" -Wait

  5. Hi Florian,

    Excellent scripts and they appear to work great.

    How is the functionality with BIOS firmware updates if Bitlocker is enabled? Checked a few of my devices today and they have installed various firmwares and drivers, but all have the BIOS update sitting.

  6. Hi,

    The install.intunewin file autofills install.ps1 as the App name, not Dell Command update like in the screen shot. Does that matter? I know i can edit the name of the app but wanted to be sure it's going to create correctly as an application.

    Thanks

    1. At the upload Intune uses just the filename, you can set the name to "Dell Command update" or whatever you like. The Name doesn't matter about the installation.

Leave a Reply

Your email address will not be published. Required fields are marked *