Skip to Main Content
Patch My PC Feature and Application Request

A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:

1 VOTE
Status SUBMITTED
Created by Gregg
Created on Nov 1, 2023

Regex Queries in Intune Requirements for Updates

We recently enabled our updates in intune, previously using only SCCM and have found the expierence with PMPC to not be so good with updates, I understand the limitations with Intune updates for 3rd party software, however the method currently being used to detect existing software is very taxing on the system.


We have about 500 updates enabled in PMPC, anything with 1 or more detections gets enabled as it was in SCCM. Because WSUS isn't a thing in intune, all of the detections are being handled via your Powershell requirement script however a lot of this script is based on a regex query which is known to be very taxing on system resources, given the amount of scans being done on a daily basis, in our case 500+ every time Intune Management Engine kicks off the scans.

Would suggest using the native requirements rules ie file, path, property, versions etc rather than those regex queries.

To give an idea on performance impact, before we had...

500 updates, we kept 3 versions in case of the need to roll back so in reality there were at least 1500 scans being done on the device at a time. The machine was taking about 1.5 - 2 hours each time IME started the scans and CPU usage would be at almost 100% this entire time (modern devices, ie Dell Latitude 5420) and system fan would be ramped up during the time the scans are running.

We had to change it so no more 3 versions to remove those duplicate scans, but this breaks software updates which might get updates fast and have a delay in place so we also had to change our update stratergy to simply update everything right away, this has its own drawbacks. Now scans take about half hour to complete every time the scans are made and fans are always quiet on laptops now. We also found a one hour improvement in battery life in our tests before and after.

Many articles online about regex queries being advised against in certain circumstances, given the amount of scans being done I think this would be one of them.

https://www.ibm.com/docs/en/app-connect/11.0.0?topic=msurepde-message-sets-performance-considerations-when-using-regular-expressions

https://blog.cloudflare.com/cloudflare-outage/?mkt_tok=eyJpIjoiWVRCa05tWmxaVE00T1RGaiIsInQiOiIrcVJSRjhIYkRkU0FUbEYzdnMwOW4zd1ZqXC8yVVwvbkZaMUltajlmbVVraDV3Qk8wdWZ4YzhGS3UrWnRSM1FxRzV2U3dON0pQcG5ocVViUkxxVVdUeVlnY3BVVUh0OFhpd2dUcUtoa3V6VW1sMUppTWtHVnRtNWcxQUFJV2VobUt2In0%3D

Also one from Microsoft, they claimed to make some technical improvements with .NET Regex engine, but there is probably only so much they can do.

https://devblogs.microsoft.com/dotnet/regex-performance-improvements-in-net-5/

  • Attach files