Application Resilience policies for Microsoft Intune

You can activate an Application Resilience policy for Microsoft Intune® to collect information about the functional status of Microsoft Intune installed on your Windows devices and view the results in reports. You can also configure the policy to attempt to repair the application.

Application Resilience policies for Microsoft Intune are supported on devices running:

  • a supported version of the Windows operating system

  • PowerShell version 5.1 or higher

    Due to PowerShell restrictions imposed by Microsoft, Application Resilience isn't supported for this application on devices running Windows 11 SE.

  • the Intune Management Extension

The following table describes the health checks performed:

Report higher versions as Compliant is not available.

Component Test performed
Services Installed Running Signed by
  • Device Management Wireless Application Protocol (WAP) Push message Routing Service
  • Windows Recovery Environment Status1
 P n/a n/a
  • Microsoft Account Sign-In Assistant
 Microsoft Windows Publisher
  • Connected User Experiences and Telemetry1
 P
  • Microsoft Intune Management Extension1
 Microsoft Corporation
Domain join status
  • Checked using the dsregcmd command and the device is Microsoft Entra (formerly Azure AD) joined or Microsoft Entra hybrid joined
  • Join type matches the configured join type selected in the policy configuration

1 Only checked if selected in the policy configuration

You can configure an Application Resilience policy for Microsoft Intune to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to repair Microsoft Intune if it's not functioning.

The Report, repair, and reinstall option isn't supported. Depending on the Absolute product licenses associated with your account, the Report and repair option may not be available.

The RAR component of the Secure Endpoint Agent can respond to the following issues:

Issue Resolution
Repair

One or more of the following services aren't running:

  • Connected User Experiences and Telemetry1
  • Microsoft Intune Management Extension1
 The RAR component restarts the service.
The Windows Recovery Environment Status1 is disabled The RAR component enables the service.

1 Only applies if selected in the policy configuration

Before you activate an Application Resilience policy for Microsoft Intune you need to configure these settings in addition to the settings in Configuring Application Resilience policies.

You don't need to configure the application version for Microsoft Intune.

To configure the Microsoft Intune specific settings:

  1. In Check domain join type, select the join type your Microsoft Intune configuration uses.

    If your configuration uses both Microsoft Entra (formerly Azure AD) and Hybrid Microsoft Entra joined devices, select Either join type.

  2. In Additional Microsoft tools that need to be checked, select all of the optional services that you want to include in the health check:

    • Connected User Experiences and Telemetry

    • Intune Management Extension

    • Windows Recovery Environment