Getting Started
  • 📌Patch My PC Docs
  • 🔧Installation Guides
    • Advanced Insights & Patch Insights
      • Requirements
        • Certificate Requirements
        • Software Requirements
        • Network Requirements
      • Download and Install
        • SSL Certificate Configuration
        • Advanced Insights SQLite Database
        • IIS Configuration selection
        • Install Summary
        • Completion
      • Upgrading Advanced Insights
        • Upgrading to Advanced Insights 2.1 and later from 1.0.x and 2.0.x versions
      • Modify Advanced Insights
        • Modify SSL Certificate
        • Modify Network Port
        • Password reset
        • Modify IIS App Pool Identity
      • Uninstalling Advanced Insights
      • Backup and Restore of your Advanced Insights Configuration
      • SQL Permissions
      • Configuration Manager Permissions
      • First Use Experience
      • Proxy Support
      • Advanced Insights Inventory Extensions
        • Description
        • Custom Client Actions
        • WMI Class Definitions
      • External Services Dell Warranty API
      • External Services HP Warranty API
      • External Services Lenovo Warranty API
      • Microsoft Updates Inventory
      • Active Directory Integration & RBAC
      • Active Directory Group to Role Assignment
      • Azure AD (Entra ID) Authentication
      • Requirements for Remote Control
      • Launching Remote Control of a Client
      • Configuration Manager Console Extension
      • Custom Dashboards
        • Creating your first Custom Dashboard
        • Editing a Custom Dashboard
        • Sharing a Custom Dashboard
      • Dashboard Guides
        • Home Page
        • Resources
          • Collections
          • Devices
          • Users
        • Hardware
          • Displays
          • Batteries
          • Storage
          • Graphics Adapters
          • Wireless Adapters
        • Software
          • Applications
          • Client Inventory
          • Software Usage
          • Microsoft 365 Apps
          • ODBC Connections
          • Browser Extensions
        • Operating Systems
          • Dashboard
          • Windows 11 Readiness
          • Local Administrators
          • OS Uptime
          • User Profiles
        • Software Updates
          • Dashboard
          • Updates
          • Update Groups
          • Update Deployments
          • Windows OS
          • Computer Status
          • Microsoft Updates
          • Update Trend
        • Security and Compliance
          • BitLocker
      • Advanced Insights Log Collector
      • IIS Application Pool Identity
      • Two Factor Auth
      • Telemetry Data collected by Advanced Insights
    • Configuration Manager
      • Requirements
      • Download and Install
      • License Key
      • Certificate Configuration
      • Updates
      • ConfigMgr Apps
      • Sync Schedule
      • Alerts
      • Advanced
    • Intune
      • Requirements
      • Download and Install
      • License Key
      • Azure App Registration
      • Intune Apps
      • Intune Updates
      • Sync Schedule
      • Alerts
      • Advanced
    • WSUS Standalone
      • Requirements
      • Download and Install
      • License Key
      • Certificate Configuration
      • Enable Standalone WSUS Mode
      • Updates
      • Sync Schedule
      • Verify Third-Party Updates Appear in WSUS Console
      • Alerts
      • Advanced
    • Patch My PC Cloud
      • Release Notes
      • Patch My PC Cloud Requirements
      • Onboard to Patch My PC Cloud
      • Deployments
        • Deployment Overview
        • Deploy an App
          • General Information
          • Configurations
            • Scripts
            • Install Parameters
            • Dependencies
            • Role Scope Tags
            • Extra Files
            • Categories
            • ESP Profiles
          • Assignments
          • Summary
        • Deploy the same App with multiple configurations
        • Create a Deployment with No Assignments
        • Use a Template in Deployments
        • Update Rings
          • Update Rings Overview
          • How Update Rings Are Created
          • How the Sync Schedule Affects Update Rings
          • How Update Rings Handle New Versions
          • How Update Rings Affect Dependencies
          • Create Update Rings
          • Edit Update Rings
          • View Update Rings
          • Check if an Update Ring has been created
          • Update an Update Ring
          • Convert Existing Deployments to Use Update Rings
          • Delete Update Rings
        • Monitor a Deployment
        • Manage Updates
          • Pause Updates
          • Resume Updates
          • Sync Now
        • Manage Deployments
          • View a Deployment's Properties
          • Edit a Deployment
          • Recreate a Deployment
          • Sort Deployments
          • Delete a Deployment
      • Events
        • Events Overview
        • Search for an Event
        • Filter Events
        • Export Events
        • Sort Events
        • Find more information about an Event
        • Change the number of Events per page
        • Navigate between pages of Events
        • Events Reference
          • General Events Reference
          • Security Events Reference
      • Discovery
        • Discovery Overview
        • Deploy an Unmanaged app
        • Manage Managed Apps
        • Refresh Discovery Data
        • Discovery Managed Apps Reference
      • Administration
        • Manage your Company
          • Enable Preview Features
          • Grant Patch My PC Support access to your portal
          • Delete your Company
          • Recover Your Company
          • Company Reference
        • Manage Users
          • Add a User
          • Using Entra ID Security Groups
            • Add an Entra ID Group
            • View an Entra ID Group's Membership
            • Modify an Entra ID Group
            • Remove an Entra ID Group
          • Modify a User
          • Delete a User
          • Manage Access Requests
            • Approve an Access Request
            • Reject an Access Request
          • Manage Invitations
            • Accept an Invitation
            • Copy an Invitation’s link
            • Resend an Invitation
            • Delete an Invitation
          • User Roles Reference
        • Manage your Environments
          • Manage Intune tenants
          • Manage your License
          • Rename your Environment
        • Manage Connections
          • Add a Connection
          • Verify the Publisher connection
          • Delete a Connection
        • Manage Branding
          • Add Branding
          • Modify Branding
          • Recreate Branding
        • Manage Notifications
          • Add a Notification
          • Create a Webhook notification
          • Create a Microsoft Teams Webhook Notification
          • Create a Slack Webhook Notification
          • Create an Email notification
          • Modify a Notification
          • Delete a Notification
          • Notifications Reference
            • Test a Microsoft Teams Webhook Notification
            • Test a Slack Webhook Notification
            • Test an Email Notification
          • Webhooks Reference
            • Create a Microsoft Teams Webhook
            • Create a Slack Webhook
        • Manage Naming Conventions
          • Configure Naming Conventions
          • Modify Naming Conventions
        • Manage the Sync Schedule
        • Manage Deployment Templates
          • Add a Template
          • Edit a Template
          • Configure a Default Template
          • Delete a Template
        • Delete the Patch My PC Cloud Enterprise Application
      • Binary Free Apps
        • Binary Free Apps Overview
        • Deploy a Binary Free App
        • Manage New Version Notifications for a Binary Free App
        • Update a Binary Free App
      • Custom Apps
        • Custom Apps Overview
        • Custom Apps Requirements
        • Onboard to Custom Apps
        • Create a Custom App
        • Publish a Custom App
        • Modify a Custom App
        • Update a Custom App
        • Delete a Custom App
        • Custom Apps Reference
          • Add a Folder Structure to a Custom App
          • Find properties for EXE-Based Installers
          • Uninstall a Custom App
      • Intune Apps
        • Intune Apps Overview
        • Intune Apps Requirements
        • Onboard to Intune Apps
          • Onboard to Intune Apps for Custom Apps users
        • Feature Comparison with Publisher
      • macOS Support
        • Filter by OS
        • Deploy a macOS app
      • Managed Service Provider
        • Managed Service Provider Overview
        • Managed Service Provider Requirements
        • License the Managed Service Provider Feature
        • Managed Service Provider Administration
          • Manage MSP Companies
            • Add a Company to Manage
            • Choose a Company to Manage
            • Remove a Company from being Managed
          • Manage MSP Users
          • Manage MSP Deployments
          • Manage MSP Events
          • Manage MSP Notifications
        • MSP Custom Apps
          • Create an MSP Custom App
          • View all MSP Custom Apps
          • Deploy an MSP Custom App
          • Edit an MSP Custom App
          • Update an MSP Custom App
          • Delete an MSP Custom App
        • Non-Replicating MSP Settings
      • Troubleshooting
        • Troubleshooting Onboarding
          • “Need admin approval” message when onboarding
          • “Permissions requested” dialog box not shown during Onboarding
        • Troubleshooting App Catalog
          • Why is the "Delete" option greyed out for an app?
        • Troubleshooting Binary Free Apps
          • “Unable to verify the file you are trying to upload”
        • Troubleshooting Branding
          • Why don’t I see the “Branding” node in the portal?
        • Troubleshooting Company
          • "Error - Claim Ownership Failed"
          • "Tenant recovery has been disabled for this account"
          • Why can’t I access my Company?
          • Why can’t I Delete my Company?
        • Troubleshooting Custom Apps
        • Troubleshooting Dependencies
          • Why is an app not shown in the “App Dependencies” dropdown?
        • Troubleshooting Deployments
          • “500 Internal Server Error” when adding an assignment - why?
          • “A deployment with the same name <deployment_name> already exists”
          • “Group not found” shown for an Assignment of a successful deployment
          • Troubleshooting an Intune Apps Deployment
          • "TypeError: Failed to fetch" error when trying to upload a Pre or Post Script
          • Why do I see a yellow exclamation mark ("!") beside a deployment?
          • Why is the “Deploy” button greyed out?
          • Why is “Edit” Unavailable for a Deployment?
        • Troubleshooting Discovery
          • Why don’t I see the “Discovery” node in the portal?
          • Why is the “Edit” button disabled beside a Managed App?
        • Troubleshooting Environments
          • “Intune connection with the same Id found in another environment”
          • “Need admin approval” message when connecting to Intune
          • Why don't I see the ellipsis to edit my Environment or License?
        • Troubleshooting Events
          • Why don’t I see the “Events” node in the portal?
        • Troubleshooting Intune
          • What happens if the Patch My PC Cloud Enterprise App is deleted?
        • Troubleshooting Licensing
          • "Your license doesn't match the specified SKU"
          • “Your trial has expired”
          • “Your trial license expires in xx days”
        • Troubleshooting Managed Service Provider
          • “Customer has active connections. Please disconnect them first in order to delete the company”
          • “Error - Intune connection with the same Id found in another environment!”
        • Troubleshooting Notifications
          • Why don’t I see the “Notifications” node in the portal?
        • Troubleshooting Sign in
          • “The service is currently unavailable in the <region_code> region”
        • Troubleshooting Update Rings
          • "Error - Editing is not allowed until all rings are created after the configured delay."
        • Troubleshooting Users
          • “Unable to change the role of this group as it was not found in Entra ID” error
          • Why don’t I see the “Users” node in the portal?
          • Why is the “Add Group” button unavailable?
          • Why is the “Add Group” button unavailable on the “Available Groups” page?
          • “You currently have only one user with Access Management privileges”
      • Reference
        • About the Patch My PC Code-Signing Certificate
          • Using a Custom Configuration Policy
          • Using a script
        • App Catalog Icon Reference
        • Email Reference
          • Example Access Request Email
          • Example Access Approved Email
          • Example Access Rejected Email
          • Example Account Recovery Email
          • Example Binary Free App Update Email
          • Example Binary Free App Successfully Updated Email
          • Example Invitation Email
          • Example Updates Report Email
        • Entra ID Reference
          • Create an App Registration in Entra ID
          • Delete an App Registration in Entra ID
        • Intune Reference
          • Check App Categories
          • Check ESP Profiles
          • Check Scope Tag Assignments
        • Permissions Reference
          • Permissions required for Patch My PC Cloud
          • Permissions required for Intune Apps
        • Telemetry Data collected by Patch My PC Cloud
        • Unsupported File Names and Extensions
      • Product Limits
      • Glossary
      • Contacting Support
    • Product Reference
      • Language Support in Publisher and PMPC Cloud
  • 💁‍♂️ Get Help
    • Open a Support Case
    • Live Demo, Setup & Review Calls
      • Book a Live Demo
      • Book a Guided Setup Call
      • Book an Environment Review Call
    • Log Reference Guide
    • MEM Patching Optimizer
      • Requirements
      • Download and Install
      • Running Tests
      • Updates
    • Return on Investment Tool
  • 🔁Release History
    • Advanced Insights Releases
      • Inventory Extension Releases
    • Patch My PC Cloud Releases
    • Publisher Releases
      • Publisher 1.x Releases
      • Preview Releases
    • ROI Tool Releases
  • 🤝Resources
    • Patch My PC Website
    • Download Installer
    • FAQ
    • Homepage
    • Roadmap
    • UserVoice
    • About Us
Powered by GitBook

Links

  • Feedback or comments?
  • Main Website

© Patch My PC 2011 - 2025

On this page
  • Description
  • Download
  • How Does it Work?
  • Data Use
  • Intune
  • Configuration Manager
  • User Experience
  • What Permissions are Required?
  • Intune
  • Configuration Manager

Was this helpful?

Export as PDF
  1. 💁‍♂️ Get Help

Return on Investment Tool

Requirements and user guide for the Patch My PC Return on Investment (ROI) tool

PreviousUpdatesNextAdvanced Insights Releases

Last updated 4 months ago

Was this helpful?

At this time the ROI Tool does not support Intune scanning for GCC High and DoD tenants

Description

The Patch My PC Return on Investment (ROI) tool helps identify the products supported in the current Patch My PC catalog which are in use in your environment.

Download

You can download the latest version of the ROI tool from the below webpage:

How Does it Work?

The ROI tool scans your Configuration Manager and/or your Intune environment for application inventory. It then compares this inventory data against our latest list of Supported Products to show you the applications we can support in your environment.

Data Use

This section will detail the data the ROI tool uses.

Intune

All of your data remains in your environment and is not shared with anyone, including Patch My PC.

When you choose Scan Intune, you will be prompted to approve an Enterprise Application (see What Permissions are Required? for more information.)

This uses delegated permissions; the Patch My PC ROI tool does not harvest any of your Intune data, and it is not stored anywhere other than in your tenant. It simply allows the tool to connect to your Intune tenant on your behalf.

After logging in, it then uses Microsoft's Graph API to retrieve the same inventory data displayed in the Discovered Apps report within the Intune console.

You read more about Intune's Discovered Apps software inventory here:

Click the below to be taken directly to your Intune tenant's Discovered Apps report:

Configuration Manager

All of your data remains in your environment and is not shared with anyone, including Patch My PC.

When you choose Scan ConfigMgr, the tool queries the below local WMI classes, assumed to be the SMS Provider in the Configuration Manager environment:

  • SMS_G_System_INSTALLED_SOFTWARE

  • SMS_G_System_ADD_REMOVE_PROGRAMS

  • SMS_G_System_ADD_REMOVE_PROGRAMS_64

User Experience

Assuming the permissions required below are satisfied, running the tool will allow the user to click on the Scan Intune or Scan ConfigMgr buttons:

The interface will update dynamically as the tool runs, showing progress as it scans all inventory. In testing the tool requires around 1 minute for every 5,000 clients.

The Your Apps tile shows the number of applications in your environment which have been found in the Patch My PC current catalog. This is the number of apps which Patch My PC could provide management of in your environment today.

The Annual Quote tile shows the list price of the license version selected, this can be Enterprise Premium (default) or Enterprise Plus.

The Annual Hours and Annual Cost savings tiles show an estimate of the impact of using Patch My PC to handle your application updates over a manual approach. The parameters used to create these estimates can be edited in the bottom right section of the tool to reflect your cost and experience.

Clicking the Request Quote or Schedule Demo buttons will take you to the Patch My PC website to complete a short form requesting one of these services. Where possible we will pass the parameters from the tool into these forms to save you some time.

What Permissions are Required?

This section will detail what permissions are required to run the ROI tool in your Intune or Configuration Manager environment.

Intune

  • Application Administrator

  • DeviceManagementManagedDevices.Read.All

To scan Intune you must accept the application's request to read your Intune data. The account approving the request must have at least the "Application Administrator" role in azure. The Tool's access to this data will only persist for as long as you keep your session open (1 hour max).

Note

You do not need to check the optional Consent on behalf of your organization checkbox, which is only visible to Global or Application administrators.

However, if you are a Global or Application administrator and want to accept the request to read the profile for all users in your tenant and prevent this message from being displayed for them, you should check it.

Either way, checking or unchecking this checkbox does not affect the ROI tool functionality.

Once you accept the permissions, you will not see this dialog box again on subsequent sign-ins.

You can click the down arrow beside each permission to get more information.

Once the app registration is approved, subsequent executions will ask for a run-as account only. This account requires, as a minimum, Intune DeviceManagementManagedDevices.Read.All rights.

Configuration Manager

  • Read-only Analyst

To scan Configuration Manager the tool must be run on your SMS Provider Server. By default, this will be your primary site or CAS. The account running the tool must have at least the "Read-only Analyst" role in Configuration Manager.

LogoFeatures and Benefits of the Patch My PC PublisherPatch My PC
LogoDiscovered apps - Microsoft IntuneMicrosoftLearn
Intune discovered apps
Microsoft Intune admin center
Intune Admin Center: Monitor | Discovered apps
The ROI Tool Scanning Configuration Manager
App registration approval request
Executing the ROI tool once the app registration is complete