Description

The Patch My PC Return on Investment (ROI) tool helps identify the products supported in the current Patch My PC catalog which are in use in your environment.

Download

You can download the latest version of the ROI tool from the below webpage:

How Does it Work?

The ROI tool scans your Configuration Manager and/or your Intune environment for application inventory. It then compares this inventory data against our latest list of Supported Products to show you the applications we can support in your environment.

Data Use

This section will detail the data the ROI tool uses.

Intune

All of your data remains in your environment and is not shared with anyone, including Patch My PC.

When you choose Scan Intune, you will be prompted to approve an Enterprise Application (see What Permissions are Required? for more information.)

This uses delegated permissions; the Patch My PC ROI tool does not harvest any of your Intune data, and it is not stored anywhere other than in your tenant. It simply allows the tool to connect to your Intune tenant on your behalf.

After logging in, it then uses Microsoft's Graph API to retrieve the same inventory data displayed in the Discovered Apps report within the Intune console.

You read more about Intune's Discovered Apps software inventory here:

Click the below to be taken directly to your Intune tenant's Discovered Apps report:

Configuration Manager

All of your data remains in your environment and is not shared with anyone, including Patch My PC.

When you choose Scan ConfigMgr, the tool queries the below local WMI classes, assumed to be the SMS Provider in the Configuration Manager environment:

• SMS_G_System_INSTALLED_SOFTWARE

• SMS_G_System_ADD_REMOVE_PROGRAMS

• SMS_G_System_ADD_REMOVE_PROGRAMS_64

User Experience

Assuming the permissions required below are satisfied, running the tool will allow the user to click on the Scan Intune or Scan ConfigMgr buttons:

The interface will update dynamically as the tool runs, showing progress as it scans all inventory. In testing the tool requires around 1 minute for every 5,000 clients.

The Your Apps tile shows the number of applications in your environment which have been found in the Patch My PC current catalog. This is the number of apps which Patch My PC could provide management of in your environment today.

The Annual Quote tile shows the list price of the license version selected, this can be Enterprise Premium (default) or Enterprise Plus.

The Annual Hours and Annual Cost savings tiles show an estimate of the impact of using Patch My PC to handle your application updates over a manual approach. The parameters used to create these estimates can be edited in the bottom right section of the tool to reflect your cost and experience.

Clicking the Request Quote or Schedule Demo buttons will take you to the Patch My PC website to complete a short form requesting one of these services. Where possible we will pass the parameters from the tool into these forms to save you some time.

What Permissions are Required?

This section will detail what permissions are required to run the ROI tool in your Intune or Configuration Manager environment.

Intune

• Application Administrator

• DeviceManagementManagedDevices.Read.All

To scan Intune you must accept the application's request to read your Intune data. The account approving the request must have at least the "Application Administrator" role in azure. The Tool's access to this data will only persist for as long as you keep your session open (1 hour max).

Once the app registration is approved, subsequent executions will ask for a run-as account only. This account requires, as a minimum, Intune DeviceManagementManagedDevices.Read.All rights.

Configuration Manager

• Read-only Analyst

To scan Configuration Manager the tool must be run on your SMS Provider Server. By default, this will be your primary site or CAS. The account running the tool must have at least the "Read-only Analyst" role in Configuration Manager.