Detecting and reporting Zscaler Client Connector and Zscaler Private Access status using PowerShell and Intune

October 12, 2024

If you use Zscaler products then you would also like to have a full visibility over it's status on the endpoints.

The information is easy to get from the registry, details available in Zscaler documentation Zscaler Client Connector: Windows Registry Keys

The plan is to:

  1. get the Zscaler status from the registry using a PowerShell script and send the data to a Power Automate Flow
  2. deploy the script as an Intune Platform script

1. PowerShell script to detect the Zscaler tunnel status and report to a Power Automate Flow:

The script can ignore specific accounts, sleep to avoid false positives and send the result to a Power Automate Flow to be processed further.

Ignoring specific accounts:

# ignoring specific accounts, adapt on your needs or comment out


$ignoredUsers = @(
    'accountId1',
    'accountId2'
)


if ($env:username -in $ignoredUsers){ exit }

Detecting if Zscaler is installed:

try
{
    $ZscalerApp = Get-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -eq "Zscaler" }
}
catch
{
    $body = @{
        "hostname" = $env:computername;
        "username" = $env:username;
        "version" = "NA";
        "Zscaler_status" = "error getting Zscaler info";
    }
}

If Zscaler is installed, sleep to wait for the Zscaler connector to finish loading, get the status and the connector version.

if($null -ne $ZscalerApp)
{
    $ZscalerAppVersion = $ZscalerApp.DisplayVersion


    # starting a Sleep to try to prevent script triggering before Zscaler is loaded and report false positives
    Start-Sleep -Seconds 180


    try
    {
        $ZscalerAppTunnelStatus = (Get-ItemProperty -Path "HKCU:\SOFTWARE\Zscaler\App" -Name "ZWS_State" -ErrorAction Stop).ZWS_State


        $body = @{
            "hostname" = $env:computername;
            "username" = $env:username;
            "version" = [string]$ZscalerAppVersion;
            "Zscaler_status" = $ZscalerAppTunnelStatus;
        }
    }
    catch
    {
        $body = @{
            "hostname" = $env:computername;
            "username" = $env:username;
            "version" = [string]$ZscalerAppVersion;
            "Zscaler_status" = "error getting tunnel status";
        }
    }
   
}
else
{
    $body = @{
        "hostname" = $env:computername;
        "username" = $env:username;
        "version" = "NA";
        "Zscaler_status" = "Zscaler not installed or old version";
    }
}

Report the results to Power Automate Flow:

Invoke-WebRequest -Method 'Post' -Uri 'URL generated from Power Automate Flow' -Body ($body|ConvertTo-Json) -ContentType "application/json"

Creating the Power Automate Flow:

Create a new Automated cloud flow and give it a name.

Add a trigger of type Request, Method POST. Depending on your needs you should adapt the permissions of who can trigger the flow. In this example I will set it as Anyone. Provide the JSON schema based on the script details, the below schema is working only for the script from this article. If you adapt the script please update the JSON schema as well.

Add actions to the flow based on your specific needs. This step can include sending an email notification, updating an Excel file, etc.

2. deploy the script as an Intune Platform script:

In Intune Admin Center go to Devices - Scripts and remediations - Platform scripts and add a script:

Intune will start pushing the script and you should start receiving reports based on the actions defined in the Power Automate Flow.

Project available on GitHub.

Featured image created with Grok.

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.