MDM Essentials 2 - Proactive remediations
When you need to monitor for a specific issue and correct it when it occurs (or re-occurs) Microsoft Intune has got your back with Proactive remediations. Learning how, and when, to use them will give you more options when planning to fix highly specific configuration issues.
Though they have some shortcomings (it takes quite a long time for them to be first applied after assignment!), they come with a neat little interface to make you look smart in front of the bosses when you need to provide some statistics.
Warning - this is a licensed feature. You’ll be prompted to tick a box confirming that you understand the licensing agreement when you first open the page:
Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Windows 10/11 Virtual Desktop Access (VDA) per user
You can find the proactive remediations section buried in an avalanche of sub-menus, under:
Reports -> Analytics -> Endpoint Analytics -> Reports -> Proactive Remediations
Example Proactive remediations
Every time I start a new contract I’m left wishing for my old proactive remediation scripts. I thought I’d solve that by publishing a selection of examples for you and I to download and adapt.
Hopefully these are a good starting point. Check out the Useful Resources section below for more information and guidance on setting up your first proactive remediations.
Please note that these scripts are provided as examples, and as templates for your use. The subject matter they pretend to resolve is topical (such as PrintNightmare) for flavour, and should not be taken as as guidance or advice on how to fix these issues.
Detect / remediate scripts for a single registry value:
Detect-PrintNightmare.ps1
Remediate-PrintNightmare.ps1
Detect / remediate scripts for enforcing PowerShell execution policy to ‘Restricted’:
Detect-ExecutionPolicy.ps1
Remediate-ExecutionPolicy.ps1
Detect / remediate scripts for removing a user installed application (living in AppData):
Detect-FirefoxUserInstall,ps1
Remove-FirefoxUserInstall.ps1
(sorry Firefox! You are such a good example to work with!)
Now that you’ve got some examples - get out there and get imaginative. Remember that you have an awful lot of flexibility in how you Detect-script and Remediate-script. Make sure you think through what you are looking for, and getting the right ‘Exit’ codes at each part of your testing.