Skip to content
Proactive Remediation for Business
Home » "Proactive Remediation for Business"

"Proactive Remediation for Business"

With the Proactive Remediation scripts, the Endpoint Manager offers an excellent way to counteract problems proactively or to carry out tasks at intervals. Unfortunately, the function is only available with an Enterprise license (Windows 10/11 E3/5 A3/5). Since I take care of many environments that are licensed with "Microsoft 365 Business Premium", I have built a script "Proactive Remediation for Business". With this I can cover most of the functionalities that the Proactive Remediations offer us.

Table of Contents

Explanation

The script creates a scheduled task that takes over the function of the interval of the "Proactive Remediation" function. For the task I have included the functions "Once", "Hourly", "Daily" and "AtLogon". Depending on which trigger you choose, you can also define the interval more precisely.
You can choose in the distribution whether the task should be executed as a user or as a system. Both are supported.

You can make the definition in the upper area of the installation script (install.ps1):

########################################################################## # Recurence Data ########################################################################## $Schedule_Frequency = "Daily" # Once, Hourly, Daily, AtLogon $Schedule_RepeatInterval = "7" # Number (for Daily and Hourly) $Schedule_StartDate = "2023-01-30" # YYYY.MM.DD (for Once) $Schedule_StartTime = "8am" # ex 8am / 5pm (for Once, Hourly, Daily)
Code language: PowerShell (powershell)

If you distribute the script, it creates the task as defined by you and stores the detection and remediation script locally on the device. It also saves itself in the same folder with the specified package name.
If the script is then triggered by the scheduled task, it notices that a task already exists and triggers the detection script (detection.ps1). If this detects something, the remediation script (remediation.ps1) is also executed.

preparation

For the example here I use a "Proactive Remediation" logic, which detects and deletes duplicate shortcuts such as "Teams - Copy.lnk" on the desktop.

If you now want to distribute your own detection and remediation, you must adapt the following passages in the script and package:

$PackageNameHere you give the package a name. This is used for the log, the scheduled task and for the name of the script on the device.
So make sure you choose a unique name. This is especially important if you want to distribute multiple packages.
$ versionThe version allows you to update the package later.
Recurrence DataYou define the interval or the trigger in the upper part of the script, as already shown in the explanation.
detection.ps1You can replace this file with your detection script. It is important that it is terminated with exit code 1 if it is detected.
remediation.ps1You also exchange this file. This time with your remediation logic.
check.ps1You only have to adjust the version of this file for an update.

You do not have to make any further adjustments in the script or the package. An additional adjustment is only necessary if you want to distribute a new version. You then have to increase the version number in the second line in "install.ps1" and "check.ps1".

Proactive Remediation, create win32 app

Once you have completed the preparations according to the step above, you only have to convert the package into an "Intunewin" file and enter it in the Endpoint Manager / Intune.

Here are instructions for creating the "Intunewin" file: Create Win32 App / .intunewin

If you have the file, you can use the Endpoint Manager under «Apps > Windows apps» create a Win32 app and upload the file. Give the package a meaningful name, description, and publisher:

Create win32 app for Proactive Remediation

In the program settings you can set the run as "system" or "user" choose this depending on the requirements of your detection. You can always enter the following as installation and uninstallation commands.
The requirements in the next step are not very relevant, but they must be set.

Install command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -executionpolicy bypass -command .\install.ps1
Uninstall command%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -executionpolicy bypass -command .\uninstall.ps1
win32 app program settings
win32 app requirements

As a detection rule, select the "check.ps1" file as the "custom detection script".

win32 app, detection rule

You can skip the dependencies and supersedence.
Finally, all you have to do is assign the app to a target group and wait for it to be installed.

Proactive Remediation, update win32 app

Have you already distributed an app and want to adjust either the interval of the check, the detection or remediation script?
You can easily do this by going through the same steps as for the initial creation.
But it is important that you adjust the version number. You have to do this in both "install.ps" and "check.ps1".
Once you have created the ".intunewin" file, you can upload it to the existing Win32 app in the Endpoint Manager. You can leave all the settings, just upload the new detection rule (check.ps1) and you're done.

5 thoughts on “"Proactive Remediation for Business"”

  1. Pingback: wings Updates | Proactive Remediations | scloud

  2. Pingback: HP Driver Updates - Proactive Remediations | scloud

  3. Pingback: Dell Drivers with Intune and Proactive Remediations | scloud

  4. Good morning, in your blog, you indicate that Proactive Remediation for Business only works with Windows 10 Enterprise licenses, is there a possibility that it works with Windows 10 Professional licenses?

    1. The "Business" way is a separate blog and creates a Scheduled Taks, this you can use regardless the licence.

      For the MEM integrated Proactive remediations you need one of the following licenses:

    2. Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
    3. Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
    4. Windows 10/11 Virtual Desktop Access (VDA) per user

Leave a Reply

Your email address will not be published. Required fields are marked *