Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager

by

Let’s how to Deploy Proactive Remediation Script using Intune. First of all, you need to make sure that Tenant Attach and Endpoint Analytics are enabled for the SCCM environment. There are built-in script packages you can use to get started with Proactive remediations.

You can refer to the prerequisites of the proactive remediation script before the start the following activity. Proactive remediations are script packages from the Intune portal that can detect and fix common support issues on a user’s device before they even realize there’s a problem.

Endpoint Analytics Remediation Scripts - Deploy built-in script packages
Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 9

Built-in Script Packages

Let’s understand the built-in scripts available while writing this post. I will try to keep this updated. I will community to use the comments section to notify the availability of new built-in scripts in the portal.

While writing the post, the following Proactive Remediation Script Packages are available in the Intune portal.

Patch My PC
  • Update stale Group Policies – Stale Group Policies can lead to helpdesk tickets related to connectivity and internal resource access.
  • Restart Office Click-to-run service – When the Click-to-run service is stopped, Office apps fail to start leading to helpdesk calls.
Deploy Proactive Remediation Script Packages | Built-in | SCCM
Deploy Proactive Remediation Script Packages | Built-in | SCCM

Background

The Microsoft Intune Management Extension is the agent that helps Intune to deploy Proactive Remediation Script Packages. The IME service gets the scripts from Intune and runs them on Windows 10 co-managed devices (SCCM + Intune).

The scripts are rerun every 24 hours by default. The following built-in script packages just need to be assigned to the device groups from Intune.

Deploy

Let’s check Proactive Remediation Script Packages steps in the below section:

1E Nomad
  • Launch endpoint.mirosoft.com portal
  • Navigate to Reports Endpoint Analytics
  • Click on Proactive Remediation
  • Click on the built-in scriptRestart stopped Office C2R svc
  • Click on Properties
  • Navigate to the Assignment section and click on Edit to deploy the built-in Proactive Remediation Script Package called Restart stopped Office C2R svc.
Proactive Remediation Script Packages
Proactive Remediation Script Packages – Deploy Proactive Remediation Script Packages | Built-in | SCCM
  • You can either deploy script package to all Devices or all users.
  • You also have an option to select any Azure AD custom groups using + Select Groups to Include option.

NOTE!Include or Exclude either device groups or user groups. Don’t mix user and device groups across include and exclude assignments.

Deploy Proactive Remediation Script Packages | Built-in | SCCM
Deploy Proactive Remediation Script Packages | Built-in | SCCM
  • Select groups include:
    • Click on the Select button after selecting a particular AAD Group.
    • Click Review + Save button.
Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 1
Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 10
  • Click on Save button to complete the deployment process.
Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 2
Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 11

Scripts

Let’s check detection and remediation scripts in the below section of the post. You can check the detection and remediation scripts from the settings section of proactive remediation script package.

Deploy Proactive Remediation Script Packages | Built-in | SCCM
Deploy Proactive Remediation Script Packages | Built-in | SCCM

Detection Script for Restart stopped Office C2R svc!

=============================================================================================================================
#
Script Name: DetectClickToRunServicecState.ps1
Description: Purpose of this script is to detect if Office 16 installed and further if "Click to Run Service" is running
Notes: No variable substitution should be necessary
#
=============================================================================================================================
Define Variables
$curSvcStat,$svcCTRSvc,$errMsg = "","",""
Main script
If (-not (Test-Path -Path 'hklm:\Software\Microsoft\Office\16.0')){
Write-Host "Office 16.0 (or greater) not present on this machine"
exit 0
}
Try{
$svcCTRSvc = Get-Service "ClickToRunSvc"
$curSvcStat = $svcCTRSvc.Status
}
Catch{
$errMsg = $_.Exception.Message
Write-Error $errMsg
exit 1
}
If ($curSvcStat -eq "Running"){
Write-Output $curSvcStat
exit 0
}
Else{
If($curSvcStat -eq "Stopped"){
Write-Output $curSvcStat
exit 1
}
Else{
Write-Error "Error: " + $errMsg
exit 1
}
}
SIG # Begin signature block
#Signature Removed - But will be available in the Intune portal.
SIG # End signature block

Remediation Script for Restart stopped Office C2R svc!

=============================================================================================================================
#
Script Name: RemediateClickToRunServiceState.ps1
Description: Purpose of this script is to start the "Click to Run Service" and change its startup type to Automatic
Notes: No variable substitution needed
#
=============================================================================================================================
Define Variables
$svcCur = "ClickToRunSvc"
$curSvcStat,$svcCTRSvc,$errMsg = "","",""
$ctr = 0
First, let's make sure nothing has changed since detection and service exists and is stopped
Try{
$svcCTRSvc = Get-Service $svcCur
$curSvcStat = $svcCTRSvc.Status
}
Catch{
$errMsg = $_.Exception.Message
Write-Error $errMsg
Exit 1
}
If the service got started between detection and now (nested if) then return
If the service got uninstalled or corrupted between detection and now (else) then return the "Error: " + the error
If ($curSvcStat -ne "Stopped"){
If ($curSvcStat -eq "Running"){
Write-Output "Running"
Exit 0
}
Else{
Write-Error $errMsg
Exit 1
}
}
Okay, the service should be there and be stopped, we'll change the startup type and get it running
Try{
Set-Service $svcCur -StartupType Automatic
Start-Service $svcCur
$svcCTRSvc = Get-Service $svcCur
$curSvcStat = $svcCTRSvc.Status
While ($curSvcStat -eq "Stopped"){
Start-Sleep -Seconds 5
ctr++
if(ctr -eq 12){
Write-Output "Service could not be started after 60 seconds"
Exit 1
}
}
}
Catch{
$errMsg = $_.Exception.Message
Write-Error $errMsg
Exit 1
}
SIG # Begin signature block
#Removed the Signature
SIG # End signature block

Results

You can check the results of the remediation script from the below section of the Intune portal. You can check the overview & Device status tab to check the results.

Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 3
Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager 12

NOTE! – This gives information about how your script package is performing and the health of your devices. The scripts run according to your defined scheduling preferences. The detection bar chart reflects the returned value from the detection script while the remediation bar chart describes the remediation script output.

Resources

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.