Deploy Proactive Remediation Script using Intune | Easy Method | Microsoft Endpoint Manager

Let’s how to Deploy Proactive Remediation Script using Intune. First of all, you need to make sure that Tenant Attach and Endpoint Analytics are enabled for the SCCM environment. There are built-in script packages you can use to get started with Proactive remediations.

You can refer to the prerequisites of the proactive remediation script before the start the following activity. Proactive remediations are script packages from the Intune portal that can detect and fix common support issues on a user’s device before they even realize there’s a problem.

Built-in Script Packages

Let’s understand the built-in scripts available while writing this post. I will try to keep this updated. I will community to use the comments section to notify the availability of new built-in scripts in the portal.

While writing the post, the following Proactive Remediation Script Packages are available in the Intune portal.

• Update stale Group Policies – Stale Group Policies can lead to helpdesk tickets related to connectivity and internal resource access.
• Restart Office Click-to-run service – When the Click-to-run service is stopped, Office apps fail to start leading to helpdesk calls.

Background

The Microsoft Intune Management Extension is the agent that helps Intune to deploy Proactive Remediation Script Packages. The IME service gets the scripts from Intune and runs them on Windows 10 co-managed devices (SCCM + Intune).

The scripts are rerun every 24 hours by default. The following built-in script packages just need to be assigned to the device groups from Intune.

Deploy

Let’s check Proactive Remediation Script Packages steps in the below section:

• Launch endpoint.mirosoft.com portal
• Navigate to Reports – Endpoint Analytics
• Click on Proactive Remediation
• Click on the built-in script – Restart stopped Office C2R svc
• Click on Properties
• Navigate to the Assignment section and click on Edit to deploy the built-in Proactive Remediation Script Package called Restart stopped Office C2R svc.

• You can either deploy script package to all Devices or all users.
• You also have an option to select any Azure AD custom groups using + Select Groups to Include option.

NOTE! – Include or Exclude either device groups or user groups. Don’t mix user and device groups across include and exclude assignments.

• Select groups include:
  • Click on the Select button after selecting a particular AAD Group.
  • Click Review + Save button.

• Click on Save button to complete the deployment process.

Scripts

Let’s check detection and remediation scripts in the below section of the post. You can check the detection and remediation scripts from the settings section of proactive remediation script package.

Detection Script for Restart stopped Office C2R svc!

=============================================================================================================================
#
Script Name: DetectClickToRunServicecState.ps1
Description: Purpose of this script is to detect if Office 16 installed and further if "Click to Run Service" is running
Notes: No variable substitution should be necessary
#
=============================================================================================================================
Define Variables
$curSvcStat,$svcCTRSvc,$errMsg = "","",""
Main script
If (-not (Test-Path -Path 'hklm:\Software\Microsoft\Office\16.0')){
Write-Host "Office 16.0 (or greater) not present on this machine"
exit 0
}
Try{
$svcCTRSvc = Get-Service "ClickToRunSvc"
$curSvcStat = $svcCTRSvc.Status
}
Catch{
$errMsg = $_.Exception.Message
Write-Error $errMsg
exit 1
}
If ($curSvcStat -eq "Running"){
Write-Output $curSvcStat
exit 0
}
Else{
If($curSvcStat -eq "Stopped"){
Write-Output $curSvcStat
exit 1
}
Else{
Write-Error "Error: " + $errMsg
exit 1
}
}
SIG # Begin signature block
#Signature Removed - But will be available in the Intune portal.
SIG # End signature block

Remediation Script for Restart stopped Office C2R svc!

=============================================================================================================================
#
Script Name: RemediateClickToRunServiceState.ps1
Description: Purpose of this script is to start the "Click to Run Service" and change its startup type to Automatic
Notes: No variable substitution needed
#
=============================================================================================================================
Define Variables
$svcCur = "ClickToRunSvc"
$curSvcStat,$svcCTRSvc,$errMsg = "","",""
$ctr = 0
First, let's make sure nothing has changed since detection and service exists and is stopped
Try{
$svcCTRSvc = Get-Service $svcCur
$curSvcStat = $svcCTRSvc.Status
}
Catch{
$errMsg = $_.Exception.Message
Write-Error $errMsg
Exit 1
}
If the service got started between detection and now (nested if) then return
If the service got uninstalled or corrupted between detection and now (else) then return the "Error: " + the error
If ($curSvcStat -ne "Stopped"){
If ($curSvcStat -eq "Running"){
Write-Output "Running"
Exit 0
}
Else{
Write-Error $errMsg
Exit 1
}
}
Okay, the service should be there and be stopped, we'll change the startup type and get it running
Try{
Set-Service $svcCur -StartupType Automatic
Start-Service $svcCur
$svcCTRSvc = Get-Service $svcCur
$curSvcStat = $svcCTRSvc.Status
While ($curSvcStat -eq "Stopped"){
Start-Sleep -Seconds 5
ctr++
if(ctr -eq 12){
Write-Output "Service could not be started after 60 seconds"
Exit 1
}
}
}
Catch{
$errMsg = $_.Exception.Message
Write-Error $errMsg
Exit 1
}
SIG # Begin signature block
#Removed the Signature
SIG # End signature block

Results

You can check the results of the remediation script from the below section of the Intune portal. You can check the overview & Device status tab to check the results.

NOTE! – This gives information about how your script package is performing and the health of your devices. The scripts run according to your defined scheduling preferences. The detection bar chart reflects the returned value from the detection script while the remediation bar chart describes the remediation script output.

Resources

• Intune MEM Endpoint Analytics with Joy | Learn and Discover #1
• Microsoft Docs – Tenant attach Onboard Configuration Manager clients to Microsoft Defender ATP from the admin center (preview).
• Microsoft Docs – Tenant attach: Deploy endpoint security Antivirus policy from the admin center (preview).
• Microsoft Docs – Settings for Microsoft Defender Antivirus policy for tenant attached devices in Microsoft Intune.