Intune Proactive Remediation Scripts Vs PowerShell Scripts

Let’s have a comparison between Intune proactive remediation scripts vs PowerShell scripts features. The proactive remediations script helps to detect and fix common support issues on a device. The Powershell scripts help to complete a specific task.

Microsoft program manager II Avi Prasad mentioned the difference between the features of Intune proactive remediation scripts and PowerShell scripts on Twitter. I thought this topic would be useful for many IT admins who work in the modern device management world.

Let’s check whether it’s good to combine PowerShell scripts and Proactive remediations to better admin experience in the Intune (a.k.a MEM) portal. I think Avi is trying to get more feedback from the community on this topic. I think it’s a good idea to combine both.

Intune Proactive Remediation Script

Let’s check what are the important features of the remediation script workflow in Intune? Learn how to start deploying Intune remediation scripts from the following post. Deploy Proactive Remediation Script Using Intune | Easy Method | Microsoft Endpoint Manager.

Patch My PC

The script content preview option is available for detection script and remediation script. I think the remediation script has similar logic as Configuration Items and Baselines in ConfigMgr.

Intune Proactive Remediation Scripts Vs PowerShell Scripts
Intune Proactive Remediation Scripts Vs. PowerShell Scripts

The main difference between the PowerShell script and the remediation script is the scheduling option. I think it would be constructive if Microsoft can include the scheduling options for PowerShell. The following are the scheduling frequency options:

  • Once (no-rerun – Similar to PowerShell script).
  • Hourly – Rerun the script on customizable hourly intervals.
  • Daily – Rerun the script on customizable daily intervals.

NOTE! – Create a schedule for this script to run on devices in the group.

1E Nomad
Intune Proactive Remediation Scripts Vs PowerShell Scripts
Intune Proactive Remediation Scripts Vs. PowerShell Scripts

Intune will attempt to run the remediation script at the scheduled time, similar to SCCM. If Intune can’t reach the device, it will try to rerun the script when the device comes back online.

  • TIme -> 12:00:00 AM.
  • Use UTC -> The default value is disable.
Intune Proactive Remediation Scripts Vs PowerShell Scripts
Intune Proactive Remediation Scripts Vs. PowerShell Scripts

PowerShell Script Options

The Intune PowerShell script options are minimal. You can more details about Best Way To Deploy Powershell Script Using Intune | Endpoint Manager. The following are three main features of the PowerShell script.

  • Run this script using the logged on credentials.
  • Enforce script signature check.
  • Run script in 64 bit PowerShell Host.
Intune Proactive Remediation Scripts Vs PowerShell Scripts
Intune Proactive Remediation Scripts Vs. PowerShell Scripts

Proactive Remediation Scripts Vs PowerShell Scripts

Avi Prasad kindly shared a comparison sheet between proactive remediations vs. MEM PowerShell scripts. It seems, Microsoft did some analysis and realized that Proactive Remediations is a superset of the PowerShell scripts feature.

Intune Proactive Remediation Scripts Vs PowerShell Scripts
Intune Proactive Remediation Scripts Vs. PowerShell Scripts

NOTE! – Proactive remediation is included only with Microsoft 365 Business Premium licenses. The following are the licenses that include remediation script Enterprise Mobility + Security E3 or higher and Microsoft 365 Enterprise E3 or higher.

FeatureProactive RemediationsMEM PowerShell Scripts
64-bit PowerShell supportYesYes
Signature checksYesYes
Run using logged-on credsYesYes
Scope TagsYes?Yes
Frequency SchedulingYesNo
Time SchedulingYesNo
Script content previewYesNo

Resources

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.