Let’s have a comparison between Intune proactive remediation scripts vs PowerShell scripts features. The proactive remediations script helps to detect and fix common support issues on a device. The Powershell scripts help to complete a specific task.
Microsoft program manager II Avi Prasad mentioned the difference between the features of Intune proactive remediation scripts and PowerShell scripts on Twitter. I thought this topic would be useful for many IT admins who work in the modern device management world.
Let’s check whether it’s good to combine PowerShell scripts and Proactive remediations to better admin experience in the Intune (a.k.a MEM) portal. I think Avi is trying to get more feedback from the community on this topic. I think it’s a good idea to combine both.
Intune Proactive Remediation Script
Let’s check what are the important features of the remediation script workflow in Intune? Learn how to start deploying Intune remediation scripts from the following post. Deploy Proactive Remediation Script Using Intune | Easy Method | Microsoft Endpoint Manager.
The script content preview option is available for detection script and remediation script. I think the remediation script has similar logic as Configuration Items and Baselines in ConfigMgr.
The main difference between the PowerShell script and the remediation script is the scheduling option. I think it would be constructive if Microsoft can include the scheduling options for PowerShell. The following are the scheduling frequency options:
- Once (no-rerun – Similar to PowerShell script).
- Hourly – Rerun the script on customizable hourly intervals.
- Daily – Rerun the script on customizable daily intervals.
NOTE! – Create a schedule for this script to run on devices in the group.
Intune will attempt to run the remediation script at the scheduled time, similar to SCCM. If Intune can’t reach the device, it will try to rerun the script when the device comes back online.
- TIme -> 12:00:00 AM.
- Use UTC -> The default value is disable.
PowerShell Script Options
The Intune PowerShell script options are minimal. You can more details about Best Way To Deploy Powershell Script Using Intune | Endpoint Manager. The following are three main features of the PowerShell script.
- Run this script using the logged on credentials.
- Enforce script signature check.
- Run script in 64 bit PowerShell Host.
Proactive Remediation Scripts Vs PowerShell Scripts
Avi Prasad kindly shared a comparison sheet between proactive remediations vs. MEM PowerShell scripts. It seems, Microsoft did some analysis and realized that Proactive Remediations is a superset of the PowerShell scripts feature.
NOTE! – Proactive remediation is included only with Microsoft 365 Business Premium licenses. The following are the licenses that include remediation script Enterprise Mobility + Security E3 or higher and Microsoft 365 Enterprise E3 or higher.
|Feature||Proactive Remediations||MEM PowerShell Scripts|
|64-bit PowerShell support||Yes||Yes|
|Run using logged-on creds||Yes||Yes|
|Script content preview||Yes||No|
- Intune Logs in Windows PCs Location Details How to Collect Diagnostic Reports
- List of Intune Settings Catalog Policies