In this Lab video we dive into a feature of Endpoint Analytics in Microsoft Intune called “Proactive Remediations”
I give a high level overview of what Proactive Remediations are and an example of how we can use them to remediate invalid client registry settings. For the scenario presented during the lab, the clients were enabled for co-management and had a legacy GPO that had disabled Automatic Updates. The clients were internet connected and had no VPN to reach the domain for a Group Policy Update to reverse the legacy Group Policy setting. A Proactive Remediation script was an easy way to change the registry key for those internet connected clients.
Endpoint analytics (preview) documentation:- https://docs.microsoft.com/en-us/mem/analytics/
Tutorial: Proactive remediations:- https://docs.microsoft.com/en-us/mem/analytics/proactive-remediations
Scripts used in this tutorial:-
https://github.com/byteben/Windows-10/blob/master/Detect_EnableAutomaticUpdates.ps1
https://github.com/byteben/Windows-10/blob/master/EnableAutomaticUpdates.ps1
Clients require access to the following URLs to be able to send Telemetry Data to Intune:-
Intune Managed Devices:-
https://*.events.data.microsoft.com
Configuration Manager Managed Clients:-
https://graph.windows.net
https://*.manage.microsoft.com
Script TIP The PowerShell execution policy on the device can’t be set to Restricted or AllSigned
3 Real world examples where Proactive Remediations have been used:-