Contact Us Get Free Products
Search icon Contact Us Get Free Products
Intune

How to use Intune Remediation script

Benoit LecoursMarch 19 20243 Min Read

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.

Benoit Lecours

President
Table of Content
SCD Collaborators

A feature that was somewhat hidden under the wrong location is finally rising. Intune remediation script, formerly known as ProActive Remediation, can automate tasks in your environment based on the result of a check. PowerShell scripting knowledge is needed as this is fully customizable to your needs.

In this post, we will describe how to use Intune’s Remediation script with an example to uninstall an application based on the detection script.

Prerequisites

  • The device must be enrolled in Intune
  • The device must be Entra ID joined or Entra Hybrid joined
  • Users of the device must have one of the following license
  • Co-managed devices with Configuration Manager (MECM)

Note that the documentation is somewhat confusing about the Windows Enterprise/Education requirement.

For more details about the prerequisites, see Microsoft Learn.

Create Intune Detection script

Before diving into Intune portal, we need to create the scripts for the detection and the remediation of the configurations we want to validate and fix.

The main purpose of the detection script is to evaluate the status of a particular configuration. The Powershell script should be built with 2 exit strategies.

  • Returning 0 when the device is compliant with the configuration.
  • Returning 1 when the device is NOT compliant with the configuration.

When the script ends up in error(1 exit code), the Remediation script will be triggered to correct the configuration.

As an example, here a code to evaluate if the application TightVNC is installed, no matter the version, with the goal to uninstall it. Notice the Exit 1 and Exit 0. These will define if the device is compliant or need remediation

$app = Get-WmiObject -Class Win32_Product -Filter “Name = ‘TightVNC'”
if($app.Name -eq “TightVNC”)
{
Write-host “tightVNC found. Trigger Remediation script to uninstall”
Exit 1
}
else
{
Write-host “tightVNC not found. Computer is compliant”
Exit 0
}

Create Intune Remediation script

The main purpose of this Remediation script is to correct a configuration that isn’t compliant, based on the return of the detection script. There isn’t a particular return code needed for this script. Once it runs, the Detection script will re-evaluate the status of a device to determine it is now compliant.

As an example, here a code to uninstall the application TightVNC is installed, no matter the version.

$app = Get-WmiObject -Class Win32_Product -Filter “Name = ‘TightVNC'”
$app.Uninstall()

Intune Remediation script

  • To create a new Remediation script, go to the Intune portal, Devices/Remediation, and click on Create script package
  • Click on Create script package, and input the name of the script.
  • Provide both Powershell scripts files.
  • Additional options are available for your scripts. they are pretty self-explanatory
  • Set the Scope tag if needed.
  • When selecting the assignment group, pay special attention to the schedule. This will be the frequency of the check

Reporting Remediations

The default view provides quick details of the progress of a remediation script.

Looking into the details of a specifc remediation script.

And finally per device status.

As anything Intune, be patient for reporting to show up!

Built-in Remediation scripts

Microsoft provides 2 built-in scripts.

  • Update Stale Group policies
    • Help force a refresh of GPOs if it hasn’t happened within the last 7 days.
  • Restart Office Click-to-run service.
    • Ensure that the Click-to-run service is running.

For more details about the built-in Remediation script, see Microsoft Learn

Microsoft also provides many Powershell script examples, that can be found here.

Run Remediation on-Demand (Preview)

this is a new feature that allows Intune admin to run Remediation on a specific device. It currently supports doing it on a single device at a time.

  • Select a device, and choose Run Remediation
  • Select which Remediation to run, and voila!

For more details about the Intune Remediation script, see Microsoft Learn.

Intune Powershell ProActive Remediation Remediation
SCD Collaborators
Comments (0)
Related posts
Benoit LecoursMarch 27 20242 Min Read
Block USB Drive using Intune

Personnal USB drives connected to work computers is a bit risky. Anyone could copy important stuff...

Intune
Benoit LecoursMarch 02 20242 Min Read
Uninstall Intune app on Windows devices

Since Intune 2307, Intune administrator has the new capability to uninstall applications directly...

Intune
Benoit LecoursFebruary 28 20243 Min Read
How to manage Google Chrome with Intune

Google Chrome is one of the most widely used web browsers in the world. It is known for its speed,...

Intune
Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for your request. You will receive an email with more details. Take note that we normally work from Monday to Friday. We will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!