I was thrilled when I heard that Microsoft worked on proactive remediation (Windows Analytics) feature in Endpoint manager. Our customers with workplaces that are fully managed by the Cloud have been waiting for this feature. Many workplace engineers are familiar with this feature because they used it before via System Center Configuration Manager. If remediation scripts are new for you, I describe this capability as the feature where workplace engineers create detection scripts to validate if a particular setting is configured according to the organization’s requirement. Followed by a remediation script that repairs the setting(s) automatically if it deviates.
My goal is to inspire you to explore the proactive remediation capability with some examples that I created to give you a quick start. Our customers especially appreciate the one where double Edge- and Teams-shortcuts are removed automatically from the desktop.
Remove double Edge and Microsoft Teams shortcuts from the desktop
To avoid data leakage, I always configure the OneDrive for Business client to sync and enable the feature Known Folder Move (KFM). The result is that the desktop folder redirects to OneDrive automatically. A very user-friendly feature to avoid data loss. However, there is a big downside to it: it also redirects shortcuts like Edge and Teams. In the pilot phase of a modern workplace project, each workplace engineer pretty much asked me how to avoid the double shortcuts. I have created a detection script that you can download below. It finds the double shortcuts on a desktop and removes them automatically.
Turn off Flash and Java for Adobe reader DC
Applications like Adobe Reader DC are often installed as a required application, or the users can install applications themselves. It can be risky if the default settings of the applications are not secure. Via Endpoint Analytics, you can detect if an application is installed and enforce a secure configuration. By default, Adobe Reader DC enables the feature of Java and Flash. You can download the scripts below to detect if Adobe Reader is installed and how it is configured. If Java or Flash is not disabled, the remediation script disables them immediately.
Hardening the workplace via MDATP – Device security recommendations (Application Guard)
Microsoft Defender Advanced Threat Protection (MDATP) reports security recommendations. For the majority of the recommendations, MDM settings are available to configure it securely. However, you must be careful to adopt the recommendations. If you enable the application guard via an Intune Endpoint, it will result in an unexpected scheduled reboot (10 minutes).
You can avoid this by using Intune proactive remediation scripts package. The detection script checks if the feature is enabled. If not the remediation script enables the feature via the PowerShell command “Enable-WindowsOptionalFeature” and suppresses the restart via the -norestart switch.
Tutorial proactive remediation
Microsoft published a tutorial on docs.microsoft.com where you can read more details about the prerequisites for proactive remediation, how to create the script packages, and monitor the results.
What are you going to do with the Endpoint Analytics proactive remediation scripts?
The three examples above are a starting point to explore the capabilities of Intune Windows analytics proactive remediation yourself. There are many more scenarios where this capability can solve technical issues automatically. I want to challenge you to share your thoughts and scenarios with us to increase the community’s examples. See the Github Repos