3 minutes reading time (561 words)

Detect and fix Windows issues using PowerShell remediation scripts with Microsoft Endpoint Manager Proactive remediations

How to detect and fix Windows issues using PowerShell remediation scripts with Endpoint analytics Proactive remediations  

Endpoint analytics - Proactive remediations overview

  • Proactive remediations can be used to run PowerShell scripts to find and fix issues on Windows 10 computers using Microsoft Endpoint Manager (Intune)
  • You can run a PowerShell detection script to find issues on computers, and then another PowerShell script is used to fix the problem on affected machines.
  • This allows you to make configuration changes to groups of devices in your environment rather than deal with problems as individual support tickets.

Proactive remediations Requirements

  • Computers must be Azure AD joined or hybrid AAD joined
  • Devices must be managed by Intune and running Windows 10/11 Professional or Enterprise
  • Windows 10/11 Enterprise E3 or E5 license is required (included in Microsoft 365 F3, E3, or E5)

In this example, we have noticed an issue where the Windows license hasn't activated on some devices, and they are coming up with the error "Windows is not activated"

You can read more about how to solve that problem in this guide:

We will first use a detection PowerShell script to check the Windows activation status of devices.

If Windows has been activated OK the device will be "Compliant" if Windows is not activated, the device will be "Non Compliant"

Next, we will use another PowerShell remediation script to activate Windows using the firmware embedded BIOS key.

Windows Activation PowerShell detection script 

IF($licensestatus.LicenseStatus -eq "1")
    $Compliance = "Compliant"
    exit 0
    $Compliance = "NonCompliant"
    exit 1
Return $Compliance 

Windows Activation PowerShell remediation script

$ProductKey = (Get-CimInstance -ClassName SoftwareLicensingService).OA3xOriginalProductKey
$Service = get-wmiObject -query 'select * from SoftwareLicensingService'

Create Proactive remediations script package

Logon to Endpoint Manager admin center

Reports - Endpoint Analytics

Proactive remediations - create script package

Name: Windows Not Activated

Detection script file - browse for and select Windows Activation detection script

Remediation script file - browse for and select Windows remediation detection script

Run script in 64-bit PowerShell Yes

We are not using scope tags in this example - click Next

Assign the script to a test group of devices

Click Create

View remediation script progress 

Select the "Windows Not Activated Script"

From the Overview you can see the detection and remediation status

Under Device Status, you can see devices where the issue has been detected and remediated or where the issue has re-occurred


Tutorial: Proactive remediations

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 01 June 2023
You can help support this website by buying me a coffee!
Buy Me A Coffee