You can help support this website by buying me a coffee!
3 minutes reading time
(561 words)
Detect and fix Windows issues using PowerShell remediation scripts with Microsoft Endpoint Manager Proactive remediations
How to detect and fix Windows issues using PowerShell remediation scripts with Endpoint analytics Proactive remediations
Endpoint analytics - Proactive remediations overview
- Proactive remediations can be used to run PowerShell scripts to find and fix issues on Windows 10 computers using Microsoft Endpoint Manager (Intune)
- You can run a PowerShell detection script to find issues on computers, and then another PowerShell script is used to fix the problem on affected machines.
- This allows you to make configuration changes to groups of devices in your environment rather than deal with problems as individual support tickets.
Proactive remediations Requirements
- Computers must be Azure AD joined or hybrid AAD joined
- Devices must be managed by Intune and running Windows 10/11 Professional or Enterprise
- Windows 10/11 Enterprise E3 or E5 license is required (included in Microsoft 365 F3, E3, or E5)
Proactive remediations does work with Microsoft 365 Business Premium licenses
In this example, we have noticed an issue where the Windows license hasn't activated on some devices, and they are coming up with the error "Windows is not activated"
You can read more about how to solve that problem in this guide:
SOLVED: We can't activate Windows on this device as we can't connect to your organization's activation server. Error code 0x8007007B - TechLabs
SOLVED: How to fix Windows activation error code 0x8007007B. Check firmware embedded OEM key and activate Windows digital license using PowerShell
We will first use a detection PowerShell script to check the Windows activation status of devices.
If Windows has been activated OK the device will be "Compliant" if Windows is not activated, the device will be "Non Compliant"
Next, we will use another PowerShell remediation script to activate Windows using the firmware embedded BIOS key.
Windows Activation PowerShell detection script
IF($licensestatus.LicenseStatus -eq "1")
{
$Compliance = "Compliant"
exit 0
}
Else
{
$Compliance = "NonCompliant"
exit 1
}
Return $Compliance
Windows Activation PowerShell remediation script
$ProductKey = (Get-CimInstance -ClassName SoftwareLicensingService).OA3xOriginalProductKey $Service = get-wmiObject -query 'select * from SoftwareLicensingService' $Service.InstallProductKey($ProductKey) $Service.RefreshLicenseStatus()
Create Proactive remediations script package
Logon to Endpoint Manager admin center
https://endpoint.microsoft.com
Reports - Endpoint Analytics
Proactive remediations - create script package
Name: Windows Not Activated
Detection script file - browse for and select Windows Activation detection script
Remediation script file - browse for and select Windows remediation detection script
Run script in 64-bit PowerShell Yes
You can run just the detection script first to see how many computers are affected by the issue
We are not using scope tags in this example - click Next
Assign the script to a test group of devices
You can change the schedule from Daily to Hourly
Click Create
View remediation script progress
Select the "Windows Not Activated Script"
From the Overview you can see the detection and remediation status
Under Device Status, you can see devices where the issue has been detected and remediated or where the issue has re-occurred
Reference:
Tutorial: Proactive remediations
by Author
https://docs.microsoft.com/en-us/mem/analytics/proactive-remediations
Comments