In this series on Endpoint Analytics we explore the different reports and possibilities that Endpoint Analytics currently offers. In Part 1 we discussed the advantages of XLA over SLA, how to enable Endpoint Analytics and onboard Intune clients using a data collection policy. In Part 2 we had have a closer looks at Startup Performance, the first of three areas that Endpoint Analytics provides insight into. In this post (Part 3) we will demonstrate how Proactive Recommendations can be used to check and remediate settings whether the need comes from a security vulnerability, audit or other concern. For those familiar with Configuration Manager, Proactive Remediation is a similar concept to Configuration Baselines.
Contents
Related Posts:
- Part 1 – Getting Started with Endpoint Analytics
- Part 2 – Startup Performance
- Part 3 – Proactive Remediation’s (this post)
- Part 4 – Recommended Software
- Part 5 – Restart Frequency
Prerequisites
Unlike the other reports in Endpoint Analytics, Proactive Remediation’s requires that you confirm that one of the following licenses is present in your tenant. The Intune Service Administrator role is required to confirm the license requirement.
- Windows 10 Enterprise E3 / E5
- Windows 10 Education A3 / A5
- Microsoft 365 F3 / E3 / E5 / A3 / A5
- Windows Virtual Desktop Access E3 / E5
Once the license confirmation is completed, allow 1-2 minutes for the setup to complete.
Default Packages
There should be two Microsoft packages that are available to deploy. The first makes sure that the Click To Run (C2R) service used in Microsoft 365 Apps for Enterprise/Business is set to Automatic, and will try to start it if stopped. The second attempts to update Group Policy if the last Group Policy refresh was more than 7 days ago. Deploy these packages if you like, we will make our custom package in the next section.
Detection Script
As an example we will use Proactive Remediation’s to check if Windows 10 Fast Startup is enabled on our clients and disable it if needed. Fast Startup is something that many organizations tend to disable as the computer does not do a complete shutdown when enabled.
Our first task is to construct a PowerShell script that will detect if the desired setting is correctly configured or not. Adjust the script below to match your needs, but make sure that Exit 0 is used on success and Exit 1 is used on failures.
$Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" $Name = "HiberbootEnabled" $value = "0" Try { $Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name If ($Registry -eq $Value) { Write-Output "Compliant" Exit 0 } else { Write-Warning "Not Compliant" Exit 1 } } Catch { Write-Warning "Not Compliant" Exit 1 }
Remediation Script
Our next task is to create a script that will remediate the setting if needed.
$Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power" $Name = "HiberbootEnabled" $Type = "DWORD" $Value = "0" If (!(Test-Path $Path)) { New-Item -Path $Path -Force | Out-Null New-ItemProperty -Path $Path -Name $Name -Value $value -PropertyType $Type -Force | Out-Null } else { Set-ItemProperty -Path $Path -Name $Name -Type $Type -Value $Value }
Creating a Script Package
Now that our scripts have been created we can put it all together in a Script Package. Select Create Script Package on the Proactive Remediation page. On the Basics pages provide a name then upload the Detection Script and Remediation Script on the Settings page.
On the Assignments page assign the package to All Devices or a group consisting of devices then set a schedule for the Script Package. Notice that the scripts can run once or at intervals.
Once the Script Package has been run on our devices and we can see if clients where compliant or not, and if Proactive Remediation was able to remediate the issue successfully. If Windows 10 Fast Boot was enabled again by the user, Proactive Remediation would attempt to disable it if the Script Package was set to run at an interval.
In the next post we will have a look at Recommended Software, which are Microsoft’s recommendations for increasing user experience.
- Part 1 – Getting Started with Endpoint Analytics
- Part 2 – Startup Performance
- Part 3 – Proactive Remediation’s (this post)
- Part 4 – Recommended Software
- Part 5 – Restart Frequency