SCRIPT: Send proactive remediation logs back to Intune!

ByLee Lovell

Within Intune, proactive remediations are a great diagnostic tool. The idea behind them is simple: you have a detection script and a remediation script. Basically, you run a detection script to see if a machine has a particular “issue” you are looking for, and if it does, it runs the remediation script to fix it.

There are lots of IT remediation tasks that you can take care of with these. There are plenty of blogs for that, and I will like post my favorites as time passes. But here is the kicker:

Proactive remediations can be whatever you want it to be! This includes not even being a remediation—or fix—at all!

When you look at a proactive remediations in Intune, you’ll notice that you’re not even required to have the remediation part. You can just have a script run and do whatever you want with it. It’s awesome!

One of those awesome ideas is to simply look for a certain configuration on a machine and report back to Intune (think of anything that Intune doesn’t natively report). You can have the script “exit 1” to have the Intune Management Extension (IME) report back to Intune that the device is “With Issue” and then you have some basic reporting of whatever you want built in the web interface. You can even have any console output viewable right from the “Device Status” report (make sure to make that column viewable).

The biggest limitation here is that you can only have one line of a string report back to Intune to be viewed in the “Device status” report. What if you need to get more data from a troublesome device but you can’t get to the device to get the logs off it?

Make the IME do the work for you!

In summary, when you look at the Windows device in Intune and click on “Collect diagnostics,” Intune will attempt to reach out to the device and “collect diagnostics [on the] device.” Truth is, it will collect everything in “C:\ProgramData\Microsoft\IntuneManagementExtension\Logs” and allow you collect it from the “Device Diagnostics” view of a device in Intune. Yes, if you put anything in there with a script, the IME will give it to you! Awesome, right?!

To help facilitate that, I have created a script that will transcribe the output of your script and save it to the IME log file directory. In my opinion, it might be wise to have all of your scripts wrapped in this script.It’s a neat little way to make Intune work better for you.

What the scripts does:

  • Defines the name of the log file (make sure to change it!)
  • Stops any transcripts that might not have stopped previously for whatever reason
  • Starts and stops transcription

If you have any questions, please let me know!

(CLICK HERE for the Github link for the latest version of the code!)

Similar Posts

AI generated image

Oracle Java Part 3: Removing with Intune

Lee Lovell Updated on

Oracle’s Java is one of the most widely used pieces of software in the world. Oracle makes it really easy for users to download it, no doubt helping to maintain its proliferation in the marketplace. And it’s free!

In Part 3, we look at how you can utilize proactive remediations to remove licensed versions from your infrastructure.

Generated by AI

Oracle Java Part 2: Detecting with Intune

Lee Lovell Updated on

Oracle’s Java is one of the most widely used pieces of software in the world. Oracle makes it really easy for users to download it, no doubt helping to maintain its proliferation in the marketplace. And it’s free!

In Part 2, we look at how you can utilize tools in Intune to detect the presence of Oracle Java in your environment.