What could be better than working on a project together with others. Andrew Taylor, Joey Verlinden, Florian Salzmann and I have created a community endpoint analytics remediation script repository where we have written and added as many ready to use scripts as possible for you. In this blog post I want to give you more insights into these scripts and explain how you can integrate them into your environment.
Table of contents
What is Endpoint Analytics?
Endpoint Analytics is a feature within Microsoft Intune that provides insights into device performance and health. It allows IT administrators to proactively monitor devices, diagnose issues, and optimize device performance. Endpoint Analytics collects data on device performance metrics, such as boot time, app load time, and battery life. This data can be used to identify device issues, prioritise troubleshooting, and improve device performance. You can learn more in the official Microsoft Learn documentation.
What is an endpoint analytics remediation script?
Probably the most important feature in endpoint analytics is proactive remediation. An endpoint analytics remediation script lets you detect problems through detection scripts and fix them directly through remediation actions. These scripts can be executed once or time triggered. You can also use them only for reporting to query certain values on the client.
You can use these scripts to do all kinds of nice stuff like showing fix issues, create reports, collect data from the client, show pop up messages or a WPF application. Almost everything that is possible with PowerShell is also possible with remediation scripts.
A proactive remediation is created of two scripts. One is the detection script what is run in advance to check the status and return a 1 for an issue or a 0 for no issue. Based on this return value a remediation script will be executed.
Prerequisites
Before creating an endpoint analytics remediation script, there are a few prerequisites that need to be in place:
- E3 / E5 / A3 / A5 license
- Intune enrolled or co-managed devices <1909 + cumulative update from July 2021
- Microsoft Entra ID joined or hybrid Microsoft Entra ID joined
- Windows 10 and later Education, Professional or Enterprise
- Connection to
https://*.events.data.microsoft.com
Where can I find the repository?
You can find the repository via this link: https://github.com/JayRHa/EndpointAnalyticsRemediationScripts
How to create an endpoint analytics remediation script
Creating an endpoint analytics remediation script is a straightforward process. Here are the steps:
- Open the Intune Portal
- Navigate to Reports -> Endpoint Analytics
- Click + Create script package
- Enter a name and click Next
- Upload the Detection script.
- Click Next > Next
- Assign the script to a group
- Create a schedule. In my case I select daily.
- Click Next > Create
How can I contribute?
If you have an idea for a script which is missing, contact us via our blog social media or open an issue on the repository with a description of your idea:
If you have a script which you want to upload to this repository use our template in the 0 – Teamplate folder and create a pull request.
Common pitfalls to watch out for
When you start rolling out remediation scripts there are a few things that catch most people out. The most common one is the execution context: detection and remediation scripts run in the SYSTEM context by default, so anything that relies on the logged-in user’s profile, mapped drives, or HKEY_CURRENT_USER will not behave the way you expect. If your script needs the user context, make sure you set the Run this script using the logged-on credentials option to Yes.
A second pitfall is the 64-bit PowerShell host. By default scripts are run in 32-bit PowerShell, which can hide registry keys under the WOW6432Node redirection and break cmdlets that only exist in the 64-bit modules. If a script works locally but silently fails in Intune, switching Run script in 64-bit PowerShell to Yes fixes it more often than not. Finally, remember that exit codes matter: a detection script must exit with 0 when no issue is found and 1 when remediation is required, and an unhandled exception will be reported as a failure rather than a clean result.
Why a shared script library matters
Most admins end up solving the same problems over and over: clearing a stuck Windows Update cache, fixing time synchronisation, or enforcing a registry setting that drifts. A community repository means you do not have to reinvent any of that. You can grab a tested detection and remediation pair, review it, and deploy it in minutes instead of writing and debugging it from scratch. Because the scripts are peer-reviewed through pull requests, you also benefit from edge cases other people have already hit in production, which is exactly the kind of knowledge that is hard to gather on your own.
Big thank you to:
This repository is a community project where we try to implement many ready to use endpoint analytics remediation scripts and provide them to the Intune community. If you have further ideas we would be happy if you send them to us, open an issue on this repository or create a pull request.