Forum Discussion
ASR in Intune for "Block persistence through WMI event subscription"
Hello Paulo,
Your probably not the only one.
But are you talking about persistence or WMI commands (One is Intune ready the other is not)
I get the same inconsistent results but when I check the PowerShell script run by devices I see that it is not the case. I have checked that the devices are indeed registered and even more that the devices are managed by Intune (MDM - you have to becareful that the same devices are not also managed by MAM) and comply with the prerequisites required to run said scripts.
If you look at the development of Endpoint Manager (yes Microsoft still call it Intune) you will see its on the agenda.
In development - Microsoft Intune | Microsoft Docs
I am beginning to get so annoyed with this that I am considering turning it into a Endpoint Analytics proactive remediation script to see what the hell is going on. Microsoft provide two very good examples that you can see here.
Endpoint analytics - Microsoft Endpoint Manager admin center
The code for PowerShell is here
- XPauloJan 18, 2021Copper Contributor
Hello braedachau
Thanks for your reply.
So you're not using an admin template but rather a PS script?
I am not sure I understand if it works in your case or not. Are you managing to see the recommendations go away?
Thanks
Paulo
- braedachauJan 20, 2021Brass Contributor
Yes both go away (since there are two associated with WMI)
I will ditch the PowerShell script when its officially supported by Intune
I just checked 3 machines that have a high "uptime" and its not reported in any of them, so resolved.
Regards