Device Remediation status misleading

Iron Contributor

Maybe I'm just missing something here, but when a Remediation script repeats on a schedule, how can we tell if devices were remediated?  All devices report "Without Issues" and ZERO devices fixed, but I know the script ran and fixed the problem weeks ago.  Say I have 100 devices assigned to the script:

 

- If the script runs just one time, everything reports fine.  The Remediation Status shows "Issue Fixed" for all 100 devices. 

- If the script repeats (say daily), the 2nd run clears out these statuses.  All 100 devices now show Remediation Status of "Not Run".  Remediation status overview show 0 devices.  

 

Is this by design?  This just doesn't make logical sense to me.  If a device got remediated, in my mind it should always show that status as "fixed" so that my admins know it had the problem at some point, and the script fixed it.  

5 Replies

Hello @Eric_H 

 

Welcome to the Microsoft community, my name is Recep I'll be happy to help you today.

 

Advice:

 

  • Log Output: Ensure that your script outputs log information to a file or another logging mechanism. This can help you track whether the script executed successfully, even if the Intune console doesn't reflect it accurately.
  • Review Intune Activity Logs: Check the Intune activity logs for detailed information on script execution. These logs may provide insights into any issues that might be causing the discrepancy in reporting.
  • Update Intune Settings: Periodically check for updates in the Intune portal or documentation. Remediations | Microsoft Learn  Microsoft might release updates that address reporting issues or improve the overall functionality.
  • Custom Reporting: Consider creating custom reports using the Microsoft Graph API or PowerShell to gather detailed information about script execution and remediation status.

 

# Your remediation script logic here

 

# Example: Fixing an issue (replace this with your actual remediation logic)

# For demonstration purposes, let's assume you're fixing a registry key issue.

$RegistryPath = "HKLM:\SOFTWARE\YourApplication"

$RegistryProperty = "SomeSetting"

$DesiredValue = "CorrectValue"

 

# Check if the registry key exists and has the correct value

if (Test-Path $RegistryPath -and (Get-ItemProperty -Path $RegistryPath).$RegistryProperty -eq $DesiredValue) {

    Write-Host "Registry key is already remediated. No action needed."

} else {

    # Fix the issue (replace this with your actual remediation logic)

    New-Item -Path $RegistryPath -Force

    Set-ItemProperty -Path $RegistryPath -Name $RegistryProperty -Value $DesiredValue

 

    Write-Host "Issue remediated successfully."

}

 

 

If I have answered your question, please mark your post as Solved

If you like my response, please give it a Like :smile:

Appreciate your Kudos! Proud to contribute! 🙂

 

Could you share parts of the scripts? Are you making sure you have proper exits in place etc?
so when it fails it will fail with exit 1 and when everything checks out it has an exit 0...
Sorry for the delayed response. I may have to do some sort of alternative logging to track completion. I just thought the portal itself would be much more useful if it could report accurately.

@Rudy_Ooms_MVP  

Shout out to karbonx1 for the scripts detecting LLMNR and Netbios.
https://www.reddit.com/r/Intune/comments/nqpi60/proactive_remediation_scripts_to_disable_llmnr/
Like I mentioned, they run fine and report to the Intune portal correctly on the first execution of the schedule. But on the second execution (day 2) Intune resets all the stats. In a way I suppose it is reporting correctly - on day 2 the detection script runs and finds no devices with the problem, so no devices are "remediated." However, just logically, I would think the portal would keep a count of devices that have been remediated over time. Appreciate you glancing at the script as I am new to this - maybe I'm doing something wrong.

 

Ahhh okay... so everything works out... but you were hoping there was some "history" available?
Sometimes it helps to add more columns to the output
https://call4cloud.nl/2021/05/the-laps-reloaded/#second-part
But yeah having a proper outages history and how it was fixed would be lovely