I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).
- New to Endpoint Analytics? Then grab a quick peek at following docs: What is Endpoint analytics (preview)?
Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.
So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.
NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming. 🙂
- Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations 🙂
- 1.8.0 – Added support for using Windows 10 Toast Notification Script with Endpoint Analytics Proactive Remediation
- Added support for having config.xml file hosted online
- Added support for having images used in the script hosted online
Nothing new is happening to the actual content of the config.xml file. Though I would still like to highlight, that the images can now be hosted on the Internet instead of strictly being local. This is required to have the script working with Proactive Remediations. So far, so good.
In below examples, I have both images hosted in blob storage in Azure:
<Option Name=”LogoImageName” Value=”https://krpublicfiles.blob.core.windows.net/toastnotification/ToastLogoImage.jpg” />
<Option Name=”HeroImageName” Value=”https://krpublicfiles.blob.core.windows.net/toastnotification/ToastHeroImage.jpg” />
Running my Toast Notification Script with Proactive Remediations requires another small step; hard coding of the config.xml file.
Let me explain: The content of the actual toast is configured through a config file, which again is passed to the script as a parameter.
Proactive Remediations doesn’t support passing parameters to the script, so in order for the Toast Notification Script to work, you will have to hard code the path to the config.xml file.
This is easily done in the very beginning of the script. Do something similar to what I have done above and below.
NOTE: Again, the script has been modified to now support config.xml files being hosted online. Here, I’m hosting a config.xml in blob storage in Azure:
[string]$Config = “https://krpublicfiles.blob.core.windows.net/toastnotification/config-toast-whfb.xml”
The config.xml can be browsed directly from a browser (if one knows the exact URL).
When everything is properly setup (I will go into details in my next blog post), you will see that the detection script finds that my device is not enrolled in Windows Hello for Business (it’s not for testing purposes).
The last line of the output of the detection script is written to the IntuneManagementExtension.log:
[HS] lastLine of output = [Single SID]: Not good. PIN credential provider NOT found for LoggedOnUserSID. This indicates that the user is not enrolled into WHfB.
Then comes the remediation script, which essentially is my entire Toast Notification Script pointing to the specific config.xml hosted in Azure blob storage.
Again, last line of the output of the script is written to the IntuneManagementExtension.log:
2020-07-05 21:18:07 INFO: All good. Toast notification was displayed
The Windows 10 Toast Notification Script still logs its actions to $env:APPDATA\ToastNotificationScript\New-ToastNotification.log when run via Proactive Remediations.
Once the Toast Notification Script has been deployed to Proactive Remediation, it only takes a new upload of the config.xml in order to modify the content of the actual toast notification.