Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations

Introduction

I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).

Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.

So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.

NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming.  🙂

  • Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations 🙂

What’s New

  • 1.8.0 – Added support for using Windows 10 Toast Notification Script with Endpoint Analytics Proactive Remediation
    • Added support for having config.xml file hosted online
    • Added support for having images used in the script hosted online

Config.xml

Images

Nothing new is happening to the actual content of the config.xml file. Though I would still like to highlight, that the images can now be hosted on the Internet instead of strictly being local. This is required to have the script working with Proactive Remediations. So far, so good.

In below examples, I have both images hosted in blob storage in Azure:

<Option Name=”LogoImageName” Value=”https://krpublicfiles.blob.core.windows.net/toastnotification/ToastLogoImage.jpg” />
<Option Name=”HeroImageName” Value=”https://krpublicfiles.blob.core.windows.net/toastnotification/ToastHeroImage.jpg” />

Config parameter

Running my Toast Notification Script with Proactive Remediations requires another small step; hard coding of the config.xml file.

Let me explain: The content of the actual toast is configured through a config file, which again is passed to the script as a parameter.

Proactive Remediations doesn’t support passing parameters to the script, so in order for the Toast Notification Script to work, you will have to hard code the path to the config.xml file.

This is easily done in the very beginning of the script. Do something similar to what I have done above and below.

NOTE: Again, the script has been modified to now support config.xml files being hosted online. Here, I’m hosting a config.xml in blob storage in Azure:

[string]$Config = “https://krpublicfiles.blob.core.windows.net/toastnotification/config-toast-whfb.xml”

The config.xml can be browsed directly from a browser (if one knows the exact URL).

Proactive Remediations

When everything is properly setup (I will go into details in my next blog post), you will see that the detection script finds that my device is not enrolled in Windows Hello for Business (it’s not for testing purposes).

The last line of the output of the detection script is written to the IntuneManagementExtension.log:

[HS] lastLine of output = [Single SID]: Not good. PIN credential provider NOT found for LoggedOnUserSID. This indicates that the user is not enrolled into WHfB.

Then comes the remediation script, which essentially is my entire Toast Notification Script pointing to the specific config.xml hosted in Azure blob storage.

Again, last line of the output of the script is written to the IntuneManagementExtension.log:

2020-07-05 21:18:07 INFO: All good. Toast notification was displayed

Pros

The Windows 10 Toast Notification Script still logs its actions to $env:APPDATA\ToastNotificationScript\New-ToastNotification.log when run via Proactive Remediations.

Once the Toast Notification Script has been deployed to Proactive Remediation, it only takes a new upload of the config.xml in order to modify the content of the actual toast notification.

Download

https://github.com/imabdk/Toast-Notification-Script

ENJOY 🙂

8 thoughts on “Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations”

  1. I was just going to ask when the amazing Toast Notification script would become available for this kind of situations but you already worked it out. Great stuff again!

    Reply
  2. Hi Martin

    I was wondering if we can fix the time sync issues on windows 10 devices using the proactive remediation?
    I mean if the detection script can check if the device is syncing up correctly with NTP/NT5DS or if there is a time difference.
    And with the remediation script we can fix the syncing issue and the device takes the correct time.
    Can this be achieved?

    Regards,
    Moses

    Reply
  3. Hello,

    We noticed the greeting time was not working right.
    elseif (($Hour -lt 12) -and ($Hour -lt 16)) {
    $Greeting = $GreetAfternoonText

    we changed “$Hour -lt 12” to “$Hour -gt 12”

    I also added the a the write log message as well

    Write-Log -Message “Greeting with given name selected. Replacing HeaderText”
    $Hour = (Get-Date).TimeOfDay.Hours
    if (($Hour -lt 0) -and ($Hour -lt 12)) {
    $Greeting = $GreetMorningText
    Write-Log -Message “Greeting with Morning Text”
    }
    elseif (($Hour -lt 12) -and ($Hour -lt 16)) {
    $Greeting = $GreetAfternoonText
    Write-Log -Message “Greeting with Afternoon Text”
    }
    else {
    $Greeting = $GreetEveningText
    write-Log -Message “Greeting with Evening Text”
    }

    Reply
    • Woops, that is surely a mistake in my end. I was actively rewriting some of that and that’s obviously not correct. Thanks for making me aware 🙂

      Reply
  4. Maybe im a bit confused in this part, or not entirely sure how this goes, but which part of this config goes into the detection script, and which part goes into remediation script? do i upload the “New-ToastNotification.ps1” to both places, with a hardcode link to the xml file. I cant find any details as to this part to make sure im doing it the correct way…

    Maybe include these files in future releases, as now you have to upload them to Endpoint Analytics aswell when creating the package.

    Reply

Leave a Reply to Marcel Moerings Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.