Intune Proactive Remediation

If Intune filters was my favourite new Intune feature of 2021, Proactive Remediations is fast becoming my favourite for 2022.

I’m starting to use this feature a lot at work and its starting to replace the Win32 app method to deploy a configuration as well ensuring it remains set.

I’ve also previously blogged about how to remove the “Teams Personal” app that keeps returning in Windows 11, especially after patching/feature updating (It’s a lot more noticeable on the Windows Insider builds). So, after using Intune PowerShell and then switching to Win32 app, I find that it’s third time lucky with Proactive remediations (still holding out hope for an Intune Configuration Profile setting if anyone from Microsoft reads this)

Similar to the approach took with the Win32 app method, you really only need two scripts, a detection script and a remediation script.

These are the scripts I am using:

Detection 

#==========================================================================================
#
# Script Name:     TeamsPersonal_Detection.ps1
# Description:     Looks for the Teams Personal App 
#
# Change Log:      Paul Warren      09 Sept 2022        Script Created       
#    
#==========================================================================================

# Define Variables
$TeamsApp = Get-AppxProvisionedPackage -online | where-object {$_.PackageName -like "*MicrosoftTeams*"}

try 
{
    if ($TeamsApp.DisplayName -eq "MicrosoftTeams"
        {
            Write-Output "Teams Built-in Present"
            Exit 1
        }
    ELSE
        {
            Write-Output "Teams Built-in Not Present"
            Exit 0
        }
}   
catch{
    $errMsg = $_.Exception.Message
    Write-Error $errMsg
    exit 1
}

Remediation

#==========================================================================================
#
# Script Name:      TeamsPersonal_Remediation.ps1
# Description:      Removed Teams Personal App
#
# Change Log:       Paul Warren      09 Sept 2022        Script Created
#                   Paul Warren      19 Sept 2022        Added stop-process for msteams.exe
#==========================================================================================
try 
{
    #Kill msteams process
    If (Get-Process msteams -ErrorAction SilentlyContinue) {
        Try {
            Stop-Process msteams -Force
        }
        catch {
            Write-Output "Might be issues - Continue anyway..."
        }
       
    }
    Get-AppxPackage -Name MicrosoftTeams -AllUsers | Remove-AppPackage -AllUsers
    exit 0
}   
catch{
    $errMsg = $_.Exception.Message
    Write-Error $errMsg
    exit 1
}

To set this up in Intune, navigate to Reports – Endpoint Analytics – Proactive Remediations

Click on Create script package

Give an appropriate name and description

NameProactive Remediation – Remove Teams Personal App
DescriptionLooks for the built in Teams Personal app on Windows 11 and if detected, removes it

On the create custom script page – you will need to navigate to the detection script

And then do the same for the remediation script

Configure Scope Tags as required and click Next

Select the most appropriate group for your environment, in this example, I am using the All users built in group along with the Windows 11 Devices Intune Filter.  Click Next

Review what has been configured and click Create

Notification

You may need to click Refresh to see the newly created Proactive remediation

Schedule

You may want to configure a frequency for this to run (the default is Daily at 12:00pm).

As an example, I will change the Frequency to Hourly and interval to every to four hours, but you should configure the most appropriate frequency for your environment

Overview

After a period of time, you will start to see devices check in and those that are detected will have the remediation script run.  Another interesting status is the Recurred one, and as Teams Personal is an app that often reappears, you will see here when the app removal reoccurs.

Device Status

You can get a more detailed information on a device basis by clicking on Device status

P.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s