DamagedDingo/Combined-Detection-and-Remediation-Example.ps1

## Combined-Detection-and-Remediation-Example.ps1
<#
---------------------------------------------------------------------------------------------------
Detection.ps1
---------------------------------------------------------------------------------------------------
RELATED EXAMPLES:
    DetectionOnly-Script.ps1
    https://gist.github.com/DamagedDingo/e5cd124673775923a5c24e2f3f81a260#file-detectiononly-script-ps1

PURPOSE:
    Checks if a specific process that should NOT be running is currently active.

LOGIC:
    - If the process is found → device is UNHEALTHY → Exit 1 → triggers remediation.
    - If the process is not found → device is HEALTHY → Exit 0.

STRUCTURE:
    This script has two exit paths:
        Exit 0 → "Pre-remediation detection OUTPUT"
        Exit 1 → "Pre-remediation detection ERROR"

    Both columns are hidden by default in Intune. You must enable them manually in the
    Device status view > Columns.

INTUNE FLOW:
    Exit 1 causes Intune to run the remediation script.
    If the remediation script exits 0, Intune will immediately re-run this detection
    script to confirm the device is now healthy—it does NOT wait for the normal schedule.

WRITE-ERROR NOTE:
    Do NOT use Write-Error.
    Write-Error terminates immediately and Intune will never see the message.
    Use Write-Output and then Exit.
---------------------------------------------------------------------------------------------------
#>

$processNameThatShouldNotBeRunning = 'Notepad'

try {
    # Try = process found = BAD state = exit 1
    # -ErrorAction Stop ensures we land in catch if process isn’t found.
    $process = Get-Process -Name $processNameThatShouldNotBeRunning -ErrorAction Stop

    # This Write-Output is captured in "Pre-remediation detection ERROR".
    Write-Output "Detection failed: '$processNameThatShouldNotBeRunning' is running. Device is unhealthy. The error is: $error[0]"
    #
    # Why Write-Output and not Write-Error? Because Write-Error exits immediately
    # before Intune can collect the console output. Write-Output ensures Intune receives this message.
    exit 1
}
catch {
    # Catch = process not found = GOOD state = exit 0
    # This Write-Output is captured in "Pre-remediation detection OUTPUT".
    Write-Output "Detection passed: '$processNameThatShouldNotBeRunning' is not running. Device is healthy."
    exit 0
}

<#
---------------------------------------------------------------------------------------------------
Remediation.ps1
---------------------------------------------------------------------------------------------------
PURPOSE:
    Demonstrates how to handle multiple potential failures while still sending only
    a single Write-Output back to Intune.

STRUCTURE:
    - Several actions are attempted in sequence.
    - Each failed action adds a message to an array ($errorNotes).
    - At the end:
        • If any step failed, all messages are combined into a single JSON string
          and returned to Intune with one Write-Output and Exit 1.
        • If all steps succeed, Write-Output once and Exit 0.

INTUNE BEHAVIOUR:
    Exit 0 → "Post-remediation detection OUTPUT"
    Exit 1 → "Remediation ERROR"

    When this script exits 0, Intune immediately re-runs the detection script
    to confirm the device is healthy. It does NOT wait for the next scheduled run,
    because the detection script contains the actual health logic.

WRITE-ERROR NOTE:
    Do NOT use Write-Error. It terminates execution before Intune can capture
    the output. Always Write-Output first, then Exit.
---------------------------------------------------------------------------------------------------
#>

$processNameThatShouldNotBeRunning = 'Notepad'
$errorNotes = @()  # Array for storing all error messages from failed steps

try {
    # --- Step 1 -----------------------------------------------------------
    try {
        Stop-Process -Name 'Notepad1' -Force -ErrorAction Stop
    }
    catch {
        $errorNotes += "Step 1 failed – incorrect process name. The error is: $($_.Exception.Message)"
    }

    # --- Step 2 -----------------------------------------------------------
    try {
        Stop-Process -Name 'Notepad2' -Force -ErrorAction Stop
    }
    catch {
        $errorNotes += "Step 2 failed – incorrect process name again. The error is: $($_.Exception.Message)"
    }

    # --- Step 3 -----------------------------------------------------------
    try {
        Stop-Process -Name $processNameThatShouldNotBeRunning -Force -ErrorAction Stop
    }
    catch {
        $errorNotes += "Step 3 failed – unexpected issue stopping $processNameThatShouldNotBeRunning. The error is: $($_.Exception.Message)"
    }

    # --- Final result ----------------------------------------------------
    if ($errorNotes.Count -gt 0) {
        # Combine all messages into one minified JSON string
        $jsonMessage = $errorNotes | ConvertTo-Json -Compress

        # Only one Write-Output before exit; appears in "Remediation ERROR"
        Write-Output "Remediation ERRORS detected: $jsonMessage"
        #
        # Do NOT use Write-Error here — it exits too quickly for Intune to record the output.
        exit 1
    }
    else {
        # Everything succeeded
        Write-Output "Remediation successful: all steps completed. Detection will re-run immediately to confirm device health."
        #
        # Why? Because the detection script contains the health logic.
        # Intune doesn't assume this remediation worked — it immediately re-runs detection
        # instead of waiting for the next scheduled check (for example, every 3 days).
        exit 0
    }
}
catch {
    # Outer catch: captures any catastrophic or unexpected failures
    Write-Output "Remediation failed: outer catch triggered. The error is: $($_.Exception.Message)"
    #
    # Again — Write-Error would exit before Intune could capture this message.
    exit 1
}
	<#
	---------------------------------------------------------------------------------------------------
	Detection.ps1
	---------------------------------------------------------------------------------------------------
	RELATED EXAMPLES:
	DetectionOnly-Script.ps1
	https://gist.github.com/DamagedDingo/e5cd124673775923a5c24e2f3f81a260#file-detectiononly-script-ps1

	PURPOSE:
	Checks if a specific process that should NOT be running is currently active.

	LOGIC:
	- If the process is found → device is UNHEALTHY → Exit 1 → triggers remediation.
	- If the process is not found → device is HEALTHY → Exit 0.

	STRUCTURE:
	This script has two exit paths:
	Exit 0 → "Pre-remediation detection OUTPUT"
	Exit 1 → "Pre-remediation detection ERROR"

	Both columns are hidden by default in Intune. You must enable them manually in the
	Device status view > Columns.

	INTUNE FLOW:
	Exit 1 causes Intune to run the remediation script.
	If the remediation script exits 0, Intune will immediately re-run this detection
	script to confirm the device is now healthy—it does NOT wait for the normal schedule.

	WRITE-ERROR NOTE:
	Do NOT use Write-Error.
	Write-Error terminates immediately and Intune will never see the message.
	Use Write-Output and then Exit.
	---------------------------------------------------------------------------------------------------
	#>

	$processNameThatShouldNotBeRunning = 'Notepad'

	try {
	# Try = process found = BAD state = exit 1
	# -ErrorAction Stop ensures we land in catch if process isn’t found.
	$process = Get-Process -Name $processNameThatShouldNotBeRunning -ErrorAction Stop

	# This Write-Output is captured in "Pre-remediation detection ERROR".
	Write-Output "Detection failed: '$processNameThatShouldNotBeRunning' is running. Device is unhealthy. The error is: $error[0]"
	#
	# Why Write-Output and not Write-Error? Because Write-Error exits immediately
	# before Intune can collect the console output. Write-Output ensures Intune receives this message.
	exit 1
	}
	catch {
	# Catch = process not found = GOOD state = exit 0
	# This Write-Output is captured in "Pre-remediation detection OUTPUT".
	Write-Output "Detection passed: '$processNameThatShouldNotBeRunning' is not running. Device is healthy."
	exit 0
	}

	<#
	---------------------------------------------------------------------------------------------------
	Remediation.ps1
	---------------------------------------------------------------------------------------------------
	PURPOSE:
	Demonstrates how to handle multiple potential failures while still sending only
	a single Write-Output back to Intune.

	STRUCTURE:
	- Several actions are attempted in sequence.
	- Each failed action adds a message to an array ($errorNotes).
	- At the end:
	• If any step failed, all messages are combined into a single JSON string
	and returned to Intune with one Write-Output and Exit 1.
	• If all steps succeed, Write-Output once and Exit 0.

	INTUNE BEHAVIOUR:
	Exit 0 → "Post-remediation detection OUTPUT"
	Exit 1 → "Remediation ERROR"

	When this script exits 0, Intune immediately re-runs the detection script
	to confirm the device is healthy. It does NOT wait for the next scheduled run,
	because the detection script contains the actual health logic.

	WRITE-ERROR NOTE:
	Do NOT use Write-Error. It terminates execution before Intune can capture
	the output. Always Write-Output first, then Exit.
	---------------------------------------------------------------------------------------------------
	#>

	$processNameThatShouldNotBeRunning = 'Notepad'
	$errorNotes = @() # Array for storing all error messages from failed steps

	try {
	# --- Step 1 -----------------------------------------------------------
	try {
	Stop-Process -Name 'Notepad1' -Force -ErrorAction Stop
	}
	catch {
	$errorNotes += "Step 1 failed – incorrect process name. The error is: $($_.Exception.Message)"
	}

	# --- Step 2 -----------------------------------------------------------
	try {
	Stop-Process -Name 'Notepad2' -Force -ErrorAction Stop
	}
	catch {
	$errorNotes += "Step 2 failed – incorrect process name again. The error is: $($_.Exception.Message)"
	}

	# --- Step 3 -----------------------------------------------------------
	try {
	Stop-Process -Name $processNameThatShouldNotBeRunning -Force -ErrorAction Stop
	}
	catch {
	$errorNotes += "Step 3 failed – unexpected issue stopping $processNameThatShouldNotBeRunning. The error is: $($_.Exception.Message)"
	}

	# --- Final result ----------------------------------------------------
	if ($errorNotes.Count -gt 0) {
	# Combine all messages into one minified JSON string
	$jsonMessage = $errorNotes \| ConvertTo-Json -Compress

	# Only one Write-Output before exit; appears in "Remediation ERROR"
	Write-Output "Remediation ERRORS detected: $jsonMessage"
	#
	# Do NOT use Write-Error here — it exits too quickly for Intune to record the output.
	exit 1
	}
	else {
	# Everything succeeded
	Write-Output "Remediation successful: all steps completed. Detection will re-run immediately to confirm device health."
	#
	# Why? Because the detection script contains the health logic.
	# Intune doesn't assume this remediation worked — it immediately re-runs detection
	# instead of waiting for the next scheduled check (for example, every 3 days).
	exit 0
	}
	}
	catch {
	# Outer catch: captures any catastrophic or unexpected failures
	Write-Output "Remediation failed: outer catch triggered. The error is: $($_.Exception.Message)"
	#
	# Again — Write-Error would exit before Intune could capture this message.
	exit 1
	}
No results found