Workflow: Intune client continuity

Overview

Devices without an Intune client working as intended represent significant compliance issues, generating serious end-point management complications. Today, detecting, troubleshooting, and remediating the root cause of broken clients can be lengthy for support agents, who are often left unaware of the issue until it is too late.

Trigger an automated workflow across any group of devices to perform a series of checks and self-heal actions to ensure the Intune client is synchronized and compliant with the required services, certificates, and sync policies. If any issues are detected, the workflow automatically performs the necessary remediation. If these common issues cannot be resolved by the workflow, an ITSM ticket will be automatically created with the relevant information to notify support.

This workflow automatically enables you to resolve and filter out common Intune issues and ensure compliance across the landscape. This saves significant time for any support team, enabling them to investigate and focus on more serious problems.

Changelog

V1.0.0.0 - Initial Release

Dependencies

In order to use this flow the following content needs to be installed into your Nexthink Infinity tenant using the Nexthink Library.

Remote actions

Get Intune device status
Set service Information
Restart service
Get Intune synchronization status
Get Intune client diagnostics
Invoke Intune policy synchronization

For more details about remote actions in workflows see https://docs.nexthink.com/platform/latest/workflows-designer#id-(2023.8-05)Designer-RemoteActions .

Configuration

Remote action configuration

Please note: To be used in a workflow, the following remote actions must be configured with a manual trigger. It can be combined with other execution triggers if the remote action is also used outside of a workflow.

Set service Information
Configure the following input parameters as follows:
- [ServiceName]: IntuneManagementExtension
- [StatusChange]: start
- [SetSrartTypeTo]: auto
Restart service
Configure the following input parameters as follows:
- [ServiceName]: DmWapPushService

Service/API configuration

Connector credentials are required for the service/API call step - "Report this device via ITSM ticket".
Connector credentials must be manually configured based on your ITSM solution and its current configuration. For more information about setting up connector credentials in Nexthink, you can refer to this documentation page.

Trigger configuration for the workflow

This workflow has been designed primarily to run automatically using the schedule trigger however it can be useful to also enable the manual trigger to allow on-the-fly client remediations to be sent.

When configuring the scheduler we recommend the following settings as a baseline:

NQL:

CODE

devices during past 7d
| where operating_system.platform == Windows
 and operating_system.name !in ["*server*"]

Recurrence: Weekly - select at least one day.

Please note: Once all the prerequisites and workflow are installed and configured, you can use the built-in validation feature that runs every time you save the workflow.`

Workflow Structure

This section describes the key steps in this workflow:

At the start of this workflow, there is a Get Intune Sync Status analytics module configured to automate the retrieval of Intune client sync status information using a remote action;

Based on the results of this analysis, the workflow determines whether the following issue needs to be resolved with additional remote actions:
- The last attempt to sync the Intune client failed.

If the last Intune client sync failed, the workflow starts a step-by-step troubleshooting and remediation process. This includes the following steps:
- Is the Intune Management Extension service running?
- Is the MDM certificate present and valid?
The workflow can restore the Intune Management Extension service configuration and initiate another attempt to sync the Intune client;

The workflow then checks whether the new synchronization attempt was successful or unsuccessful. If there is a repeat failure, the workflow will collect Intune client diagnostic data and then generate an ITSM ticket to report on that device.