Forum Discussion

Raman220's avatar
Raman220
Copper Contributor
May 27, 2025

Intune Proactive Remediation Script Not Working for Normal Users on AVD Multi-Session

Scenario:

  • We are using Azure Virtual Desktop (AVD) multi-session machines that are Azure AD joined and enrolled in Intune.
  • These machines are part of an Application Group where normal Azure AD users are assigned.
  • Users can successfully log in to the AVD session host.

What We Are Doing:

  • We are deploying a Proactive Remediation script (now called Remediations) via Intune.
  • The script is designed to show a confirmation popup to the user.
  • In the script package settings, we have selected: > Run this script using the logged-on credentials (i.e., run in user context)

What Works:

  • When a Global Administrator logs in to the AVD machine, the popup appears as expected.
  • Logs and script output are generated correctly.

What Doesn’t Work:

  • When a normal user logs in (non-admin Azure AD user), the script:
  • Does not show the popup
  • Does not generate logs
  • Appears to not run at all

What We Suspect:

  • The issue may be related to lack of local administrator rights for normal users.
  • Since we are using AVD, we are not logging in with local machine administrators.
  • We understand that system context would allow the script to run regardless of user login, but we specifically need user context to show the popup.

Questions:

  1. Is this expected behavior for Proactive Remediation scripts in user context on AVD multi-session machines?
  2. Do normal users need to be local administrators for the script to run properly in user context?
  3. Is there a supported way to show popups or UI prompts to normal users via Intune scripts on AVD?
  4. Are there any official Microsoft documents or best practices that explain this behavior or provide a workaround?

Additional Info:

  • We are using Windows 10/11 Enterprise multi-session
  • Devices are Azure AD joined
  • Scripts are encoded in UTF-8, and logging is implemented
  • Licensing is compliant with Intune and AVD requirements

If anyone has encountered this issue or has documentation or a workaround, your help would be greatly appreciated!

Intune
powershell
scripts

1 Reply

Sort By
  • David Stowers's avatar
    David Stowers
    Copper Contributor
    Jun 06, 2025

    I don't know if it will help any, but when I was wanting to add user context registry settings to a session I ended up using ActiveSetup.

Resources