I guess the answer for govcloud is Endpoint Analytics is not yet available, and running a script on non-compliant endpoints is still in preview also.
We would have to trust that the built-in native remediation is good enough. Is that what we're saying?