Configure remediation scripts using Microsoft Intune

Completed

Remediation scripts let you detect and fix common endpoint issues automatically. This unit explains how to create, test, and deploy detection and remediation scripts in Microsoft Intune so you can keep devices healthy with minimal user impact.

What Remediations does

Remediations in Intune runs scripts on client devices to identify and repair configuration or performance issues. It is designed for recurring tasks such as cleanup, service reset, and troubleshooting logic that should run automatically before help desk intervention is needed.

Common use cases include:

• Repairing Windows Update components
• Clearing temporary files or cache folders
• Validating and restoring configuration settings
• Disabling problematic startup applications

Important

Remediation scripts should be safe to run repeatedly and should not make irreversible changes without validation.

Create remediation scripts

Remediations in Microsoft Intune allow administrators to automatically detect and resolve common endpoint issues before they impact end users. By combining detection and remediation logic through PowerShell scripts, organizations can automate recurring maintenance tasks, improve device health, and reduce manual support effort across managed environments.

To configure Remediations:

1. Open the Microsoft Intune admin center.
2. Go to Devices > Remediations.
3. Select Create > Script package.
4. Enter a name and description for the remediation package.
5. Upload a Detection script that returns a nonzero value when remediation is needed.
6. Upload a Remediation script that fixes the detected issue.
7. Optionally upload a Script output file for advanced logging.

After deployment, Intune continuously evaluates the assigned devices based on the configured schedule and executes remediation actions automatically when required. Regular monitoring and testing of remediation packages help ensure reliable automation, minimize operational disruption, and maintain a consistent endpoint experience throughout the organization.

Create the PowerShell script

When creating Remediations packages in Microsoft Intune, it is important to follow Microsoft’s scripting requirements and operational best practices. Properly designed scripts help ensure reliable execution, reduce unnecessary remediation cycles, and minimize performance impact on managed devices. Detection and remediation scripts should be lightweight, efficient, and designed for unattended execution across a large number of endpoints.

• Use PowerShell for both detection and remediation scripts.
• Keep each script under 64 KB in size.
• Design the detection script to return 0 when no remediation is required.
• Ensure the remediation script can run silently and complete within the allowed timeout.

# Detection script example: Last boot time metric

$os = Get-CimInstance Win32_OperatingSystem -ErrorAction SilentlyContinue

if ($null -eq $os) {
    # If we cannot read the metric, flag as issue
    exit 1
}

$lastBoot = $os.LastBootUpTime

# Output for logging (optional in Intune)
Write-Output "Last Boot Time: $lastBoot"

# Always return 0 if script runs successfully and no remediation condition is defined
exit 0

Following these requirements helps improve script reliability and ensures compatibility with the Intune Management Extension. Consistent testing and validation before production deployment are recommended to avoid failed remediations or unintended impact on end-user devices.

Test Remediations before wide deployment

Always test Remediations in a pilot group before assigning them broadly. A controlled pilot deployment helps validate that detection and remediation scripts behave as expected in a production-like environment without introducing unnecessary risk to the wider organization. Testing also allows administrators to identify potential side effects, verify execution timing, and confirm that remediation logic only targets affected devices.

Steps for testing:

1. Assign the remediation package to a small pilot device group.
2. Review the detection results in the Endpoint Analytics dashboard.
3. Confirm remediation actions only run on devices that need them.
4. Verify device state after remediation completes.

Tip

Use a pilot group of devices with varied hardware and update states to validate the remediation across real-world conditions.

Monitor remediation results

After deployment, monitor success and failure details from the Endpoint Analytics dashboard. Continuous monitoring is essential to ensure that Remediations are functioning correctly and delivering the expected operational improvements. Reviewing remediation results helps administrators identify recurring issues, validate remediation effectiveness, and quickly detect failed or partially completed executions that may require further investigation.

Key monitoring tasks:

• Check the number of devices that detected the issue
• Review remediation success and failure counts
• Investigate any script errors or unexpected results
• Confirm the issue is resolved on target devices

Consistent monitoring and reporting help organizations maintain healthy endpoint environments and improve the reliability of automated remediation processes over time. Regular reviews also support optimization efforts and help reduce recurring support incidents across managed devices.

Best practices for Remediations

Effective Remediations strategies require careful planning, reliable scripting practices, and ongoing operational oversight. Following established best practices helps ensure remediations remain targeted, predictable, and scalable while minimizing potential disruption to end users and business operations.

• Keep detection logic concise and reliable.
• Limit remediation scope to the specific issue being addressed.
• Avoid running high-impact remediations too frequently.
• Reuse existing corporate scripts and modules when possible.
• Document the script behavior and rollback plan.

Applying these best practices supports a more stable and maintainable remediation framework within Microsoft Intune. Well-designed remediation packages improve operational efficiency, simplify troubleshooting, and help organizations maintain a consistent and secure endpoint management strategy.

Secure and manage remediation scripts

Remediation scripts should be treated as production-level operational assets because they can directly impact endpoint configuration, device stability, and user productivity. Proper governance, version management, and access control are important to maintain script integrity and reduce the risk of unauthorized or unintended changes within the environment.

Treat remediation scripts as production assets:

• Store scripts in a secure source control repository.
• Manage script versions and change history.
• Ensure only authorized administrators can edit and deploy remediation packages.

Establishing secure management practices for remediation scripts improves accountability, supports audit and compliance requirements, and helps organizations maintain consistent operational standards across their endpoint management processes.

Learn more

• Remediations in Microsoft Intune
• Create and deploy remediations
• Endpoint Analytics overview
• Use Endpoint Analytics to identify device issues and improve user experience
• Microsoft Intune admin center