Let’s learn how you can run Remediation Script on-demand for Windows Devices using Intune. A new device action that is in public preview allows you to run a remediation on-demand on a single Windows device.
The Run remediation device action allows you to resolve issues without having to wait for remediation to run on its assigned schedule. Once the script deployment is saved, you can manually trigger the execution on-demand for targeted Windows devices.
Proactive remediations are script packages from the Intune portal that can detect and fix common support issues on a user’s device before they even realize there’s a problem.
Starting with Intune May update 2305, Proactive Remediations was renamed to Remediations and is available from Devices > Remediations. You will still be able to find Remediations in both the new location and the existing Reports > Endpoint Analytics location until the next Intune service update.
Each script package consists of a detection script, a remediation script, and metadata. Through Intune, you can deploy these script packages and see reports on their effectiveness.
- Deploy Proactive Remediation Script Using Intune | Easy Method
- Intune Driver Firmware Update Policies | Review Approve Schedule Suspend Options
Prerequisites for Running Remediation Script on-demand
When using remote action to run remediation for enrolled Windows devices and performing remediation scripting, there are certain requirements to consider:
- Remediations must already be configured before a remediation script can be used on-demand.
- The built-in or custom script packages must be available for users to run a remediation on-demand, however they do not need to be assigned to a user or device. You can use Scope tags to limit which remediation script packages a user can see.
- Users must be Global Admins, Intune Admins, or have a role with the Run remediation permission (available under Remote tasks). During the public preview, the user must also have Organization: Read.
- Devices are online and able to communicate with Intune and Windows Push Notification Service (WNS) during remote action.
- The Intune Management Extension must be installed on devices. The installation is done automatically when a Win32 app, PowerShell script, or Remediation is assigned to a user or device.
Run Remediation Script on-demand for Windows Devices using Intune
The following steps you need to follow to run remediation script on-demand from Intune. There are multiple ways to get to Windows remote actions that you will find more helpful for Intune admins.
- Sign in to the Microsoft Intune Admin Center portal https://Intune.microsoft.com/.
- Navigate to Devices > Windows > Select device from the list. The other option is to Navigate to all devices -> search for the device.
On the device Overview page, You have various remote actions for the selected devices. select … and click on the Run remediation (preview).
In the Run remediation (preview) pane, select the Script package you want to run from the list and deploy a remediation script package to this device using both detection and remediation scripts. You also have the option to View details to see the properties of the script package.
Important – Run remediation is currently offered in preview. The license requirement limitation has been removed.
Clicking on view details, you can check the script package details that appeared with detection and remediation script contents, description, and configured settings. Once you review it, You can select Run remediation to run the remediation on-demand.
A notification will appear with the message, Run Remediation initiated. You can track the running status for the script packages of your detection and remediation.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Does it work for Co-managed devices?
It seems not working for comanaged devices,
Thanks for sharing this. I’m having trouble finding technical documentation for on-demand remediations. When we attempt to run an on-demand remediation, it sits in a pending state indefinitely. Does anyone know if this utilizes WinRM? We have WinRM disabled and I suspect that as the reason for the failed execution.
Can you run a remediation on demand for all devices or just for one device at a time?
As far as I can tell, it utilizes something like WinRM or at least its port. I’ve done testing with both Remote Assist and Remote desktop turned on and off, and got various results. With both off, pending. With either one of them on, success. With both on, success.
Remediation on demand is one at a time. If you want to hit a bunch of systems, you probably want a more proactive approach with remediation scripts assigned to a group.
I have a Proactive remediation script stuck in Pending. How can I move that forward or forth?
Same issue for me…