Remediations
Execute remote commands and remediation actions on managed devices through Microsoft Intune. Run scripts, install apps, and troubleshoot devices without physical access.
Remote Command Types
PowerShell Scripts
Execute PowerShell scripts on Windows devices for advanced configuration and remediation tasks.
- Run in system or user context
- 64-bit or 32-bit execution
- Output logging and error capture
- Script signature enforcement
Shell Scripts (macOS)
Execute bash/zsh scripts on macOS devices for automation and custom configurations.
- Root or standard user context
- Retry on failure options
- Frequency control
- Script output capture
Remediation Scripts
Detection and remediation script pairs that automatically fix compliance issues.
- Detection script runs first
- Remediation runs if issue detected
- Scheduled or on-demand execution
- Compliance reporting
Win32 App Installation
Trigger immediate Win32 app installation or reinstallation on Windows devices.
- Force reinstall option
- Install with dependencies
- Custom install parameters
- Installation monitoring
Script Library
Pre-built scripts for common remediation tasks:
- Clear Teams Cache (Windows) — Clears Microsoft Teams cache to resolve common issues
- Reset Windows Update (Windows) — Resets Windows Update components to fix update failures
- Repair Office Installation (Windows) — Runs online repair for Microsoft 365 Apps
- Flush DNS Cache (Windows, macOS) — Clears DNS resolver cache to fix connectivity issues
- Restart Print Spooler (Windows) — Restarts print spooler service to fix printing issues
- Reset Keychain (macOS) — Resets user keychain to fix authentication issues
Proactive Remediation
Configure detection and remediation script pairs that run automatically:
Detection Script
Checks for issue presence. Exit 0 = No issue, Exit 1 = Issue detected.
# Exit 0 = No issue
# Exit 1 = Issue detected
$cacheSize = (Get-ChildItem $env:LOCALAPPDATA\Microsoft\Teams -Recurse | Measure-Object -Property Length -Sum).Sum / 1GB
if ($cacheSize -gt 2) { exit 1 }
exit 0Remediation Script
Fixes the detected issue. Runs only if detection exits 1.
# Runs only if detection exits 1
Stop-Process -Name Teams -Force -EA SilentlyContinue
Remove-Item $env:LOCALAPPDATA\Microsoft\Teams\Cache -Recurse -Force
Start-Process "msteams.exe"Schedule Options
- Hourly — Every 1-24 hours
- Daily — Once per day
- On-Demand — Manual trigger
Execution Results
- 1,234 Succeeded
- 56 With Issues
- 23 Failed
- 89 Pending
Recent Executions
| Script | Device | Status | Output |
|---|---|---|---|
| Clear Teams Cache | DESKTOP-ABC123 | Success | Cache cleared: 2.3GB freed |
| Reset Windows Update | LAPTOP-XYZ789 | Success | Components reset successfully |
| Repair Office | WORKSTATION-001 | Failed | Insufficient disk space |
Remote Help (Premium)
Note: Remote Help requires Microsoft Intune Suite or standalone Remote Help add-on license.
Capabilities:
- View user’s screen
- Take full control (with consent)
- Elevated admin access
- File transfer
- Chat during session
Security Features:
- User must grant permission
- Session recording (optional)
- Audit logging
- Role-based access
- Compliance verification
Best Practices
- Test scripts before deployment — Always test scripts on pilot devices before broad deployment.
- Include error handling — Scripts should handle failures gracefully and provide meaningful output.
- Log script output — Write detailed logs to help troubleshoot issues when scripts fail.
- Consider user impact — Schedule intensive scripts during off-hours when possible.
API Reference
POST /api/devices/:id/run-script— Execute script on deviceGET /api/devices/:id/script-results— Get script execution resultsGET /api/scripts— List available scriptsPOST /api/scripts— Create new scriptGET /api/remediation/status— Get remediation script status