Run Intune Remediations on-demand for Windows Devices
Proactive Remediations has been around for some time in Intune. A bit hidden down in Reports and under Endpoint Analytics. A resent change in the management portal moved the Proactive Remediations to the Device node. Also a small name change, now called only Remediations. So now much better located and simple to find.
This is the same old Proactive Remediations, so nothing new in here. The new thing is the on-demand remediation action for windows. This is so cool!
Lets say you discover a new vulnerability on Windows 11 devices. The solution is to deploy a bunch of registry keys and then your clients are safe again. You create the Detection script to detect if the registry keys already exist and have the correct values. You also create a Remediation script to fix the registry keys if they are missing or have the wrong value. Finally you add the Detect and Remediation script to Remediations and set it to run once or on a schedule. Then you have to wait…………………………………………………………………………………..can sometimes take a day or 2.
This is where on-demand remediations comes to the rescue. If you want a particular device to be remediated as soon as possible.
- Devices must be Entra ID joined or Hybrid Entra ID joined
- Managed by Intune
- Windows 10/11 Professional, Enterprise or Education
- Windows E3, E5, A3, A5 or VDA license
- Remediations pre created
- The Intune Management Extension must be installed
- Devices are online and able to communicate with Intune
The last one is a bit special, but also easy to understand. It will only be able to run on-demand if the device is online.
- Open Intune management portal https://intune.microsoft.com
- Make sure you have your Remediation added under Remediations
- Open up node Devices / Windows / Windows Devices
- Select the target device
- Now you have the Overview of the device and at the top you have the Action bar with different actions.
- Select the three dots to show more actions that are available
- Choose the action Run Remedation
- Select your remediation and click the button Run Remediation
- You will get a notification that Remediation has been initiated
- If you refresh the overview page of the device you will also see a banner that Remediation is pending
- When remediation has ben executed the banner will change to Completed
- You can the monitor the result under the device page and the node Remediations
The On-demand remediation is very useful. I have used it a lot for testing my remediation script on one or a few targets. You don´t need to assign the remediation to anyone. You can just run it on-demand on your test targets. Saves a lot of time.
Why is the result in the last picture blank? This action is still in preview, and the response and reporting part seems to be a bit inconsistent. If you do it once, it seems to work well. But if you run multiple on-demand remediations on the same target. the Remediations node under the device does not show the result. It can sometimes show an old result or no result at all.