Run on-demand Remediation script on Intune device with PowerShell and MS Graph
In this post I will show you how to run Remediation script on demand on a specific device using PowerShell and MS Graph.
Context
- You have created a Remediation script
- You want to run it on a specific device
The solution
One week ago Microsoft implemented the AWESOME feature allowing you to execute a remediation script on demand on a specific device.
You can do this through the Intune portal as below:
1. Go to Intune
2. Search a device
3. Click on the device
4. Click on the ...
5. Click on Run remediation
7. Click on Run remediation
Do this with MS Graph
When a new feature comes in Intune I always try to look to MS Graph in order to understand how to automate the action.
To do this I always use the developer mode from my browser.
I think every people who want to play with Graph should use this trick.
You can find here a post I did about this.
So now let's use just our browser to understand how to use Graph to get results we want.
For this we will proceed as below:
1. Go to the Intune
2. Type a specific device name
3. Click on the ...
4. Press F12 to open developer mode
5. Select the Network tab
6. Click on Run remediation
8. Click on the Stop recording button
9. Then you will find two resources called initiateOnDemandProactiveRemediation
10. Click on the first one
11. You will find the URL resource
12. Go to Payload to see the body to pass
Now you can see that to run a remediation script on demand the resource used is initiateOnDemandProactiveRemediation.
See below full resource path:
deviceManagement/managedDevices('DeviceID')/initiateOnDemandProactiveRemediation
You will need to pass the below body:
Do this with PowerShell and MS Graph
Now let's do this with PowerShell.
See below the code used for this:
2 commentaires
Salut Damien,
thank you very much for the article!
For the others using your procedure, I might add that
$Device_ID is 'Intune Device ID' (not 'Microsoft Entra Device ID')
and that when using initiateOnDemandProactiveRemediation to manually initiate remediation, it starts on the PC almost immediately (my tests show that within 10 seconds from the initiation of the Graph API call).
Hi Damien
Thanks Damien, Your article helps me alot in my daily work. I am trying to create a powershell script that runs remediation script on-demand for bulk devices but i need some help with my script and i hope you can help me.
$Remediation_Script_ID = "Remediation_Script_ID"
$RemediationScript_Body = @{
"ScriptPolicyId"="$Remediation_Script_ID"
}
$csv = Get-ChildItem -Path "C:\Users\Public\Desktop\deviceID.csv" | Out-GridView -PassThru
## Import Csv
$deviceid = Import-Csv $csv
Connect-MgGraph
foreach($device in $deviceid){
$RemediationScript_URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices(´$($device.DeviceId)´)/initiateOnDemandProactiveRemediation"
Invoke-MgGraphRequest -Uri $RemediationScript_URL -Method POST -Body $RemediationScript_Body
}
Enregistrer un commentaire