CalSync โ€” Automate Outlook Calendar Colors

Auto-color-code events for your team using rules. Faster visibility, less admin. 10-user minimum ยท 12-month term.

See pricing & get started Ask a question
CalSync Colors is a service by CPI Consulting

Automate Remediation with Microsoft Intune

by | Jan 28, 2026 | Blog, Microsoft Intune | 0 comments

In this blog post Automate Remediation with Microsoft Intune for Faster Self Healing we will explore how to detect common endpoint issues and fix them automatically using Microsoft Intune. Automate Remediation with Microsoft Intune for Faster Self Healing is about turning repetitive, reactive support tasks into reliable, repeatable workflows that keep devices healthy with minimal human intervention.

At a high level, Intune remediation is โ€œif this condition is true, then run this fix.โ€ Instead of waiting for tickets (or for users to notice problems), you proactively validate key settings and health signals, and you apply a corrective action when something drifts. The outcome is fewer incidents, faster recovery, and stronger security posture without adding more operational load.

What โ€œremediationโ€ means in Microsoft Intune

In Intune, automated remediation commonly refers to using Proactive Remediations (part of the Microsoft Intune Suite / Endpoint analytics capabilities) to run scheduled scripts on devices:

  • Detection script checks for a problem or drift (for example, a service is stopped, a registry value is wrong, disk cleanup is needed).
  • Remediation script fixes it (start the service, set the registry value, remove stale content, repair configuration).
  • Reporting shows which devices are affected, which were fixed, and which still need attention.

Think of it as lightweight โ€œself-healingโ€ for endpoints. Itโ€™s not replacing full configuration management or your RMM platform, but itโ€™s extremely effective for common Windows endpoint issues where a targeted script can validate and correct state.

The technology behind Intune automated remediation

The main technology powering this approach is Intuneโ€™s Proactive Remediations, which leverages the Intune Management Extension on Windows devices. The extension is responsible for running PowerShell scripts locally, on a schedule, under the correct context, and returning results to the Intune service.

Under the hood:

  • Microsoft Intune service stores the remediation package (detection + remediation) and assignment details.
  • Intune Management Extension retrieves policy and scripts, executes them, and reports success/failure and output.
  • Azure AD / Entra ID identity governs access and assignment targeting (users, devices, groups).
  • Endpoint analytics reporting provides visibility into how widely the issue occurs and how effective the fix is.

The key idea is desired state validation. Your detection script describes what โ€œgoodโ€ looks like. If a device isnโ€™t in that state, the remediation script brings it back.

When to use automated remediation

Automated remediation is best for issues that are:

  • Frequent (they keep coming back)
  • Predictable (you can reliably detect them)
  • Fixable with a script (no complex user interaction required)
  • Low risk (the fix is safe and reversible)

Examples that usually work well:

  • Ensure a critical Windows service is running
  • Remove legacy VPN profiles or stale certificates
  • Enforce a specific registry setting for an application
  • Reset a misconfigured Windows component (carefully)
  • Cleanup a folder that causes app crashes due to corrupt cache

A practical remediation pattern you can copy

The simplest pattern is: detection returns a non-zero exit code when remediation is needed. Remediation applies the fix and exits cleanly if successful.

Example scenario

A common pain point is a required service being stopped (by accident, by another tool, or after an update). Hereโ€™s a sample that checks whether the Windows Time service (w32time) is running. If it isnโ€™t, Intune runs the remediation script to start it and set it to Automatic.

Detection script (PowerShell)

# Detect-W32Time.ps1
$serviceName = 'w32time'
$svc = Get-Service -Name $serviceName -ErrorAction SilentlyContinue

if (-not $svc) {
  Write-Output "Service $serviceName not found"
  exit 1
}

if ($svc.Status -ne 'Running') {
  Write-Output "Service $serviceName is not running"
  exit 1
}

Write-Output "Service $serviceName is running"
exit 0

Remediation script (PowerShell)

# Remediate-W32Time.ps1
$serviceName = 'w32time'

try {
  Set-Service -Name $serviceName -StartupType Automatic -ErrorAction Stop
  Start-Service -Name $serviceName -ErrorAction Stop

  $svc = Get-Service -Name $serviceName
  if ($svc.Status -ne 'Running') {
    Write-Output "Failed to start $serviceName"
    exit 1
  }

  Write-Output "Remediation successful. $serviceName is running"
  exit 0
}
catch {
  Write-Output "Remediation error: $($_.Exception.Message)"
  exit 1
}

This is intentionally simple, but it highlights the approach: detect drift, fix drift, report outcomes.

How to implement Intune remediation step by step

  • Confirm prerequisites

    • Windows devices are enrolled and targeted by Intune.
    • Intune Management Extension is installed (typically present when using Win32 apps or scripts).
    • You have licensing for Proactive Remediations (where applicable in your tenant).

  • Write detection first

    • Keep it fast. Aim for seconds, not minutes.
    • Be explicit about โ€œhealthyโ€ vs โ€œunhealthyโ€.
    • Return exit 0 when compliant, exit 1 when remediation is needed.

  • Write remediation with safety rails

    • Make changes idempotent (running twice shouldnโ€™t break anything).
    • Handle errors and exit non-zero when you cannot fix.
    • Log helpful output so you can troubleshoot remotely.

  • Test locally

    • Run detection/remediation on a test device using the same execution context you expect in Intune.
    • Confirm you can reproduce the issue and validate the fix.

  • Create the remediation in Intune

    • Upload detection and remediation scripts.
    • Choose schedule (for example, daily or every few hours for critical checks).
    • Select run context (system vs user) depending on what you need to change.

  • Assign to a pilot group first

    • Start small: IT devices or a friendly business unit.
    • Review results and edge cases before broad rollout.

  • Monitor and iterate

    • Track how many devices fail detection and how many are successfully remediated.
    • Refine detection to reduce false positives.
    • Add safeguards if remediation can be disruptive.

A simple rollout approach for real organisations

  • Pick your top 3 recurring incidents (service stopped, app misconfig, certificate drift).
  • Write detection scripts that are deterministic and quick.
  • Automate the fix with a small, reversible remediation.
  • Pilot for 1โ€“2 weeks, review reporting daily at first.
  • Scale to broader groups once youโ€™re seeing stable success rates.

Wrap up

Automating remediation with Microsoft Intune is one of the most practical ways to reduce endpoint noise while improving security and reliability. With Proactive Remediations, you can codify the fixes your team already performs, schedule them, and gain visibility into how your fleet behaves over time.

If you want, share one recurring issue you see in your environment (for example, VPN profiles, certificates, BitLocker state, disk space, or a specific app setting) and we can map it to a clean detection/remediation pair that fits your device estate.

Discover more from CPI Consulting -Specialist Azure Consultancy

Subscribe to get the latest posts sent to your email.

Submit a Comment

Your email address will not be published. Required fields are marked *