Home About Tools Projects Guides & Blog ⚡ Hire Me ✦ Websites Contact →
💻 Intune

Intune Proactive Remediations: A Complete Guide to Scripts and Detection

Published 1 October 2024 · Updated March 2025
Jack Davies
jackdjd.com
8 min read

Proactive Remediations - now called Remediations in the Intune Admin Centre - are one of the most powerful and underused features in Intune. They let you run a detection script on a schedule, and if an issue is found, automatically run a remediation script to fix it. All without user interaction, all reported back to Intune.

Think of them as scheduled task automation baked directly into Intune. You can use them to fix broken settings, clear caches, enforce configurations that drift, restart services, patch registry keys, and dozens of other day-to-day IT issues that would otherwise require a support ticket.

How They Work

🔍 Overview

Each Remediation package has two PowerShell scripts:

  • Detection script: runs on a schedule and checks whether an issue exists. Must exit with code 0 (no issue found) or 1 (issue found).
  • Remediation script: runs automatically if the detection script exits with code 1. Should fix the issue, then exit with 0.

Intune reports the status of each device back to the console - detected, remediated, or failed - giving you full visibility across your fleet.

ℹ️
Licence requirement
Remediations require Microsoft Intune Plan 1 or higher. Devices must be enrolled in Intune and running Windows 10 1903+ or Windows 11.

Creating a Remediation Package

📋 Setup
intune.microsoft.com Devices Remediations Create script package
  1. 1
    Name and describe
    Give the package a clear name like FIX-ClearTeamsCache. Use a consistent naming convention so packages stay organised.
  2. 2
    Upload detection script
    Upload your detection.ps1. Choose whether to run as the logged-on user or SYSTEM, and whether to enforce the script signature check.
  3. 3
    Upload remediation script
    Upload your remediation.ps1. This will only run if detection exits with code 1.
  4. 4
    Set the schedule
    Choose how often the detection runs - once, hourly, or daily. For most remediations, daily or every 6 hours is appropriate.
  5. 5
    Assign to groups
    Assign to the device or user groups you want to target. You can scope by assignment filters too.

Script Examples

💻 Scripts

Example 1: Clear Microsoft Teams Cache

Teams cache corruption is one of the most common causes of login issues, missing messages, and slow performance. This remediation detects a bloated cache and clears it silently.

🔍
detection.ps1
Exits 1 if Teams cache folder exceeds 500MB
$cachePath = "$env:APPDATA\Microsoft\Teams"
if (Test-Path $cachePath) {
    $size = (Get-ChildItem $cachePath -Recurse -ErrorAction SilentlyContinue |
             Measure-Object -Property Length -Sum).Sum / 1MB
    if ($size -gt 500) {
        Write-Host "Cache size: $([math]::Round($size,1))MB - remediation needed"
        exit 1
    }
}
Write-Host "Cache OK"
exit 0
🔧
remediation.ps1
Kills Teams and clears cache folders
Get-Process -Name "Teams" -ErrorAction SilentlyContinue | Stop-Process -Force
Start-Sleep -Seconds 3
$folders = @("Cache","blob_storage","databases","GPUCache","IndexedDB","Local Storage","tmp")
foreach ($folder in $folders) {
    $path = "$env:APPDATA\Microsoft\Teams\$folder"
    if (Test-Path $path) {
        Remove-Item $path -Recurse -Force -ErrorAction SilentlyContinue
    }
}
Write-Host "Teams cache cleared"
exit 0

Example 2: Check the Windows Time Service is Running

Time sync issues cause Kerberos failures, MFA problems, and certificate errors. This remediation ensures the Windows Time service is always running.

🔍
detection.ps1
Exits 1 if W32Time service is not running
$svc = Get-Service -Name "W32Time" -ErrorAction SilentlyContinue
if ($svc.Status -ne "Running") {
    Write-Host "W32Time not running: $($svc.Status)"
    exit 1
}
Write-Host "W32Time running OK"
exit 0
🔧
remediation.ps1
Starts W32Time and forces resync
Set-Service -Name "W32Time" -StartupType Automatic
Start-Service -Name "W32Time"
w32tm /resync /force
Write-Host "W32Time started and resynced"
exit 0

Example 3: Set Correct Time Zone

Useful when deploying devices to users who have changed their time zone, or when Autopilot doesn't correctly set it during provisioning.

🔍
detection.ps1
Exits 1 if time zone is not GMT Standard Time
$tz = (Get-TimeZone).Id
if ($tz -ne "GMT Standard Time") {
    Write-Host "Wrong timezone: $tz"
    exit 1
}
Write-Host "Timezone correct: $tz"
exit 0

Monitoring Results

✅ Reporting

After deploying a remediation package, you can monitor results from the Intune console:

intune.microsoft.com Devices Remediations [Your Package] → Device status

Each device shows one of four statuses:

  • Without issue: detection script ran and exited 0, no remediation needed
  • With issue: detection found a problem, remediation is running or pending
  • Remediated: issue was detected and successfully fixed
  • Error: the script itself failed (check the script output column for details)
Pro tip: use output for better reporting
Use Write-Host in both scripts to output diagnostic info. Intune captures this output and displays it in the device status view, making it much easier to diagnose failures without remoting onto the device.
⚠️
Always test scripts locally first
Run both scripts manually on a test device before deploying. A detection script that always exits 1 will cause the remediation to run continuously on every cycle. Test with a small pilot group before rolling out to your full fleet.
IntunePowerShellProactive RemediationsAutomationMicrosoft 365Endpoint Management
J
Jack Davies
IT Engineer · M365 & Intune Specialist

Jack is an IT Technical Engineer based in the UK, working day-to-day with Microsoft 365, Intune, and Entra ID across a range of businesses. He holds the MS-900 certification and is studying for a BSc in Cyber Security through the Open University. Outside of work he builds and documents home lab projects, writes guides on this site, and takes on M365 consulting work for small businesses.

About Jack → LinkedIn →
// monthly tips

Get M365 tips in your inbox

Practical Intune and Microsoft 365 tips, once a month. No spam, no fluff.