How to deploy PowerShell Script from Intune

PowerShell scripts can be deployed throughout GPO or manual with commands like Enter-Possession and Invoke-Command.

You must know that if you have an Intune to your environment or a customer has that you support then you can deploy a PowerShell script from Intune. 

Today I will describe step by step how can use the Intune to deploy a PowerShell script in Devices that it's not in your internal network and can't use a GPO or other method.

 

Prerequisites

Before starting to deploy a PowerShell Script from Intune let's see a few prerequisites that must have.

  • Windows 10 version 1607 and later.
  • Devices must be Azure AD registered, Hybrid Join, or Workplace joined.
  • Devices must be enrolled in Intune.
  • Device System clock must be synchronized. 

 

How long does it take a policy to apply

A lot of times IT Administrators have asked how long it takes a policy to apply to a user or a device.

When a new policy is assigned to the device Intune immediately notify the device to check in and receive the new policies or updates.

However, you can find in the tables more details for the schedule refresh cycle per device

Device Refresh Cycle

Windows 10/11 PCs enrolled as devices

About every 8 hours

Windows 8.1

About every 8 hours

iOS/iPadOS

About every 8 hours

macOS

About every 8 hours

Android

About every 8 hours

 

If the devices are recently enroll then compliance/non-compliance has more often refreshed the cycle

Device

Refresh Cycle

Windows 10/11 PCs enrolled as devices every

Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours

Windows 8.1

Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours

iOS/iPadOS

Every 15 minutes for 1 hour, and then around every 8 hours

macOS

Every 15 minutes for 1 hour, and then around every 8 hours

Android

Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours

 

The above tables are from Microsoft Docs.

If you need to find out more details regarding Refresh Cycles of policies you can go to 

Common questions and answers with device policies and profiles in Microsoft Intune

Now that you have read the above details let's start !!!

 

Deploy the PowerShell Script from Intune

  • Open the Microsoft Endpoint Manager Admin Center.

  • Click on Devices

 

  • Click on Scripts

 

  • Click Add and select Windows 10 and later.

 

  • Type a name to recognize the use for in the future and click Next.

 

  • Upload the PowerShell script.
  • Change to Yes only the Run this script using the logged-on credentials as first time use it.
  • Once you have more experience you can play with the other options as well. Click Next.

 

  • In the Assignment I would like to note that only AD Groups with user members can be assigned.
  • If you don't have it, create the appropriate AD Groups and sync them with the Azure Active Directory to be available here.

 

  • Take a look if all the settings are correct and click Add.

 

Monitoring the Status of the Deployment

We have deployed the PowerShell script to the devices. How can verify that the PowerShell Script has been applied without errors?

We can use different ways to see the status and identify any errors that might have been during the deployment.

 

Monitoring the Deployment from Intune

One way to monitor the deployment of the Powershell Script is from the Intune Portal.

Let's see how can use it.

  • Go again to  Devices - Scripts.

  • Then click on the script and you will see the status in the Device and Users.
  • Hmm it seems that it doesn't apply the script to the device yet.

 

  • Because I use a test user the problem was that a user didn't have a License.
  • So until the problem was identified, it took time and the PowerShell script couldn't be deployed.

 

 

Monitoring the Deployment from IntuneManagementExtension Logs

Except for the Intune console, you can use the Logs of the Intune Management Extension.

From the logs, you can understand what kind of error populated throughout the deployment.

It will be very helpful while troubleshooting

  • Go in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
  • Open and red the Log File  IntuneManagementExtension.log.
  • From here you will understand why the Powershell script hasn't been deployed to the devices.
  • In this log file all it seems good

 

  • Logs like the below requires research to understand what is the source of the problem.

 

The deployment of the PowerShell script it's not difficult. The most difficult part is to troubleshoot the problem when the PowerShell script can't be deployed to the devices that you need.

I hope to help you understand how you can use Intune when you need to deploy a PowerShell script on devices outside of your internal network.

Disqus Comments