A comprehensive collection of Microsoft Intune remediation scripts and configurations designed for enterprise endpoint management, device compliance enforcement, and automated system fixes. This repository provides production-ready PowerShell scripts that integrate seamlessly with Intune's remediation framework.
- Device Compliance: Automated scripts to detect and fix common compliance issues
- Security Remediation: Security-focused fixes for endpoint vulnerabilities
- Performance Optimization: Scripts to optimize device performance and user experience
- Modern PowerShell: Supports -WhatIf and ShouldProcess for safe testing
- Comprehensive Logging: Standardized logging with Write-Information
- Browse Examples: Start with
docs/examples/intune-import/for a complete detection/remediation pair - Test Scripts: Always run with
-WhatIfparameter first to preview changes safely - Deploy via Intune: Follow the deployment guide for step-by-step Intune configuration
Here's a complete detection and remediation pair demonstrating proper structure:
[CmdletBinding()]
param()
try {
$condition = Get-SomeCondition
if ($condition) {
Write-Information "Issue detected" -InformationAction Continue
exit 1 # Issue found - remediation needed
} else {
Write-Information "No issues found" -InformationAction Continue
exit 0 # Compliant - no remediation needed
}
} catch {
Write-Error "Detection failed: $_"
exit 1
}[CmdletBinding(SupportsShouldProcess=$true)]
param()
try {
if ($PSCmdlet.ShouldProcess("System", "Apply Remediation")) {
# Apply fix here
Write-Information "Remediation applied successfully" -InformationAction Continue
exit 0 # Success
}
} catch {
Write-Error "Remediation failed: $_"
exit 1 # Failure
}- Create new Remediation in Intune admin center
- Upload detection script, set to run in system context
- Upload remediation script, configure schedule
- Assign to device groups and monitor results
- detection-scripts/: Device and software compliance detection scripts
- remediation-scripts/: Corresponding remediation scripts for detected issues
- security-management/: Security baseline and vulnerability remediation tools
- compliance-reporting/: Compliance status reporting and analytics
- browser-password-management/: Browser security and password policy enforcement
- device-lifecycle/: Device provisioning, maintenance, and retirement scripts
- graph-api-scripts/: Microsoft Graph API integration and reporting tools
- network-automation/: Network connectivity and configuration management
- performance-monitoring/: System performance analysis and optimization
- modern-automation/: PowerShell 7 and cross-platform automation capabilities
- docs/: Comprehensive documentation and deployment guides
- docs/examples/: Sample implementations and import templates
Our continuous integration pipeline ensures code quality through:
- PowerShell Script Analyzer: Automated linting and best practice validation
- Link Validation: Automated checking of documentation links
- Security Scanning: CodeQL analysis for security vulnerabilities
- Testing: Automated validation of script syntax and functionality
All scripts follow PowerShell best practices:
- Support for
-WhatIfandShouldProcesswhere applicable - Standardized error handling and logging
- Proper exit codes for Intune integration
- Security-conscious design (no Set-ExecutionPolicy usage)
- 📖 Read our Contributing Guidelines
- 🐛 Report issues via GitHub Issues
- 💡 Submit feature requests and improvements
- 🔀 Create pull requests following our guidelines
- 📚 Browse our comprehensive documentation
- 🛠️ Check the troubleshooting guide
- 🔐 Review our security policy
- ⭐ Star this repo if you find it helpful!
- Follow @a-ariff for updates
- Join discussions in our GitHub Discussions
- Share your use cases and improvements
MIT License - see LICENSE file for details.
Made with ❤️ for the IT community