Remediations on demand in bulk

During the excellent Modern Endpoint Management summit in Paris, I was sitting in the equally excellent session from Florian Salzmann and one of the questions was if the Device bulk commands could send an on-demand remediation to multiple devices and the answer was no.

This gave me an idea so I built this script on the fly.

It will prompt to select a remediation and then select any devices, click OK and it will run that remediation against any and all devices selected.

Of course, it supports parameters and app registrations too.

You can grab it from GitHub here

Or PS Gallery Here:

Install-Script -Name bulk-run-remediation-ondemand

4 thoughts on “Remediations on demand in bulk”

  1. Hi Andrew,

    I got it working by adding “DeviceManagementManagedDevices.PrivilegedOperations.All” to the scope section of the script.


  2. Hi Andrew,

    Thank you for providing this excellent tool! Would you be able to assist me with this error message?

    Invoke-MgGraphRequest : POST‘)/initiateOnDemandProactiveRemediation
    HTTP/1.1 403 Forbidden
    Transfer-Encoding: chunked
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=31536000
    request-id: 559ee630-3368-4de7-9104-681ba62fe7b3
    x-ms-ags-diagnostic: {“ServerInfo”:{“DataCenter”:”East US
    Date: Thu, 21 Dec 2023 16:44:26 GMT
    Content-Encoding: gzip
    Content-Type: application/json
    {“error”:{“code”:”Forbidden”,”message”:”{\r\n \”_version\”: 3,\r\n \”Message\”: \”Application is not authorized to
    perform this operation. Application must have one of the following scopes:
    DeviceManagementManagedDevices.PrivilegedOperations.All – Operation ID (for customer support):
    00000000-0000-0000-0000-000000000000 – Activity ID: 559ee630-3368-4de7-9104-681ba62fe7b3 – Url:
    \”CustomApiErrorPhrase\”: \”\”,\r\n \”RetryAfter\”: null,\r\n \”ErrorSourceService\”: \”\”,\r\n \”HttpHeaders\”: \”{
    At C:\bulk-run-remediation-ondemand.ps1:252 char:5
    + Invoke-MgGraphRequest -uri $url -Method Post -Body $json -Content …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (Method: POST, R…ication/json
    }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException
    + FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.Invok


Leave a Comment