Forum Discussion
Intune remediation scripts, schedule detect scripts
I would like to run a detection script every 180 days. The detection script runs the command dism /online /cleanup-image /scanhealth. If problems are found, a remediation script should run. The remediation script also runs the command dism /online /cleanup-image /scanhealth.
The problem is that detection scripts are executed every 24 hours. This is too frequent for most of my detect scripts.
According to Microsoft:
“The Microsoft Intune Management Extension service gets the scripts from Intune and runs them. The scripts are rerun every 24 hours.”
And:
“When you configure the assignment of a script package, you can define how often the remediation runs using one of the following Schedule options.”
Source: https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/remediations
When I check Monitor → Device Status, the oldest Last run timestamps are only two days old. When I check IntuneManagementExtension.log or AgentExecutor.log, I can see that the same detection scripts have been executed multiple times within the last 24 hours.
My schedule is set to Daily, with an interval of Repeats every 180 days. I originally thought this would cause the detection script to run every 180 days, but even Copilot insists that this setting only limits how often the remediation script is allowed to run.
I don't understand the logic behind this. Why not set the interval for a detect script and then run a remediation script? Why run the detect script every 24 hours and then skip the remediation script is it's run past 180 days?
1 Reply
hi namikou1610 It’s confusing, but your reading is basically correct: in Intune Remediations, the detection script is the thing that runs on the schedule, and if it returns an issue, the remediation script runs right after it. The “every 24 hours” wording in older docs/log examples tends to describe the IME service check-in behavior, not a hard rule that every remediation package always evaluates only once per day. Microsoft’s Remediations documentation says you can set a schedule for the script package, including recurring options.
So in practice:
Detection does not have its own separate schedule from remediation.
The package schedule controls when the detect/remediate cycle is triggered.
If your logs show multiple executions inside 24 hours, that’s usually because the IME service is polling regularly and the package is being reevaluated based on assignment / policy refresh behavior, not because Intune gives you a true “run detect only every 180 days” guarantee. That distinction is subtle, and honestly the docs are not very clear about it.
A couple of practical points:
Setting Daily + repeat every 180 days is awkward because “Daily” and “180 days” are fighting each other conceptually.
If you really want very infrequent health checks, Intune Remediations is usually not the best fit for heavyweight commands like dism /scanhealth.
A more reliable pattern is to make the script self-throttling: write a local timestamp/registry value/file after a successful run, and have the detection script exit immediately unless 180 days have passed.
So the logic would be:
Intune may invoke the package more often than you want.
Your script checks “last run date.”
If it hasn’t been 180 days, exit cleanly.
Only run dism when the interval has actually elapsed.
That gives you predictable behavior even if IME evaluates the assignment more often than expected.
One more thing: I’d also double-check the remediation command. Normally you’d expect:
Detection: dism /online /cleanup-image /scanhealth
Remediation: dism /online /cleanup-image /restorehealth
Running scanhealth again in remediation won’t actually repair anything.
So my honest take: your expectation is reasonable, but Intune Remediations isn’t designed as a precise long-interval scheduler. For a 180-day cadence, script-side throttling is usually the safest workaround.
