How to repair an application deployed via Intune with no admin rights

Hello sylsimp1​

If the app was deployed as Available, users can reinstall it themselves via Company Portal.

If the app was deployed as Required, you can temporarily make it Available so the user can reinstall it.

To repair the app via Microsoft Intune, you may need to adjust the detection logic or use a script-based detection method to identify devices where the app requires repair.

Trigger a device sync by going to:

Settings > Accounts > Access work or school > Info > Sync, or by using the Company Portal. This allows the device to detect that the app is missing or unhealthy and reinstall or repair it automatically.

Alternatively, deploy a Proactive Remediation:

• A detection script checks whether the app is broken
• A remediation script runs a silent repair command, or uninstalls the app so the user can reinstall it via Company Portal

But how would the built in solution handle ALL the possible scenarios? Some devices won't have enough disk space, others might have some other issue which is preventing the app from being installed, its not easy to remediate all of this without risking that something else will brake.

As already pointed out, I would use a script which is deleting the traces of app installation in Registry, especially if we talk about win32app, which is going to force the IME engine to try the installation again on the next sync. This script then can be reused for other scenarios as well as you would literally need to just change the appId value in it.

You are only options are:

1. Let detection fail → Intune reinstalls
2. Force uninstall + reinstall (script / remediation)
3. Elevate via LAPS (not Intune repair)

Do you have other solution in mind? If it is a Win32 app, then there won't be any built in.

You can always script the repair\re-installation and push it down using Intune. It can be a one-off PS script or a win32 wrapper. Alternatively if you use LAPS then you can elevate permissions locally on the device.