Forum Discussion

dmarquesgn's avatar
dmarquesgn
Iron Contributor
Mar 13, 2023

Restart Windows 10 and 11 from MDE

Hi, I need to be able to restart some Windows 10 and 11 due to the application of updates. Is it possible to force a Windows restart from the MDE interface or by any query? Thanks
rahuljindal-MVP's avatar
rahuljindal-MVP
Bronze Contributor
Ok. I am not quite sure why you want to leverage Defender to achieve status against a device reboot. Maybe this is a specific use case, but normally Intune will be go to tool to manage security updates if you are licensed and the devices are enrolled. Maybe look at update rings and custom compliance in Intune if not already done.
dmarquesgn's avatar
dmarquesgn
Iron Contributor
Mar 15, 2023

rahuljindal-MVP 

I have Intune configured to deploy the security updates. Our Intune policy is what's on the screenhot below.

So, the last option means the machine should be auto restarted after grace period right?
What I've seen is that from about 2000 machines, more or less 100 of them each month do not complete the update, because they miss the restart, staying in pending. So I need to find out any way to be able to force the restart to be sure the patch was deployed.

Thanks

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    Mar 16, 2023
    Do they report pending or they actually don’t restart?
    • dmarquesgn's avatar
      dmarquesgn
      Iron Contributor
      Mar 16, 2023
      Hi, they actually report pending restart. I'm not totally sure if the problem is that the machine did not restart (according to Defender) or if there's any other issue.
      That's why I would like to be able to issue a restart, so then I could check if Defender already removed the tag "Pending Restart" and considers the vulnerability fixed.
      • rahuljindal-MVP's avatar
        rahuljindal-MVP
        Bronze Contributor
        Mar 16, 2023

        dmarquesgn sorry, but can you share where are you seeing pending system reset in  Defender so that I be certain what and where you are looking at? Also, as for the pending restart itself, if this is also reporting in Intune Windows update reports, then you can send a PS or proactive remediation script for a pending reboot and initiate a reboot. However, forcing a reboot on end user devices is not something I’ll recommend. 

Resources