Hi,I need to be able to restart some Windows 10 and 11 due to the application of updates.Is it possible to force a Windows restart from the MDE interface or by any query?Thanks

Hi,by using MDE no but you can use Intune to force restart.https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-restart#restart-a-device

Hi,Thanks for the reply. I know in Intune I can restart the machines, but that raises a lot of issues. This way I would have to create a script, to check for something within Defender, and then issue a restart request to Intune to those specific machines.Also, does Intune allows any control over the restart, like confirmation, timings, etc?Thanks

Don’t really understand the ask here. Application of which updates? OS?

Unfortunately not. Here is no any information for user and restart should be performed immediately. But if you want to play with scripts you can write powershell script (force restart) and upload and run this script using Live Response session. But it's a long process.

Yes, the goal is to guarantee that the restart is done to force the Windows update process.

Restart Windows 10 and 11 from MDE | Microsoft Community Hub

P4tr8k
Brass Contributor
Mar 15, 2023
Hi,
by using MDE no but you can use Intune to force restart.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-restart#restart-a-device
- dmarquesgn
  Iron Contributor
  Mar 15, 2023
  Hi,
  Thanks for the reply. I know in Intune I can restart the machines, but that raises a lot of issues. This way I would have to create a script, to check for something within Defender, and then issue a restart request to Intune to those specific machines.
  Also, does Intune allows any control over the restart, like confirmation, timings, etc?
  Thanks
  - P4tr8k
    Brass Contributor
    Mar 15, 2023
    Unfortunately not. Here is no any information for user and restart should be performed immediately. But if you want to play with scripts you can write powershell script (force restart) and upload and run this script using Live Response session. But it's a long process.
rahuljindal-MVP
Bronze Contributor
Mar 15, 2023
Don’t really understand the ask here. Application of which updates? OS?
- dmarquesgn
  Iron Contributor
  Mar 15, 2023
  Yes, the goal is to guarantee that the restart is done to force the Windows update process.
  - rahuljindal-MVP
    Bronze Contributor
    Mar 15, 2023
    Ok. I am not quite sure why you want to leverage Defender to achieve status against a device reboot. Maybe this is a specific use case, but normally Intune will be go to tool to manage security updates if you are licensed and the devices are enrolled. Maybe look at update rings and custom compliance in Intune if not already done.
cyb3rmik3
Iron Contributor
May 14, 2023
Hello dmarquesgn,

while there is no restart option through the GUI of M365 Defender, you can try the following:
Perform a live response at the endpoint of interest
Create a powershell script containing "Restart-Computer -Force" command
Upload it in the library
Run the .ps1 script
If a user is logged in, you will probably see an error indicating "The system shutdown cannot be initiated because there are other users logged on to the computer.". Otherwise, the endpoint will restart.

If I have answered your question, please mark your post as Solved
If you like my response, please consider giving it a like

Forum Discussion

Restart Windows 10 and 11 from MDE

Share

Resources