Restart Windows 10 and 11 from MDE

Frequent Contributor


I need to be able to restart some Windows 10 and 11 due to the application of updates.

Is it possible to force a Windows restart from the MDE interface or by any query?


11 Replies
Thanks for the reply. I know in Intune I can restart the machines, but that raises a lot of issues. This way I would have to create a script, to check for something within Defender, and then issue a restart request to Intune to those specific machines.
Also, does Intune allows any control over the restart, like confirmation, timings, etc?
Don’t really understand the ask here. Application of which updates? OS?
Unfortunately not. Here is no any information for user and restart should be performed immediately. But if you want to play with scripts you can write powershell script (force restart) and upload and run this script using Live Response session. But it's a long process.
Yes, the goal is to guarantee that the restart is done to force the Windows update process.
Thanks, I see where you're going, which is a quite interesting path, even though it would be something really hard.
If the machines are on the network, I have means to restart them. I would have to find a way to integrate stuff, but the main problem is the machines which are out of the network.
Ok. I am not quite sure why you want to leverage Defender to achieve status against a device reboot. Maybe this is a specific use case, but normally Intune will be go to tool to manage security updates if you are licensed and the devices are enrolled. Maybe look at update rings and custom compliance in Intune if not already done.


I have Intune configured to deploy the security updates. Our Intune policy is what's on the screenhot below.


So, the last option means the machine should be auto restarted after grace period right?
What I've seen is that from about 2000 machines, more or less 100 of them each month do not complete the update, because they miss the restart, staying in pending. So I need to find out any way to be able to force the restart to be sure the patch was deployed.


Do they report pending or they actually don’t restart?
Hi, they actually report pending restart. I'm not totally sure if the problem is that the machine did not restart (according to Defender) or if there's any other issue.
That's why I would like to be able to issue a restart, so then I could check if Defender already removed the tag "Pending Restart" and considers the vulnerability fixed.

@dmarquesgn sorry, but can you share where are you seeing pending system reset in  Defender so that I be certain what and where you are looking at? Also, as for the pending restart itself, if this is also reporting in Intune Windows update reports, then you can send a PS or proactive remediation script for a pending reboot and initiate a reboot. However, forcing a reboot on end user devices is not something I’ll recommend.