ℹ️
Use case: This method works for any .ps1 script you want to run on managed Windows devices — local account creation, registry tweaks, software installs, or custom configuration.
01
Navigate to Platform Scripts
Log in to endpoint.microsoft.com → Devices → Scripts and remediations → Platform scripts → click + Add → Windows 10 and later.
02
Configure Script Basics
Give your script a descriptive name (e.g. "Create Local Admin Account") and an optional description. Click Next.
03
Upload the Script & Set Execution Settings
Upload your .ps1 file. Set these three settings:
Run this script using the logged-on credentials: No
Enforce script signature check: No
Run script in 64-bit PowerShell Host: Yes
04
Assign to Device Group
On the Assignments tab, click Add groups under Required. Select the target device group. Avoid assigning to All Devices until you've tested on a pilot group.
05
Review & Create
Click through the Review + Create tab. Confirm all settings look correct, then click Create. The script will run at the next device check-in (typically within 8 hours, or trigger manually).
06
Verify Execution in IME Logs
After the device checks in, confirm the script ran successfully:
# Check on the device:
# C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\AgentExecutor.log
# C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\Scripts.log
💡
Re-run scripts: Intune only runs platform scripts once per device by default. To force a re-run after editing, remove the device from the assignment group, sync, re-add it, and sync again.