๐ฑ Recipe ยท Intune & Device Management
Remotely Reboot an Intune-Managed Device via Microsoft Graph
Trigger an immediate reboot on a stuck or unresponsive Intune-managed Windows device and verify check-in
Complexity
Beginner
Impact
device-management + help-desk + user-support + intune + windows
Context
Why This Matters
When to use this recipe
End users occasionally report that their Windows device is unresponsive after a feature update, a policy deployment, or a long-running install. Rather than walking the user through a hard power-off (which risks data loss and filesystem corruption), an IT admin can issue a graceful remote reboot through Intune. The device receives the command on its next Intune check-in (or immediately if it is online), closes sessions cleanly, and restarts.
Typical triggers:
- Device is stuck on a spinning wheel, login screen, or post-update screen
- Applications fail to launch and a restart would clear the state
- A required policy or configuration needs to take effect after reboot
- The user is remote and cannot reach the power button (e.g., a remote VM)
This recipe covers locating the user's device, issuing the rebootNow action via Microsoft Graph, and verifying that the device checked back in afterward.
Expected Outcomes
After completing this recipe you will have:
- Identified the correct Intune-managed device for the target user
- Triggered a remote reboot using the Microsoft Graph
rebootNowaction - Confirmed Intune accepted the reboot command (HTTP 204 response)
- Verified the device checked back in by inspecting the updated
lastSyncDateTime - A repeatable PowerShell workflow for future reboot requests
Risks & Considerations
Warnings and gotchas
- Unsaved work will be lost.
rebootNowdoes not prompt the end user โ it forces a restart. Where possible, notify the user first (Teams message, email) and give them a few minutes to save. - Endpoint naming matters. Use
/v1.0/deviceManagement/managedDevices/{id}/rebootNow. The beta graph does not expose a/rebootsegment and will returnHTTP 400 - Resource not found for the segment 'reboot'. - The command is queued, not synchronous. A 204 response means Intune accepted the request. The device must be online (or check in) before it actually reboots. For offline devices, the command can sit for hours.
- lastSyncDateTime lag. Immediately after issuing the reboot, the sync timestamp will still show the pre-reboot time. Wait 5โ15 minutes and re-check before concluding the device is unresponsive.
- Platform support.
rebootNowis supported on Windows 10/11 and macOS. It is not supported on iOS/iPadOS or Android personal profiles. - Privileged operation. The reboot action requires the
DeviceManagementManagedDevices.PrivilegedOperations.Allscope โ treat it as a change action and log it in your change record. - Do NOT loop reboots. If the first reboot doesn't resolve the issue, investigate (event logs, Intune diagnostics) before issuing another. Repeated forced reboots can interrupt update sequencing and leave the device in a worse state.
Required Permissions
| Permission | Why It's Needed |
|---|---|
| DeviceManagementManagedDevices.Read.All | Read the list of managed devices to locate the target device by user or device name |
| DeviceManagementManagedDevices.PrivilegedOperations.All | Required to invoke the rebootNow action against a managed device |
| User.Read.All | Resolve the user's UPN and object ID when searching for their devices |
| Intune Administrator or Help Desk Operator role | Directory role granting permission to perform device actions in Intune |
The fastest way to get this done โ just ask Dex. Copy the prompt below and paste it into your Dex conversation.
For IT Admins
Paste into Dex CoAdmin
For End Users
How an employee would ask Dex for help