In a world where hybrid work is the norm and devices are spread across cities—or continents—keeping endpoints healthy is both a technical and operational challenge. One of the simplest, most effective actions an administrator can take when a device is unresponsive, sluggish, or pending updates is a restart. Traditionally, that meant asking the user to reboot or connecting via remote assistance tools. With Microsoft Intune, you can initiate a restart remotely, safely, and consistently—without a remote desktop session or physical access.
This article walks through how to restart a device using Intune, when to use it, what to expect after you trigger the action, and best practices that make remote reboots reliable across your fleet.
Why Remote Restart Matters
A restart is deceptively simple—and extremely powerful. It can:
Clear temporary state and stuck processes
Finalize pending updates or configuration changes
Recover devices from application hangs and resource exhaustion
Help apply policies cleanly after major changes (e.g., compliance baselines, security settings, or VPN client updates)
For IT service desks, the ability to kick off a reboot on demand cuts down mean time to resolution (MTTR), reduces “hand-holding” during calls, and minimizes downtime for users. It’s also a clean step to include in automated remediation playbooks.
Prerequisites and Role Requirements
Before you can restart devices through Intune, confirm:
Device Enrollment:-
The Windows device must be enrolled in Intune (MDM). Corporate-owned or BYOD, as long as the device is properly enrolled and checking in, you can manage it.
Supported Platform:-
The device should be a supported version of Windows that Intune can manage. Most modern Windows 10/11 editions under MDM are supported.
Permissions:-
Your account needs an appropriate Intune role. Typical roles with device control include Intune Administrator, Help Desk Operator, or a custom role with “Remote tasks” permissions. Check with your Intune admins if your account can’t see device actions.
Network Connectivity:-
Remote actions depend on the device’s ability to communicate with the Intune service. If it’s offline, asleep without wake capabilities, or has lost connectivity, the request may be queued until the next check-in.
Step-by-Step: Restart a Device from Intune:-
Restarting a single Windows device via the Intune admin center takes just a few clicks:
Open the Intune Admin Center
Navigate to your Microsoft Intune admin center (Endpoint Manager). Sign in with your authorized account.
Go to Devices → Windows
In the left navigation, select Devices. Under Windows, locate the target device from the list or use the search box to find it by hostname, user, or serial number.
Open the Device Overview Page
Click the device name to open its Overview. Here, you’ll see essentials such as compliance status, OS version, management name, and last check-in time.
Click “Restart”
At the top of the device overview, you’ll find action buttons like Retire, Wipe, Delete, Remote lock, Sync, Reset passcode, and Restart.
Click Restart to send the reboot command to the device. Intune will queue and deliver the action via the device’s MDM channel.
Monitor Status
The action’s outcome may appear in the device’s Device actions status section or in activity logs. If the device is online and responsive, the restart should occur within a short window. If offline, Intune will apply the action when connectivity resumes (depending on the device state).
That’s it—no remote session needed, no user intervention required (unless your organization has specific prompts or policies).
What Actually Happens on the Device
When you trigger a restart:
Intune sends a command over the management channel.
The device receives the instruction, gracefully closes user applications where possible, and restarts the OS.
Users may see system prompts depending on open files or blocked processes. To reduce disruption, communicate planned restarts and enforce save policies when necessary.
Important: A restart is different from a shutdown or wipe. There is no data loss expected. However, unsaved work in open documents could be lost if the user hasn’t saved before the reboot. That’s why proactive communication and change windows matter.
Use Cases Where Remote Restart Shines
Post-Update Stability
After deploying cumulative updates, quality updates, or driver packages, restarting ensures the device boots with the new components loaded.
Stuck VPN or Security Client
If a security agent or VPN client is in a bad state, a reboot can refresh services and re-establish trust or connectivity.
Policy Baseline Application
After major configuration profiles (e.g., BitLocker policies, Defender settings, Firewall rules), a restart can “seal” the change and ensure services load correctly.
Rapid Service Desk Remediation
Instead of guiding a user through multiple steps, help desk operators can trigger the restart, confirm it completed, and re-run health checks remotely.
Best Practices for Safe, Predictable Remote Restarts
Communicate Clearly
If you’re initiating restarts during business hours, send a short message through your support channels: “We’re restarting your device to apply updates—please save work. This will take ~2–3 minutes.”
Leverage Maintenance Windows
For large-scale restarts (e.g., after a broad update rollout), schedule them during off-hours or defined maintenance windows to minimize impact.
Check Compliance & Health First
Use Intune’s device compliance and health signals to ensure the device is in a manageable state and will reconnect post-reboot.
Batch Carefully
Avoid restarting hundreds of devices simultaneously in environments with limited VPN concentrator capacity or critical workloads. Stagger actions.
Document in Runbooks
Include “Remote Restart via Intune” in your troubleshooting playbooks: Step 1—Attempt reboot; Step 2—Check health; Step 3—Escalate to repair actions if needed.
Troubleshooting: When the Restart Doesn’t Trigger
Sometimes, a device won’t reboot as expected. Common causes include:
Offline or Asleep
If the device is powered off or sleeping without wake capability, the action won’t apply until next check-in. Consider combining with wake-on-LAN strategies in managed networks (where applicable).
Network Isolation
Firewalls, broken VPN tunnels, or proxy issues may block MDM communication. Verify connectivity and device check-in status (last check-in time helps).
Insufficient Permissions
If you don’t see the Restart button or the action fails, review your Intune role permissions or ask an admin to assign the correct role.
Device Health Issues
Corrupt system files or stuck services can block a graceful restart. In such cases, add a follow-up plan (e.g., health scripts, remote repair, or user prompt to restart locally).
Scaling Beyond Single Devices
While the Restart button on a device’s overview is perfect for one-off actions, consider scalable patterns:
Dynamic Device Groups
Use Azure AD (Entra ID) dynamic groups to target specific subsets—e.g., “Windows 11, Sales Laptops, Compliant=True.” Although Intune’s built-in restart is per-device, grouping helps you identify and batch your manual actions strategically.
Automation & Runbooks
Pair your restart step with other checks (e.g., “ensure Defender signatures are current” or “confirm VPN client version”). Even if the final reboot is manual in the console, the overall process becomes repeatable.
Service Desk SOPs
Define a simple standard operating procedure:
Verify user impact
Trigger Intune restart
Wait for device to reappear as “online”
Re-check critical health signals (AV status, patch level, compliance)
Security and Governance Considerations
Remote actions are powerful—use them responsibly:
Least Privilege
Assign the smallest set of permissions needed for help desk operators. Not every operator needs wipe/retire. Custom roles in Intune can limit capabilities to safe tasks like Restart and Remote lock.
Audit Trail
Maintain logs of who initiated actions and when. If you have change-management requirements, record the ticket number or business justification before triggering the restart.
User Experience
Align restart policy with your UX principles. Inform users, avoid interrupting critical meetings, and prefer off-hours for non-urgent actions.
Q1: Will a remote restart cause data loss?
A restart does not intentionally delete user data. However, unsaved work can be lost if applications are open. Communicate and give users a minute to save when feasible.
Q2: Can I restart multiple devices at once?
The native flow is per device from the overview page. For broader scenarios, plan operational batches and use SOPs to restart targeted devices sequentially. Some organizations also orchestrate reboots via scripts and management APIs, but test carefully.
Q3: What if the device is offline?
The action will not apply until the device reconnects and checks in. If the device remains offline, contact the user or investigate network issues.
Q4: Is there a difference between Restart and Sync?
Yes. Restart reboots the OS. Sync forces the device to check in with the Intune service and pull the latest policies and app assignments. They serve different purposes and can be used together (e.g., sync first, then restart after changes).
Q5: Do users see any notification?
Depending on state and open apps, users may see system prompts or the system may restart directly. For a great experience, give advance notice via your communication tools.