HomeNewsletterCommunityToolsArchiveBlogToday's NewsAboutQuick Links Subscribe free
← Back to Blog
Guides PowerShellIntuneAzureEntra IDMD-102AZ-104Automation

Top 20 PowerShell Commands Every Intune & Azure Engineer Needs

IA
Imran Awan
1 July 2026

PowerShell is not optional. If you're working with Microsoft Intune, Azure, or Entra ID every day, the command line is where the real work happens — device enrolment debugging, log triage, service health checks, and automation scripts that save hours of portal clicking. It's also a core expectation in both the MD-102 (Endpoint Administrator) and AZ-104 (Azure Administrator) exams.

This guide covers the 20 commands that appear over and over in real Intune and Azure environments. Not in abstract — with the exact module imports, file paths, service names, and output patterns you'll encounter on real managed devices. Each command is shown in its endpoint-management context, with simulated output so you know what to expect when it works.

Section 1 — Discovery: Know Your Environment (Commands 1–6)

Before you write a single script, you need to know what's available. These six commands are your orientation toolkit.

1. Get-Help

The most important command you'll ever use. Get-Help shows syntax, parameters, and examples for any cmdlet. Run Update-Help first to download the latest documentation locally.

Windows PowerShell
Get-Help Get-IntuneDeviceCompliancePolicy
Get-Help Get-AzVM -Examples
Get-Help Get-MgDevice -Full   # Graph SDK cmdlet — full param reference
NAME Get-IntuneDeviceCompliancePolicy SYNOPSIS Returns compliance policies from the Intune service. SYNTAX Get-IntuneDeviceCompliancePolicy [[-deviceCompliancePolicyId] <String>] [<CommonParameters>]
Tip: Use Get-Help *intune* or Get-Help *Az* (with wildcards) to discover cmdlets you did not know existed. It searches both name and synopsis.

2. Get-Command

Find any cmdlet, function, or alias by name or partial name. Especially useful after installing a new module — run this to see what got added.

Windows PowerShell
Get-Command -Module "Microsoft.Graph.Intune"
Get-Command -Name "*Compliance*"   # find anything with Compliance in the name
Get-Command -Name "*Az*" -Module "Az.Compute"
CommandType Name Version Source ----------- ---- ------- ------ Cmdlet Get-IntuneDeviceCompliancePolicy 6.2.0 Microsoft.Graph.Intune Cmdlet New-IntuneDeviceCompliancePolicy 6.2.0 Microsoft.Graph.Intune Cmdlet Set-IntuneDeviceCompliancePolicy 6.2.0 Microsoft.Graph.Intune

3. Get-Module

Lists modules currently loaded in your session. Run this to confirm the right module version is active before scripting against Intune or Azure.

Windows PowerShell
Get-Module   # show what is loaded right now
Get-Module -Name "Az.*"   # all Az modules currently imported
Get-Module "Microsoft.Graph*"
ModuleType Version PreRelease Name ExportedCommands ---------- ------- ---------- ---- ---------------- Script 2.18.0 Microsoft.Graph.Beta {Get-MgBetaDevice...} Script 2.18.0 Microsoft.Graph.Intune {Get-IntuneDevice...}

4. Import-Module

Loads a module into the current session. Every Intune automation script starts here — you cannot use Graph or Az cmdlets without importing the relevant module first.

Windows PowerShell
# Intune + Graph SDK
Import-Module "Microsoft.Graph.Intune"
Import-Module "Microsoft.Graph.DeviceManagement"

# Azure
Import-Module "Az"
Import-Module "Az.Accounts", "Az.Compute", "Az.KeyVault"
Note: In modern PowerShell 7 environments, modules auto-import when you first call a cmdlet from them. Explicit Import-Module is still best practice in scripts — it makes dependencies explicit and fails fast if a module is missing.

5. Get-Module -ListAvailable

Shows every module installed on the machine, not just ones loaded in the current session. Use this to audit which Az or Graph module versions are available before a script run.

Windows PowerShell
Get-Module -ListAvailable | Where-Object {$_.Name -like "*Graph*"} | Select Name, Version
Get-Module -ListAvailable "Az.*" | Sort-Object Version -Descending
Name Version ---- ------- Microsoft.Graph.Intune 6.2.0 Microsoft.Graph.DeviceManagement 2.18.0 Microsoft.Graph.Authentication 2.18.0 Microsoft.Graph.Beta 2.18.0

6. Get-Alias

Shows short aliases for cmdlets. Essential for reading other people's scripts — when you see gci, where, or ? in a script, this tells you what they actually mean.

Windows PowerShell
Get-Alias gci    # → Get-ChildItem
Get-Alias where  # → Where-Object
Get-Alias select # → Select-Object
Get-Alias ?      # → Where-Object (another alias for the same cmdlet)
Gotcha: Never use aliases in production scripts. gci and ? are fine at the console, but scripts should use full cmdlet names — aliases can vary across platforms and PowerShell versions.

Section 2 — Environment & Navigation (Commands 7–11)

Understanding execution policy, the drives PowerShell exposes, and where you are in the shell — these matter every time you run an Intune-deployed script or dig into a device's registry remotely.

7. Get-ExecutionPolicy

Returns the current execution policy. Intune runs scripts under the System context — the execution policy for SYSTEM is independent of the logged-on user. This is the first thing to check when a script silently refuses to run.

Windows PowerShell
Get-ExecutionPolicy
Get-ExecutionPolicy -List   # show all scopes: MachinePolicy, UserPolicy, Process, CurrentUser, LocalMachine
Scope ExecutionPolicy ----- --------------- MachinePolicy Undefined UserPolicy Undefined Process Undefined CurrentUser Undefined LocalMachine RemoteSigned
Intune context: Scripts deployed via Intune run as SYSTEM. The effective policy for SYSTEM is the LocalMachine scope (or a GPO MachinePolicy override). Bypass is valid in Intune-deployed scripts — it scopes to that process only and does not change the machine setting.

8. Set-ExecutionPolicy

Changes the execution policy. In endpoint management you normally set this via Intune policy — not interactively. But knowing the options matters for troubleshooting and writing remediation scripts.

Windows PowerShell
# Bypass for the current process only (standard in Intune-deployed scripts)
Set-ExecutionPolicy Bypass -Scope Process -Force

# Or set the machine-level policy (requires admin rights)
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force
Watch out: Set-ExecutionPolicy Unrestricted globally is a security risk. If an Intune remediation script needs to run another script, use -Scope Process or -ExecutionPolicy Bypass on the powershell.exe call instead of changing the machine policy.

9. Get-PSDrive

Lists all PowerShell drives — not just file-system paths. HKLM:, HKCU:, Cert:, and Env: are all PSDrives you can navigate with Set-Location and read with Get-ChildItem. Essential for registry and certificate work.

Windows PowerShell
Get-PSDrive
Get-PSDrive -PSProvider Registry   # just the registry drives
Get-PSDrive -PSProvider Certificate # certificate store as a drive
Name Used (GB) Free (GB) Provider Root ---- --------- --------- -------- ---- C 84.2 134.1 FileSystem C:\ HKCU Registry HKEY_CURRENT_USER HKLM Registry HKEY_LOCAL_MACHINE Cert Certificate \ Env Environment
Tip: To read a registry value in a script, use the HKLM: drive directly: Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsAutopatch\ClientBroker" -Name "Ring". Much cleaner than shelling out to reg.exe.

10. Get-Location

Prints the current directory. Simple, but useful in scripts where you are changing directories and need to log or validate where you are at each step.

Windows PowerShell
$currentPath = (Get-Location).Path
Write-Host "Currently at: $currentPath"

# Navigate to the IME log folder and confirm
Set-Location "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs"
Get-Location
Path ---- C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

11. Set-Location

Changes the current working directory — or drive. Navigate into the registry or certificate store exactly as you would a filesystem. The alias is cd.

Windows PowerShell
# Jump to the IME log folder
Set-Location "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs"

# Navigate the registry like a filesystem
Set-Location "HKLM:\SOFTWARE\Microsoft\Enrollments"
Get-ChildItem   # list all enrolment GUIDs
Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments Name Property ---- -------- {B3F4...} DeviceEnrollmentType : 6 {C1A9...} DeviceEnrollmentType : 6

Section 3 — File & Folder Operations (Commands 12–16)

Managing log files, copying scripts to staging areas, and cleaning up temporary remediation files — these five cmdlets cover all of it.

12. Get-ChildItem

Lists files and folders (or registry keys, or certificate entries). The workhorse of endpoint log triage. Pair with Sort-Object and Select-Object to quickly find the most recent IME log.

Windows PowerShell
# 5 most recent IME log files
Get-ChildItem "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs" | Sort-Object LastWriteTime -Descending | Select-Object -First 5

# All .log files modified in the last 24h
Get-ChildItem "C:\Windows\Logs" -Filter "*.log" -Recurse | Where-Object { $_.LastWriteTime -gt (Get-Date).AddHours(-24) }
Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 01/07/2026 09:14 184221 IntuneManagementExtension-20260701-0914.log -a---- 01/07/2026 07:00 149033 IntuneManagementExtension-20260701-0700.log -a---- 30/06/2026 17:22 203451 IntuneManagementExtension-20260630-1722.log

13. New-Item

Creates new files, folders, or registry keys. Used in remediation scripts to create sentinel files (proof-of-run markers) or staging directories for deployments.

Windows PowerShell
# Create a staging folder for a software deployment
New-Item -Path "C:\Staging\Deploy" -ItemType Directory -Force

# Create a sentinel file (Intune detection script checks for this)
New-Item -Path "C:\ProgramData\CompanyName\remediation-ran.txt" -ItemType File -Force

# Create a registry key
New-Item -Path "HKLM:\SOFTWARE\CompanyName\Settings" -Force
Tip: Always use -Force when creating directories in remediation scripts. Without it the cmdlet throws a terminating error if the path already exists, and your script exits before it does any real work.

14. Remove-Item

Deletes files, folders, or registry keys. Used in remediation scripts to remove broken registry entries, stale log archives, or failed deployment artefacts.

Windows PowerShell
# Delete a specific file
Remove-Item -Path "C:\Staging\broken-script.ps1" -Force

# Remove a folder and everything in it
Remove-Item -Path "C:\OldDeployment" -Recurse -Force

# Delete a registry value (not the whole key)
Remove-ItemProperty -Path "HKLM:\SOFTWARE\CompanyName" -Name "StaleFlag"
Watch out: -Recurse -Force deletes silently with no recycle bin and no undo. In production scripts, always add a Test-Path guard and log what you are about to delete before you delete it.

15. Copy-Item

Copies files or folders. Common in deployment scripts that copy binaries from a staging share to a local path before running an installer.

Windows PowerShell
# Copy a script to a local staging path
Copy-Item -Path "\\fileserver\share\scripts\fix-compliance.ps1" -Destination "C:\Staging\" -Force

# Copy an entire folder (Recurse for subfolders)
Copy-Item -Path "C:\Source\AppFiles" -Destination "C:\Deploy\AppFiles" -Recurse -Force

16. Move-Item

Moves (not copies) a file or folder. Used to archive old logs or move processed files to a done folder so they are not processed twice.

Windows PowerShell
# Archive a log file after processing
Move-Item -Path "C:\Staging\processed.log" -Destination "C:\Archive\processed.log" -Force

# Rename while moving (same path, new name)
Move-Item -Path "C:\Temp\script.ps1" -Destination "C:\Scripts\deploy-v2.ps1"

Section 4 — Processes, Services & Time (Commands 17–20)

Diagnosing a device that isn't checking into Intune, killing a stuck update process, verifying the IME service is running — these four cmdlets are the ones you reach for when something has gone wrong.

17. Get-Process

Lists running processes. Use it to check whether the Intune Management Extension agent is running, find runaway CPU consumers, or verify an installer has started.

Windows PowerShell
# Is the IME agent process running?
Get-Process -Name "Microsoft.Management.Services.IntuneWindowsAgent" -ErrorAction SilentlyContinue

# Top 10 CPU consumers
Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 Name, CPU, Id
Handles NPM(K) PM(K) WS(K) CPU(s) Id ProcessName ------- ------ ----- ----- ------ -- ----------- 412 36 87244 94112 14.63 4812 Microsoft.Management.Services.IntuneWindowsAgent

18. Stop-Process

Terminates a running process. Use it carefully in Intune remediation scripts to kill a hung update process or restart the IME agent (stop + service restart is cleaner than stop alone).

Windows PowerShell
# Stop by name (kills all instances)
Stop-Process -Name "usocoreworker" -Force

# Stop by process ID (safer — targets exactly one instance)
$proc = Get-Process -Name "MoUsoCoreWorker"
Stop-Process -Id $proc.Id -Force
Gotcha: Stopping the Intune Management Extension process (Microsoft.Management.Services.IntuneWindowsAgent) without restarting the service will stall MDM check-ins until the service recovers. Prefer Restart-Service IntuneManagementExtension over a raw process kill.

19. Get-Service

The single most-used troubleshooting command for Intune engineers. If a device is not checking in, the first three services to check are the IME, the Update Orchestrator, and Windows Update itself.

Windows PowerShell
# Check the IME service state
Get-Service -Name "IntuneManagementExtension"

# Check all update-related services at once
Get-Service | Where-Object {$_.Name -match "Intune|Update|Wmi|MDM|dmwappushsvc"} | Select-Object Name, Status, StartType
Status Name DisplayName ------ ---- ----------- Running IntuneManagementExtension Microsoft Intune Management Extension Running wuauserv Windows Update Running UsoSvc Update Orchestrator Service Stopped dmwappushsvc Device Management WAP Push message Routing Service
Intune context: If IntuneManagementExtension is stopped and you start it, watch C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log — you should see a check-in attempt within 30 seconds.

20. Get-Date

Returns the current date and time. It appears in nearly every remediation script — for log file names, timestamp markers, age calculations, and conditional logic.

Windows PowerShell
# ISO 8601 timestamp for log entries
$ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Write-Host "[$ts] Remediation started"

# Log file name with datestamp
$logFile = "C:\Logs\remediation-" + (Get-Date -Format "yyyyMMdd-HHmmss") + ".log"

# Check if a file is older than 7 days
$age = (Get-Date) - (Get-Item "C:\Staging\marker.txt").LastWriteTime
if ($age.Days -gt 7) { Write-Host "File is stale" }

Combining Commands: Real Intune & Azure Pipeline Examples

Individual commands are useful. Combined with the pipeline operator (|), they become powerful one-liners. These three examples cover the most common real-world patterns.

Windows PowerShell — Pipeline Examples
# 1. Find all services with Intune in their name
Get-Service | Where-Object {$_.Name -like "*Intune*"} | Select-Object Name, Status

# 2. Show the 5 most recently modified IME log files
Get-ChildItem "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs" |
    Sort-Object LastWriteTime -Descending |
    Select-Object -First 5 Name, LastWriteTime, Length

# 3. Find runaway processes using more than 100s of CPU
Get-Process | Where-Object {$_.CPU -gt 100} | Sort-Object CPU -Descending | Select-Object Name, CPU, Id
# Output 1 Status Name ------ ---- Running IntuneManagementExtension # Output 2 Name LastWriteTime Length ---- ------------- ------ IntuneManagementExtension-20260701-0914.log 01/07/2026 09:14:22 184221 IntuneManagementExtension-20260701-0700.log 01/07/2026 07:00:44 149033 # Output 3 Name CPU Id ---- --- -- MicrosoftEdge 342.4 9812 SearchIndexer 187.2 4632
MD-102 & AZ-104 Exam Callout

Which of these 20 commands appear in exam scenarios?

MD-102 (Endpoint Administrator)
  • Get-ExecutionPolicy / Set-ExecutionPolicy — Intune script deployment, System context
  • Get-Service IntuneManagementExtension — device check-in troubleshooting
  • Import-Module Microsoft.Graph.Intune — programmatic device management
  • Get-ChildItem on IME log paths — evidence-based troubleshooting
  • Get-Date — remediation scripts and log timestamps
AZ-104 (Azure Administrator)
  • Import-Module Az — connecting to Azure
  • Get-Module -ListAvailable — module version management
  • Get-Help Get-AzVM -Examples — exam tasks expect you to know how to find syntax
  • Get-PSDrive — understanding the Az: drive and Certificate: drive
  • Get-Process / Stop-Process — agent and process management on Azure VMs
Both exams test pipeline usage — expect scenario questions that require you to combine Get-Service, Where-Object, and Select-Object in a single command.

Quick Reference — All 20 Commands

# Command What it does Intune/Azure use case
1Get-HelpShow cmdlet docs and examplesDiscover Graph SDK syntax
2Get-CommandFind cmdlets by name/moduleExplore module contents post-import
3Get-ModuleList loaded modulesVerify Graph/Az module is active
4Import-ModuleLoad a module into the sessionStart of every Intune/Azure script
5Get-Module -ListAvailableList all installed modulesAudit available Graph/Az versions
6Get-AliasResolve short aliasesRead other engineers' scripts
7Get-ExecutionPolicyShow current execution policyDiagnose silent script failures
8Set-ExecutionPolicyChange execution policyConfigure Intune script environment
9Get-PSDriveList all PowerShell drivesNavigate HKLM: and Cert: stores
10Get-LocationPrint current directoryDebug scripts that change directory
11Set-LocationChange current directory/driveNavigate to IME log folder or registry
12Get-ChildItemList files, folders, reg keysFind recent IME logs; list enrolments
13New-ItemCreate files, folders, reg keysCreate sentinel files; staging folders
14Remove-ItemDelete files, folders, reg keysClean up stale deployment artefacts
15Copy-ItemCopy files or foldersStage scripts for local execution
16Move-ItemMove or rename filesArchive processed logs
17Get-ProcessList running processesCheck IME agent is running
18Stop-ProcessTerminate a processKill stuck update processes
19Get-ServiceList Windows servicesVerify IME + Windows Update are Running
20Get-DateGet current date/timeTimestamps in every log and script

This list was inspired by Anuradha Kumari's LinkedIn post "Top 20 PowerShell Basic Commands for Intune & Azure Specialist" — a great reference sheet for anyone starting out in endpoint management. The examples and Intune/Azure context in this article are based on real-world endpoint engineering scenarios. Follow Anuradha on LinkedIn for more tips like this.

Official References

Share this post
LinkedIn X / Twitter Reddit Bluesky

More from EndpointWeekly

Autopilot
Windows Autopilot: Complete Device Lifecycle Management Guide
Zero-touch provisioning from factory to fully managed desktop. Complete guide to…
Intune
Top 10 Intune PowerShell Commands Every Admin Should Know
These 10 Microsoft Graph PowerShell commands are the foundation every IT admin and EUC…
Scripts
Get the Primary User and Last Sync Time for Any Intune Device —…
You export a list of devices and all you get is hostnames. This script feeds that CSV…