PowerShell is not optional. If you're working with Microsoft Intune, Azure, or Entra ID every day, the command line is where the real work happens — device enrolment debugging, log triage, service health checks, and automation scripts that save hours of portal clicking. It's also a core expectation in both the MD-102 (Endpoint Administrator) and AZ-104 (Azure Administrator) exams.
This guide covers the 20 commands that appear over and over in real Intune and Azure environments. Not in abstract — with the exact module imports, file paths, service names, and output patterns you'll encounter on real managed devices. Each command is shown in its endpoint-management context, with simulated output so you know what to expect when it works.
Section 1 — Discovery: Know Your Environment (Commands 1–6)
Before you write a single script, you need to know what's available. These six commands are your orientation toolkit.
1. Get-Help
The most important command you'll ever use. Get-Help shows syntax, parameters, and examples for any cmdlet. Run Update-Help first to download the latest documentation locally.
Get-Help *intune* or Get-Help *Az* (with wildcards) to discover cmdlets you did not know existed. It searches both name and synopsis.2. Get-Command
Find any cmdlet, function, or alias by name or partial name. Especially useful after installing a new module — run this to see what got added.
3. Get-Module
Lists modules currently loaded in your session. Run this to confirm the right module version is active before scripting against Intune or Azure.
4. Import-Module
Loads a module into the current session. Every Intune automation script starts here — you cannot use Graph or Az cmdlets without importing the relevant module first.
Import-Module is still best practice in scripts — it makes dependencies explicit and fails fast if a module is missing.5. Get-Module -ListAvailable
Shows every module installed on the machine, not just ones loaded in the current session. Use this to audit which Az or Graph module versions are available before a script run.
6. Get-Alias
Shows short aliases for cmdlets. Essential for reading other people's scripts — when you see gci, where, or ? in a script, this tells you what they actually mean.
gci and ? are fine at the console, but scripts should use full cmdlet names — aliases can vary across platforms and PowerShell versions.Section 2 — Environment & Navigation (Commands 7–11)
Understanding execution policy, the drives PowerShell exposes, and where you are in the shell — these matter every time you run an Intune-deployed script or dig into a device's registry remotely.
7. Get-ExecutionPolicy
Returns the current execution policy. Intune runs scripts under the System context — the execution policy for SYSTEM is independent of the logged-on user. This is the first thing to check when a script silently refuses to run.
LocalMachine scope (or a GPO MachinePolicy override). Bypass is valid in Intune-deployed scripts — it scopes to that process only and does not change the machine setting.8. Set-ExecutionPolicy
Changes the execution policy. In endpoint management you normally set this via Intune policy — not interactively. But knowing the options matters for troubleshooting and writing remediation scripts.
Set-ExecutionPolicy Unrestricted globally is a security risk. If an Intune remediation script needs to run another script, use -Scope Process or -ExecutionPolicy Bypass on the powershell.exe call instead of changing the machine policy.9. Get-PSDrive
Lists all PowerShell drives — not just file-system paths. HKLM:, HKCU:, Cert:, and Env: are all PSDrives you can navigate with Set-Location and read with Get-ChildItem. Essential for registry and certificate work.
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\WindowsAutopatch\ClientBroker" -Name "Ring". Much cleaner than shelling out to reg.exe.10. Get-Location
Prints the current directory. Simple, but useful in scripts where you are changing directories and need to log or validate where you are at each step.
11. Set-Location
Changes the current working directory — or drive. Navigate into the registry or certificate store exactly as you would a filesystem. The alias is cd.
Section 3 — File & Folder Operations (Commands 12–16)
Managing log files, copying scripts to staging areas, and cleaning up temporary remediation files — these five cmdlets cover all of it.
12. Get-ChildItem
Lists files and folders (or registry keys, or certificate entries). The workhorse of endpoint log triage. Pair with Sort-Object and Select-Object to quickly find the most recent IME log.
13. New-Item
Creates new files, folders, or registry keys. Used in remediation scripts to create sentinel files (proof-of-run markers) or staging directories for deployments.
-Force when creating directories in remediation scripts. Without it the cmdlet throws a terminating error if the path already exists, and your script exits before it does any real work.14. Remove-Item
Deletes files, folders, or registry keys. Used in remediation scripts to remove broken registry entries, stale log archives, or failed deployment artefacts.
-Recurse -Force deletes silently with no recycle bin and no undo. In production scripts, always add a Test-Path guard and log what you are about to delete before you delete it.15. Copy-Item
Copies files or folders. Common in deployment scripts that copy binaries from a staging share to a local path before running an installer.
16. Move-Item
Moves (not copies) a file or folder. Used to archive old logs or move processed files to a done folder so they are not processed twice.
Section 4 — Processes, Services & Time (Commands 17–20)
Diagnosing a device that isn't checking into Intune, killing a stuck update process, verifying the IME service is running — these four cmdlets are the ones you reach for when something has gone wrong.
17. Get-Process
Lists running processes. Use it to check whether the Intune Management Extension agent is running, find runaway CPU consumers, or verify an installer has started.
18. Stop-Process
Terminates a running process. Use it carefully in Intune remediation scripts to kill a hung update process or restart the IME agent (stop + service restart is cleaner than stop alone).
Microsoft.Management.Services.IntuneWindowsAgent) without restarting the service will stall MDM check-ins until the service recovers. Prefer Restart-Service IntuneManagementExtension over a raw process kill.19. Get-Service
The single most-used troubleshooting command for Intune engineers. If a device is not checking in, the first three services to check are the IME, the Update Orchestrator, and Windows Update itself.
IntuneManagementExtension is stopped and you start it, watch C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log — you should see a check-in attempt within 30 seconds.20. Get-Date
Returns the current date and time. It appears in nearly every remediation script — for log file names, timestamp markers, age calculations, and conditional logic.
Combining Commands: Real Intune & Azure Pipeline Examples
Individual commands are useful. Combined with the pipeline operator (|), they become powerful one-liners. These three examples cover the most common real-world patterns.
Which of these 20 commands appear in exam scenarios?
- ✓
Get-ExecutionPolicy/Set-ExecutionPolicy— Intune script deployment, System context - ✓
Get-Service IntuneManagementExtension— device check-in troubleshooting - ✓
Import-Module Microsoft.Graph.Intune— programmatic device management - ✓
Get-ChildItemon IME log paths — evidence-based troubleshooting - ✓
Get-Date— remediation scripts and log timestamps
- ✓
Import-Module Az— connecting to Azure - ✓
Get-Module -ListAvailable— module version management - ✓
Get-Help Get-AzVM -Examples— exam tasks expect you to know how to find syntax - ✓
Get-PSDrive— understanding the Az: drive and Certificate: drive - ✓
Get-Process/Stop-Process— agent and process management on Azure VMs
Get-Service, Where-Object, and Select-Object in a single command.Quick Reference — All 20 Commands
| # | Command | What it does | Intune/Azure use case |
|---|---|---|---|
| 1 | Get-Help | Show cmdlet docs and examples | Discover Graph SDK syntax |
| 2 | Get-Command | Find cmdlets by name/module | Explore module contents post-import |
| 3 | Get-Module | List loaded modules | Verify Graph/Az module is active |
| 4 | Import-Module | Load a module into the session | Start of every Intune/Azure script |
| 5 | Get-Module -ListAvailable | List all installed modules | Audit available Graph/Az versions |
| 6 | Get-Alias | Resolve short aliases | Read other engineers' scripts |
| 7 | Get-ExecutionPolicy | Show current execution policy | Diagnose silent script failures |
| 8 | Set-ExecutionPolicy | Change execution policy | Configure Intune script environment |
| 9 | Get-PSDrive | List all PowerShell drives | Navigate HKLM: and Cert: stores |
| 10 | Get-Location | Print current directory | Debug scripts that change directory |
| 11 | Set-Location | Change current directory/drive | Navigate to IME log folder or registry |
| 12 | Get-ChildItem | List files, folders, reg keys | Find recent IME logs; list enrolments |
| 13 | New-Item | Create files, folders, reg keys | Create sentinel files; staging folders |
| 14 | Remove-Item | Delete files, folders, reg keys | Clean up stale deployment artefacts |
| 15 | Copy-Item | Copy files or folders | Stage scripts for local execution |
| 16 | Move-Item | Move or rename files | Archive processed logs |
| 17 | Get-Process | List running processes | Check IME agent is running |
| 18 | Stop-Process | Terminate a process | Kill stuck update processes |
| 19 | Get-Service | List Windows services | Verify IME + Windows Update are Running |
| 20 | Get-Date | Get current date/time | Timestamps in every log and script |
This list was inspired by Anuradha Kumari's LinkedIn post "Top 20 PowerShell Basic Commands for Intune & Azure Specialist" — a great reference sheet for anyone starting out in endpoint management. The examples and Intune/Azure context in this article are based on real-world endpoint engineering scenarios. Follow Anuradha on LinkedIn for more tips like this.
Official References
- Get-Help — Microsoft Learn
- Get-Command — Microsoft Learn
- Import-Module — Microsoft Learn
- Get-ExecutionPolicy — Microsoft Learn
- Set-ExecutionPolicy — Microsoft Learn
- Get-ChildItem — Microsoft Learn
- Get-Process — Microsoft Learn
- Get-Service — Microsoft Learn
- Intune Management Extension — Microsoft Learn