Company logoHelp Center
Visit oncld.io

Intune Script For DNS Detection and Remediation

4 min. readlast update: 10.13.2024

In modern IT environments, ensuring devices have the correct network configuration is crucial for security and performance. Microsoft Intune offers powerful capabilities for managing devices and applying custom scripts to detect and remediate issues. This article focuses on using two PowerShell scripts within Intune—one for detecting DNS misconfigurations and another for remediating them.

Let’s walk through how these scripts can help maintain DNS compliance across your organization.

1. DNS Detection Script (Detect_Static_DNS_Servers.ps1)

The detection script is responsible for identifying devices that have incorrect DNS settings. Proper DNS configuration is vital for ensuring secure communication and preventing issues like network outages or performance degradation.

What the Detection Script Does:
- Retrieves all active network adapters on a device.
- Inspects the DNS server settings associated with each adapter.
- Checks if the DNS servers match the organization's required DNS addresses (e.g., corporate DNS or public DNS like Google’s 8.8.8.8).
- Outputs a message when a device is not configured with the correct DNS servers.

# How the Script Works:
```powershell
# Get all network adapters
$adapters = Get-NetAdapter | Where-Object { $_.Status -eq 'Up' }

# Check DNS server settings
foreach ($adapter in $adapters) {
    $dnsServers = Get-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex
    $staticDnsServers = $dnsServers | Where-Object { $_.ServerAddresses -contains '10.100.102.131' -or $_.ServerAddresses -contains '8.8.8.8' }
    
    if ($staticDnsServers.Count -eq 0) {
        Write-Host "Adapter $($adapter.Name) does not have the correct DNS servers configured."
    }
}
```

This script loops through each network adapter on the device and checks for the presence of DNS servers `10.100.102.131` (typically a corporate server) and `8.8.8.8` (Google DNS). If neither DNS server is found, it flags the adapter as non-compliant.

# How to Use in Intune:
- Upload the Detect_Static_DNS_Servers.ps1 script in Intune under Devices > Scripts.
- Assign it to relevant device groups.
- Set it to run regularly to monitor DNS compliance and ensure all devices have the correct configuration.

2. DNS Remediation Script (Set_Static_DNS_Servers.ps1)

Once the detection script has identified non-compliant devices, the remediation script is deployed to automatically fix the DNS settings. This script ensures that all network adapters on a device are configured with the correct DNS servers.

# What the Remediation Script Does:
- Retrieves all network adapters, regardless of their current status (up or down).
- Configures the specified DNS server addresses on each adapter.
- Ensures that all network adapters are compliant with the organization’s DNS policies.

# How the Script Works:
```powershell
# Get all network adapters
$adapters = Get-NetAdapter

# Set DNS server addresses
foreach ($adapter in $adapters) {
    Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses '10.100.102.131', '8.8.8.8'
    Write-Host "DNS servers configured for adapter $($adapter.Name)."
}
```

This script applies the correct DNS addresses (`10.100.102.131` and `8.8.8.8`) to all network adapters on the device, ensuring compliance.

# How to Use in Intune:
- Upload the Set_Static_DNS_Servers.ps1 script in Intune under Devices > Scripts.
- Assign it to the same device groups as the detection script.
- Set the script to run automatically on devices flagged as non-compliant by the detection script.

Deploying Detection and Remediation Scripts in Intune

Using Intune, you can automate both the detection and remediation of DNS issues to maintain compliance across your devices. Here’s a step-by-step process for deploying these scripts:

1. Upload and Deploy the Detection Script:
   - Navigate to Devices > Scripts in Intune and upload the detection script.
   - Assign it to the device groups you want to monitor for DNS compliance.
   - Configure the script to run periodically or after specific triggers (e.g., user logon or network configuration changes).

2. Monitor Compliance Reports:
   - Once the detection script runs, you’ll be able to see reports in the Intune dashboard that show which devices have incorrect DNS settings.

3. Upload and Deploy the Remediation Script:
   - After reviewing the compliance reports, upload the remediation script to fix non-compliant devices.
   - Assign the remediation script to the same device groups.
   - You can choose to run the remediation script automatically or manually, depending on your needs.

4. Automate the Process:
   - For a seamless experience, automate the remediation process so that it runs immediately after the detection script identifies non-compliant devices.

By using both detection and remediation scripts in Intune, IT admins can automate the process of ensuring proper DNS configuration across their organization. This helps maintain security, improves network performance, and ensures compliance with corporate policies. Through automated detection and remediation, organizations can focus on proactive device management while minimizing manual intervention.

Was this article helpful?