Skip to content
Griffin31 Help Center

Intune Script For DNS Detection and Remediation

DNS Configuration Management Scripts for Microsoft Intune

Section titled “DNS Configuration Management Scripts for Microsoft Intune”

Overview

Section titled “Overview”

In modern IT environments, ensuring devices have correct network configuration is crucial for security and performance. This solution provides two PowerShell scripts for Microsoft Intune that automate the detection and remediation of DNS misconfigurations across your organization’s device fleet.

Solution Architecture

Section titled “Solution Architecture”
ComponentFunctionBusiness Value
Detection ScriptIdentifies devices with incorrect DNS settingsProactive identification of network configuration issues
Remediation ScriptAutomatically applies correct DNS configurationAutomated resolution without manual intervention
Intune IntegrationCentralized management and reportingScalable enforcement across entire organization

Detection Script: Detect_Static_DNS_Servers.ps1

Section titled “Detection Script: Detect_Static_DNS_Servers.ps1”

Purpose

Section titled “Purpose”

The detection script identifies devices that have incorrect DNS server settings, which is vital for ensuring secure communication and preventing network performance issues.

Technical Operations

Section titled “Technical Operations”

Network Adapter Analysis

Section titled “Network Adapter Analysis”
  • Retrieves all active network adapters on the device
  • Filters adapters with status “Up” to focus on currently connected interfaces
  • Examines DNS server settings for each active adapter

Compliance Verification

Section titled “Compliance Verification”
  • Checks for required DNS servers: 10.100.102.131 (corporate) and 8.8.8.8 (Google DNS)
  • Flags adapters that don’t have the correct DNS configuration
  • Provides detailed feedback for non-compliant adapters

Implementation

Section titled “Implementation”
Terminal window
# Get all network adapters
$adapters = Get-NetAdapter | Where-Object { $_.Status -eq 'Up' }


# Check DNS server settings
foreach ($adapter in $adapters) {
    $dnsServers = Get-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex
    $staticDnsServers = $dnsServers | Where-Object { $_.ServerAddresses -contains '10.100.102.131' -or $_.ServerAddresses -contains '8.8.8.8' }


    if ($staticDnsServers.Count -eq 0) {
        Write-Host "Adapter $($adapter.Name) does not have the correct DNS servers configured."
    }
}

Remediation Script: Set_Static_DNS_Servers.ps1

Section titled “Remediation Script: Set_Static_DNS_Servers.ps1”

Purpose

Section titled “Purpose”

Once non-compliant devices are identified, the remediation script automatically fixes DNS settings to ensure all network adapters are configured with the correct DNS servers.

Technical Operations

Section titled “Technical Operations”

Comprehensive Adapter Processing

Section titled “Comprehensive Adapter Processing”
  • Retrieves all network adapters regardless of current status
  • Ensures both active and inactive adapters receive proper configuration
  • Applies consistent DNS settings across all interfaces

DNS Configuration Application

Section titled “DNS Configuration Application”
  • Sets required DNS servers: 10.100.102.131 and 8.8.8.8
  • Configures DNS settings for each adapter using Set-DnsClientServerAddress
  • Provides confirmation for each successful configuration

Implementation

Section titled “Implementation”
Terminal window
# Get all network adapters
$adapters = Get-NetAdapter


# Set DNS server addresses
foreach ($adapter in $adapters) {
    Set-DnsClientServerAddress -InterfaceIndex $adapter.InterfaceIndex -ServerAddresses '10.100.102.131', '8.8.8.8'
    Write-Host "DNS servers configured for adapter $($adapter.Name)."
}

Intune Deployment Strategy

Section titled “Intune Deployment Strategy”

1. Detection Script Deployment

Section titled “1. Detection Script Deployment”

Configuration Steps

Section titled “Configuration Steps”
  • Navigate to Devices > Scripts in Microsoft Intune
  • Upload Detect_Static_DNS_Servers.ps1 script
  • Assign to relevant device groups based on organizational structure

Scheduling Options

Section titled “Scheduling Options”
  • Periodic Execution: Configure to run regularly for continuous monitoring
  • Event-Triggered: Set to run after network configuration changes
  • User Logon: Execute when users sign in to ensure current settings

2. Compliance Monitoring

Section titled “2. Compliance Monitoring”

Dashboard Analytics

Section titled “Dashboard Analytics”
  • Monitor Intune compliance reports to identify non-compliant devices
  • Track DNS configuration trends over time
  • Generate reports for security audits and compliance verification

Alert Configuration

Section titled “Alert Configuration”
  • Set up notifications for administrators when devices are flagged
  • Configure automated remediation triggers
  • Establish escalation procedures for persistent issues

3. Remediation Script Deployment

Section titled “3. Remediation Script Deployment”

Automation Setup

Section titled “Automation Setup”
  • Upload Set_Static_DNS_Servers.ps1 to the same device groups
  • Configure automatic remediation for devices flagged by detection script
  • Set appropriate execution schedules to minimize user impact

Validation Process

Section titled “Validation Process”
  • Monitor remediation success rates through Intune reporting
  • Verify DNS configuration changes are applied correctly
  • Establish rollback procedures for unexpected issues

Key Benefits

Section titled “Key Benefits”

Ideal for: Organizations requiring consistent DNS configuration across device fleets

Security Advantages

Section titled “Security Advantages”
  • Prevents DNS Hijacking: Ensures devices use trusted DNS servers
  • Improves Network Security: Reduces exposure to malicious DNS responses
  • Enhances Compliance: Maintains consistent security posture

Operational Benefits

Section titled “Operational Benefits”
  • Automated Enforcement: Eliminates manual DNS configuration tasks
  • Scalable Management: Applies policies across thousands of devices
  • Proactive Monitoring: Identifies issues before they impact users
  • Reduced Support Tickets: Minimizes network connectivity problems

Performance Improvements

Section titled “Performance Improvements”
  • Optimized Resolution: Uses reliable DNS servers for faster name resolution
  • Reduced Latency: Corporate DNS server provides optimized performance
  • Improved Reliability: Backup DNS ensures continuous service availability

Technical Requirements

Section titled “Technical Requirements”

Prerequisites

Section titled “Prerequisites”
  • Microsoft Intune subscription with device management
  • PowerShell execution policy allowing script deployment
  • Administrative privileges for network configuration changes
  • Windows devices with network adapter management capabilities

DNS Server Specifications

Section titled “DNS Server Specifications”
  • Primary DNS: 10.100.102.131 (Corporate DNS server)
  • Secondary DNS: 8.8.8.8 (Google Public DNS)
  • Protocol Support: Standard DNS over TCP/UDP port 53

Important Considerations

Section titled “Important Considerations”

Network Impact: DNS changes may temporarily affect network connectivity. Consider deploying during maintenance windows.

Customization Required: Update DNS server addresses in scripts to match your organization’s specific infrastructure requirements.

Testing Protocol: Always validate scripts in a pilot environment before organization-wide deployment.

User Communication: Inform users about potential brief network interruptions during DNS configuration updates.

Conclusion

Section titled “Conclusion”

Key Takeaway: Automated DNS configuration management through Intune provides a scalable, reliable solution for maintaining network security and performance across your organization. By implementing both detection and remediation scripts, IT administrators can ensure consistent DNS compliance while minimizing manual intervention and support overhead.