Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The quick scan remote action in Microsoft Intune enables IT administrators to start a targeted malware scan on managed Windows devices by using Microsoft Defender Antivirus. This action scans key system areas where threats commonly appear—such as memory, startup folders, and running processes—without performing a full system sweep.
Quick scans are especially useful for routine health checks, validating recent policy deployments, or responding to low-risk alerts. By triggering a scan remotely from the Intune admin center, IT teams can quickly assess device health and ensure protection is up to date—without waiting for the next scheduled scan or relying on user intervention.
Prerequisites
Device platform requirements
This remote action supports the following platform:
- Windows
Roles requirements
To run this remote action, use an account with at least one of the following roles:
- Help Desk Operator
- Endpoint Security Manager
- Custom role that includes:
- The permission Remote tasks/Windows defender
- Permissions that provide visibility into and access to managed devices in Intune (for example, Organization/Read, Managed devices/Read)
How to initiate a quick scan from the Intune admin center
- In the Microsoft Intune admin center, select Devices > All devices.
- From the devices list, select a device.
- At the top of the device overview pane, find the row of remote action icons. Select Quick scan.
Reference links
- Microsoft Graph API: windowsDefenderScan action
- Configuration service provider (CSP) used to initiate the remote action: Defender CSP