| title | Remote Device Action: Full Scan |
|---|---|
| description | Learn how to initiate on demand Microsoft Defender full scan with Microsoft Intune. |
| ms.date | 10/27/2025 |
| ms.topic | how-to |
The full scan remote action in Intune lets IT admins trigger a comprehensive malware scan on managed Windows devices using Microsoft Defender Antivirus. It checks all files and running processes, helping detect threats missed by quick scans.
This action is ideal when a device is suspected of compromise or when validating security baselines. Instead of waiting for scheduled scans or relying on user action, admins can launch a full scan directly from the Intune admin center.
:::row::: :::column span="1"::: [!INCLUDE platform]
:::column-end::: :::column span="3":::
This remote action supports the following platforms:
- Windows
:::column-end::: :::row-end:::
:::row::: :::column span="1":::
[!INCLUDE rbac] :::column-end::: :::column span="3":::
To run this remote action, use an account with at least one of the following roles:
- Help Desk Operator
- Endpoint Security Manager
- Custom role that includes:
- The permission Remote tasks/Windows defender
- Permissions that provide visibility into and access to managed devices in Intune (for example, Organization/Read, Managed devices/Read) :::column-end::: :::row-end:::
- In the Microsoft Intune admin center, select Devices > All devices.
- From the devices list, select a device.
- At the top of the device overview pane, find the row of remote action icons. Select Full scan.
- Microsoft Graph API: windowsDefenderScan action
- Configuration service provider (CSP) used to initiate the remote action: Defender CSP