Back to all tools
PS ScriptTroubleshooting

Get-AutopilotDiagnosticsCommunity

A PowerShell diagnostic script for analyzing Windows Autopilot deployments. Provides comprehensive details about Autopilot profile settings, policies, apps, and certificate profiles tracked via Enrollment Status Page, with support for local PC analysis and captured log files.

Works with
WindowsAutopilot
Created by
Andrew Taylor
Andrew Taylor
GitHubDownload

Security Analysis

2of 6
4 Issues Found

50 files scanned on Jan 8, 2026

Issues Detected
No Remote Execution
No download-and-execute patterns
Downloads remote scripts (backup.bat, NEWrestore.bat, run-invisible.vbs) from GitHub and creates a scheduled task to run them, enabling remote code execution and potential persistence without validation or integrity checks.
No Data Exfiltration
No suspicious outbound data transfers
Collects hardware identifiers (serialNumber, hardwareId, groupTag) and posts them to an external webhook, effectively exfiltrating device identifiers.
No Malicious Patterns
No known malware techniques
VBScript launches a backup script invisibly, enabling covert execution that may evade user awareness.
No Hardcoded Secrets
No API keys or credentials in code
Contains a hardcoded placeholder webhook URL (WEBHOOK URL HERE); embedding or shipping secrets/endpoints in code increases risk of leakage.
Passed Checks
No Obfuscated Code
No Credential Theft
AI Analysis

High-severity issues detected: remote code fetch and execution from external URLs (backupprofile.ps1), and data exfiltration of hardware identifiers to an external webhook (remediate-harvest.ps1). Several hardcoded secrets/placeholders (WEBHOOK URL HERE) and potential persistence mechanisms (scheduled tasks for driver updates, user backup, hidden execution) present risks for abuse or covert activity. Additionally, a function demonstrates Graph API usage for device enrollment, which could be misused if not properly secured. Recommendations: remove or harden remote script downloads; sign and verify scripts; avoid hidden/invisible execution; store credentials and tokens securely (e.g., Azure Key Vault); implement least-privilege scheduling and auditing; validate and restrict Graph API operations; replace hardcoded endpoints with configurable, access-controlled controls; monitor and log script executions and webhook activity.

You might also like

PS Script

Get-IntuneManagementExtensionDiagnostics

A PowerShell script for analyzing Intune Management Extension logs and creating timeline reports. Tracks Win32App deployments, WinGetApp packages, PowerShell scripts, Proactive Remediations, Custom Compliance, and Autopilot ESP phases with HTML reports and integrated LogViewerUI.

Petri PaavolaPetri Paavola
PS Script

Intune Device Details GUI

A PowerShell-based GUI tool for visualizing comprehensive Intune device information. Shows Azure AD group memberships, Intune filter assignments, application and configuration targeting, BitLocker recovery keys, LAPS passwords, Autopilot profiles, and remediation script status with color-coded assignment states.

Petri PaavolaPetri Paavola
PS Script

Endpoint Analytics Remediation Scripts

A community-driven repository of 86+ PowerShell detection and remediation scripts for Microsoft Intune Endpoint Analytics. Includes scripts for system health, security hardening, device management, application management, optimization, and diagnostics.

Jannik ReinhardJannik Reinhard
PS Script

Intune Log Collector

Intune Log Collector is an Azure-based solution that collects logs from Intune-managed devices, including files, directories, and event logs. It deploys a Function App, Storage Account, and Key Vault, with the Remediation script driving log collection per LogsGatherRules.json and uploading a compressed archive to the logs container. Deployments support Azure Template Spec (Bicep/ARM) or direct ARM templates, with optional UI and post-deployment steps.

Nickolaj AndersenNickolaj Andersen