A powerful PowerShell tool for creating and deploying Windows Toast Notifications through Microsoft Intune. This script enables enterprise IT teams to deliver system-level notifications with customizable content, actions, and deployment options.
Toast Notifications are native Windows alerts that appear in the user's notification center and desktop corner. They're ideal for enterprise communications requiring user acknowledgment or action. This tool provides an interactive interface to create notifications and export them as ready-to-deploy Intune remediation scripts.
Key Capabilities:
- Interactive notification builder with real-time preview
- Customizable action buttons with URL routing
- Conditional acknowledgement requirements with automatic timing
- Multiple export formats (single script or detection/remediation pair)
- Enter notification title and message
- Configure optional action button with URL
- Set acknowledgement requirements
- Custom app source/identifier (appears as notification source)
- Test notifications locally before deployment
- Verify appearance and behavior on your device
- Confirm action buttons work correctly
- Validate timing and persistence settings
- Single PowerShell script for direct deployment
- Executes on all assigned devices
- Ideal for informational notifications
- Timestamped automatic naming
- Conditional deployment based on detection logic
- Display notification only if conditions are met
- Perfect for policy compliance and issue remediation
- Enables sophisticated targeting scenarios
- Timestamped automatic naming for both scripts
- Title: Notification headline (e.g., "Security Update Required")
- Message: Detailed notification content
- App Source: Custom branding (e.g., "IT Administration", "Security Team")
- Action Button: Optional clickable button with URL destination
- Duration:
- 30 seconds for standard notifications
- 10 minutes for acknowledgement-required notifications
- Dismiss Button: Available when acknowledgement is required but no action button
- Saves last used settings automatically
- Persistent configuration stored in
%APPDATA%\ToastNotificationConfig.json - Quick access to previous values with Enter key
- Reduces repetitive data entry
- Windows: Windows 10 or later
- PowerShell: Version 5.1 or later
- Execution Policy: RemoteSigned or Unrestricted
- Intune: Microsoft Endpoint Manager administrative access (for deployment)
- Clone or download the repository
- Extract
ToastNotification.ps1to your desired location - Run the script:
powershell -ExecutionPolicy Bypass -File ".\ToastNotification.ps1"
.\ToastNotification.ps1The script displays:
- ASCII art banner with creator attribution
- Main menu for notification configuration
- Interactive prompts for each notification property
Title
- Displayed prominently in the notification
- Example: "Security Update Required"
- Default: Previously entered value (saved in configuration)
Message
- Body text explaining the notification
- Example: "A critical security patch is available. Please restart your system by EOD Friday."
- Default: Previously entered value
App Source/Identifier
- Shows who sent the notification (IT Attribution)
- Example: "IT Administration", "Security Team", "Company Support"
- Default: "IT.Administrator"
- Appears in notification center and logs
Add Action Button? (y/N)
- Press
yto add an interactive button - Press
Nto skip (or just press Enter for default)
If YES:
- Button Text: Label for the button (default: "Open")
- Button URL: Destination when clicked (default: "https://www.microsoft.com")
- Important: Action button automatically enables 10-minute persistent display
- A "Dismiss" button is also added for user acknowledgement
If NO:
- Proceeds to acknowledgement question
- Action button is omitted
- Only "Dismiss" button available if acknowledgement required
Require Acknowledgement? (y/N)
- Press
yfor persistent 10-minute display - Press
Nfor auto-dismiss after 30 seconds - Only shown if no action button is configured
- Action buttons automatically enforce acknowledgement
After configuration, choose your next action:
1. Test Notification
- Displays the notification immediately on your device
- Verifies appearance and functionality before deployment
- Tests action button routing and dismiss behavior
- Outcome: Visual confirmation notification works correctly
2. Export Detection + Remediation Scripts
- Creates two paired PowerShell scripts
- Asks for output directory (auto-creates if needed)
- Files auto-named with timestamp:
Toast[Detection|Remediation]_yyyyMMdd_HHmmss.ps1 - Generates accompanying README.md
- Outcome: Ready for Intune conditional deployment
- Use When: You need to detect a condition before showing notification
3. Export Remediation Script Only
- Creates single standalone PowerShell script
- Asks for output directory (auto-creates if needed)
- File auto-named with timestamp:
ToastRemediation_yyyyMMdd_HHmmss.ps1 - Generates accompanying README.md
- Outcome: Ready for Intune remediation assignment
- Use When: Notification should display on all targeted devices
4. Create Another Notification
- Loops back to notification details entry
- Keeps current settings in memory for modification
- Useful for creating multiple similar notifications
5. Exit
- Saves all configuration changes
- Closes application
- Configuration persists for next run
[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null
[Windows.Data.Xml.Dom.XmlDocument, Windows.Data.Xml.Dom.XmlDocument, ContentType = WindowsRuntime] | Out-NullLoads Windows Runtime APIs needed for Toast Notification display.
The notification is defined using Windows Toast XML schema:
<toast duration="short|long" scenario="reminder|standard">
<visual>
<binding template="ToastText02" hint-attribution="Source">
<text id="1">Title</text>
<text id="2">Message</text>
</binding>
</visual>
<actions>
<action activationType="protocol" arguments="URL" content="Button Text"/>
<action activationType="system" arguments="dismiss" content="Dismiss"/>
</actions>
</toast>Key Elements:
duration="short": 30-second auto-dismissduration="long": 10-minute persistent displayscenario="reminder": Forces prominent displayhint-attribution: Source/sender identification<action>elements: User-interactive buttons
$Notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppId)Creates the notification delivery mechanism with specified app context.
$Notifier.Show($Toast)Renders the notification on the user's device.
- Action button clicks trigger URL navigation
- Dismiss button closes notification and logs dismissal
- Auto-expiration after duration expires
Displays a notification immediately on the local device for testing.
Parameters:
Title: Notification headlineMessage: Notification bodyActionButtonText: Custom button labelActionButtonUrl: URL for button clickDurationSeconds: 30 or 600 (affects timing and persistence)ShowDismissButton: Includes dismiss buttonAppId: Source attribution
Outcome: Toast appears in notification center and system tray
Creates a standalone remediation script for Intune deployment.
Generates:
- Single
.ps1file with embedded notification logic - README.md with deployment instructions
- Automatic timestamp-based naming
Deployment Use:
- Assign to device groups in Intune
- Executes on target devices
- All devices receive notification
Creates conditional deployment scripts.
Generates:
- Detection script:
ToastDetection_yyyyMMdd_HHmmss.ps1- Returns exit code 1 if condition NOT met
- Returns exit code 0 if condition IS met
- Remediation script:
ToastRemediation_yyyyMMdd_HHmmss.ps1- Executes only if detection returns 1
- Displays the notification
- README.md with deployment instructions
Deployment Use:
- Pair scripts in Intune
- Detection runs first
- Remediation only runs if detection detects issue
- Enables targeted, conditional notifications
Business Scenario: IT needs to notify all users of a critical security patch requiring restart within 48 hours.
Configuration:
Title: Critical Security Update
Message: A security update is required. Your computer will restart at 11 PM. Please save work.
App Source: IT Security Team
Action Button: Yes, continue (https://company.com/security-info)
Duration: 10 minutes (persistent)
Export: Remediation Script Only
Deployment:
- Export script
- Create Intune remediation assignment
- Target: All Windows 10+ devices
- Run frequency: Daily
Outcome:
- Users see persistent notification
- Can click to learn more
- Can dismiss but notification returns daily
- IT has deployment confirmation in Intune
Business Scenario: Notify only users whose passwords expire within 7 days, reducing false alerts.
Configuration:
Title: Password Expiration Warning
Message: Your domain password expires in 7 days. Reset it now at [portal].
App Source: IT Administration
Action Button: Reset Password (https://company.com/password-reset)
Duration: 10 minutes
Export: Detection + Remediation Pair
Detection Script Logic:
# Query Active Directory password expiration
# Return exit 1 if expiration is within 7 days (run remediation)
# Return exit 0 if expiration is > 7 days (skip remediation)Outcome:
- Only affected users receive notification
- Others don't see unnecessary alerts
- Reduces notification fatigue
- Targeted, efficient communication
Business Scenario: Notify users 24 hours before scheduled maintenance, encouraging graceful shutdown.
Configuration:
Title: Scheduled System Maintenance
Message: Your computer will restart for maintenance at 2 AM. Please shut down gracefully by 1:30 AM.
App Source: IT Operations
Action Button: Shut Down Now (ms-shutdown:)
Duration: 10 minutes
Export: Remediation Script Only
Deployment:
- Export script
- Schedule Intune assignment for 24 hours before maintenance
- Deploy at 2 PM day before maintenance
- Remove assignment after maintenance window
Outcome:
- Users receive advance notice
- Can proactively prepare
- Reduces unplanned reboots
- Improves user experience
Business Scenario: Remind users that annual security training is due, with persistent reminders until completed.
Configuration:
Title: Security Awareness Training Due
Message: Complete your annual security training by month-end. Training is required.
App Source: Compliance Office
Action Button: Start Training (https://company.com/training)
Duration: 10 minutes
Export: Detection + Remediation Pair
Detection Script Logic:
# Query SCCM/Intune compliance data
# Return exit 1 if training NOT completed (show notification)
# Return exit 0 if training completed (skip notification)Outcome:
- Non-compliant users see daily reminders
- Can quickly access training
- Persists until compliance achieved
- Drives training completion
Business Scenario: Notify users that optional software is available, with link to request installation.
Configuration:
Title: New Software Available
Message: Microsoft Office 2024 is available for installation. Click below to request.
App Source: IT Service Desk
Action Button: Request Installation (https://company.com/software-catalog)
Duration: 10 minutes
Export: Remediation Script Only
Deployment:
- Export script
- Deploy to device group
- Users see notification for 10 minutes
- Can click to request at their convenience
Outcome:
- Increases awareness of available software
- Direct path to request
- Reduces support tickets for "how do I get X?"
- Microsoft Endpoint Manager admin access
- Target devices running Windows 10+
- Devices enrolled in Intune
- Device Groups or dynamic membership rules defined
Step-by-Step:
-
Export from Toast Creator
- Run Toast Creator tool
- Configure notification
- Select "Export Remediation Script Only"
- Note the output directory
-
In Endpoint Manager Admin Center
- Navigate to Devices → Scripts and remediations → Remediation scripts
- Select Create → Create script
-
Upload Script
- Name:
Toast Notification - [Your Notification Name] - Description: Brief description of notification purpose
- Script Settings:
- Run this script using the logged-in credentials: No (runs as System)
- Enforce script signature check: No
- Run script in 64-bit PowerShell Host: Yes
- Upload your exported
.ps1file
- Name:
-
Detection Script
- For "Remediation Script Only" exports, detection should return success/compliance
- Simple option:
exit 0(always compliant, always runs remediation) - Or use provided template if available
-
Assign to Devices
- Select Assignments
- Add Groups: Select device groups to target
- Schedule (optional):
- Run on schedule: Set daily/weekly frequency
- Or: Run immediately
-
Review and Deploy
- Review all settings
- Select Create
- Monitor: Devices → Scripts and remediations → View results
Step-by-Step:
-
Export from Toast Creator
- Run Toast Creator tool
- Configure notification
- Select "Export Detection + Remediation Scripts"
- Note output directory (contains both scripts)
-
In Endpoint Manager Admin Center
- Navigate to Devices → Scripts and remediations → Remediation scripts
- Select Create → Create script
-
Upload Detection Script
- Same settings as above
- Upload
ToastDetection_[timestamp].ps1
-
Upload Remediation Script
- Upload
ToastRemediation_[timestamp].ps1 - This runs only if detection indicates non-compliance
- Upload
-
Configure Behavior
- Run remediation if the detection script finds an issue: Yes
- Run remediation on devices with no detection script result: No (optional)
-
Assign to Devices
- Select target device groups
- Set run frequency (recommended: Daily or Weekly)
-
Review and Deploy
- Create script
- Monitor deployment in Intune dashboards
Check Status:
- Endpoint Manager → Devices → Scripts and remediations → Select script
- View Device status tab
- Check success/failure counts:
- Compliant: Script deployed successfully
- Remediated: Detection found issue, remediation ran
- Not Applicable: Device didn't meet targeting criteria
- Error: Script failed to execute
Verify on Device:
- Open Notification Center on target device
- Look for toast notification (should appear shortly after script runs)
- Check Windows Event Viewer:
- Event Viewer → Windows Logs → System
- Look for PowerShell script execution events
- Check Intune device details:
- Devices → All devices → Select device
- Device compliance → View remediation script history
The script stores configuration in:
%APPDATA%\ToastNotificationConfig.json
Contents:
{
"LastTitle": "Action Required",
"LastMessage": "Please review and acknowledge this notification",
"LastAppId": "IT.Administrator",
"LastOutputPath": "C:\\Users\\[User]\\Desktop",
"LastGroup": "IT Administration",
"LastUpdated": "2024-01-08T14:30:00"
}Location Examples:
- Windows:
C:\Users\[YourUsername]\AppData\Roaming\ToastNotificationConfig.json - Network profile:
\\[Profile Server]\AppData\Roaming\ToastNotificationConfig.json
You can directly edit the JSON file to set defaults:
# Open config
notepad $env:APPDATA\ToastNotificationConfig.json
# Modify values and save
# Config will be read on next script runIssue: Notification doesn't display after script runs
Solutions:
-
Check Do Not Disturb (Focus Assist) is OFF
- Settings → System → Focus Assist → Off
-
Verify notification settings
- Settings → System → Notifications & actions
- Ensure "Get notifications from apps and other senders" is ON
-
Check notification permissions
- Settings → Privacy & Security → Notifications
- Verify app (AppId) isn't blocked
-
Review script execution
- Check Event Viewer for script errors
- Run script manually to test:
powershell -ExecutionPolicy Bypass -File "script.ps1"
Issue: Clicking button doesn't navigate to URL
Solutions:
- Verify URL is valid and accessible from user context
- Check if URL requires authentication
- Test URL in browser first
- Ensure no firewall/proxy blocking the URL
- Try HTTP instead of HTTPS if behind corporate proxy
Issue: Script shows error in Intune device status
Solutions:
-
Check script execution policy
- Intune runs scripts as System with RemoteSigned
- Ensure script isn't blocked
-
Review WinRT assembly loading
- May fail on non-Windows devices
- Verify target is Windows 10+
-
Check device logs
- Event Viewer → Windows Logs → System
- Look for PowerShell errors
-
Test locally first
- Run exported script on test device manually
- Verify notification appears
- Keep it Brief: Limit title to ~50 characters, message to ~200 characters
- Be Specific: State exactly what action is needed
- Include Timeline: "by Friday EOD", "within 7 days", "today"
- Avoid Jargon: Use language end-users understand
- Test First: Always use "Test Notification" before exporting
- Pilot Group: Deploy to small test group first
- Off-Peak Hours: Schedule for non-working hours when possible
- Monitor Results: Check deployment success in Intune
- Avoid Overuse: Daily notifications cause fatigue
- Use Detection: Only notify when actually needed
- Set Expiration: Remove stale deployments
- Consolidate: Combine multiple notifications when possible
- Trustworthy URLs: Only link to official company resources
- Audit Trail: All deployments logged in Intune
- No Sensitive Data: Never include passwords/PII in notifications
- Accessibility: Use clear, inclusive messaging
- Scripts execute in System context by default (administrator privileges)
- All executions are logged in Windows Event Viewer
- Intune tracks all script deployments and results
- Verify all URLs in action buttons
- Ensure they point to legitimate company resources
- Avoid redirects or URL shorteners
- Test URLs before deployment
- Notifications are visible in Windows logs
- Messages should not contain sensitive data
- All deployments auditable in Intune
- No notification data stored in script
- OS: Windows 10 or later only
- PowerShell: 5.1 or later required
- Enrollment: Device must be Intune enrolled for remediation deployment
- WinRT: Requires Windows Runtime libraries (standard on modern Windows)
- Text Only: No custom images or rich formatting
- Two-Line: Title + Message format (no custom layouts)
- No Audio: Toasts don't play sounds by default
- Transient: Notifications disappear after timeout (or manual dismiss)
- Script Size: 500 KB limit per script
- Execution Timeout: Default 30 minutes
- Network: Requires device internet connectivity
- Frequency: Minimum 1-hour intervals between detection runs
Windows Toast Notifications fully respect the user’s Do Not Disturb (DND) and Focus Assist settings. When DND is enabled, either manually, automatically, or through corporate configuration, notifications may not appear on the desktop in real time. This can lead to the impression that a remediation script did not run, even though the notification was successfully delivered.
-
Real time pop ups are suppressed
The toast will not appear on screen while DND is active. -
Notifications are still delivered to Notification Center
Users can open the Notification Center to view and interact with the toast at any time. -
Persistent 10 minute notifications still respect DND
Reminder scenario toasts cannot override DND. -
Action buttons and acknowledgement logic remain functional
Once the user opens the notification from Notification Center, all configured actions behave normally.
- Time sensitive alerts such as security updates, maintenance windows, and password expiry warnings may be missed.
- IT teams may misinterpret suppressed notifications as script failures.
- Compliance workflows that rely on user acknowledgement may be delayed.
- Users may not realise a notification was delivered at all.
Encourage users to temporarily disable DND when expecting important IT communications:
- Settings → System → Notifications → Turn off Do Not Disturb
- Or toggle via Quick Settings in the taskbar.
This is the simplest and most transparent approach.
Even when DND is active:
- The toast is still delivered.
- It remains visible in Notification Center until dismissed.
- Action buttons and acknowledgement still work.
You may optionally include a line in your message such as:
“If you do not see this notification immediately, please check your Notification Center.”
For time sensitive or critical notifications:
- Configure the Intune remediation to run daily or hourly.
- The toast will re appear once DND is off.
This is particularly effective for:
- Compliance reminders
- Security patch notifications
- Training completion prompts
When using Detection and Remediation pairs:
- Detection can continue to return non compliant until the user completes the required action.
- Remediation, the toast, will continue to run even if earlier notifications were suppressed.
This creates a self correcting loop without overwhelming users.
PowerShell triggered toast notifications cannot bypass DND.
Only UWP applications with specific capabilities can request priority or alarm behavior.
Because this tool uses WinRT APIs under a custom AppID:
- It cannot override DND.
- It remains compliant with Windows UX and enterprise security standards.
Some organizations enforce DND automatically during:
- Meetings
- Presentation mode
- Specific hours
- Screen sharing
If notifications are mission critical, IT can review:
-
Group Policy:
Computer Configuration → Administrative Templates → Windows Components → Focus Assist -
Intune Settings Catalog:
Focus Assist configuration options
Changes should be made carefully to avoid degrading user experience.
Important: Windows Do Not Disturb and Focus Assist may suppress real time toast notifications. If enabled, notifications created by this tool will still be delivered to the Notification Center but may not appear immediately on screen. For time sensitive communications, consider using detection based re notification, increasing remediation frequency, or advising users to temporarily disable Do Not Disturb.
Created by: Anthony Porter
This tool is provided as-is for use with Microsoft Intune and enterprise Windows device management.
- Windows Toast Notifications Documentation
- Intune Remediation Scripts Guide
- Windows Runtime (WinRT) Overview
- PowerShell 5.1 Reference
Last Updated: January 8, 2026