Poisoned jobs
What is a poisoned job?
When a job fails, the Worker will try again the next time it is scheduled. But if a job fails 3 times in a row, IntuneAssistant concludes that something is structurally wrong — not just a temporary hiccup — and automatically marks the job as poisoned.
A poisoned job is:
Stopped — it will not run again automatically
Locked — it cannot be triggered manually either
Flagged — it is visually marked in the portal so you can find it quickly
This is a safety mechanism. Without it, a broken job would keep failing on every scheduled run, sending error notifications indefinitely and consuming Worker resources.
A poisoned job does not delete your configuration or data. Everything is preserved. You just need to fix the underlying issue and reset the job to get it running again.
How do I know a job is poisoned?
In the IntuneAssistant portal under Worker → Jobs, poisoned jobs are shown with a red Poisoned badge instead of the normal Enabled/Disabled indicator.
On the job detail page you will also see:
Status: Poisoned
Consecutive failures: 3 (or more)
Last failure: the date and time of the most recent failed run
Why did my job get poisoned?
Open the job in the portal and go to the Execution History tab. Look at the last 3 failed executions — each one has an Error Message field that describes what went wrong.
Common causes:
RecipientEmail is required
The recipient email address is missing or was cleared from the job configuration
Failed to fetch audit events
The Worker lost access to the tenant — consent may have expired
Graph API 403 Forbidden
Missing Microsoft Graph permissions — re-grant consent in IntuneAssistant
Invalid job configuration
The job configuration JSON is malformed or incomplete
No drifts baseline found
Configuration Drift job has no baseline snapshot to compare against
How to fix a poisoned job
Step 2 — Fix the root cause
Fix the issue before resetting the job. If you reset without fixing, the job will simply fail again and become poisoned once more.
On the job detail page, click Edit
Update the Recipient Email field with a valid address
Save the job — this automatically resets the poisoned status
Go to Settings → Tenants in the IntuneAssistant portal
Find the affected tenant
Click Re-grant Consent and complete the Microsoft sign-in flow
Return to your job and reset it (see Step 3)
On the job detail page, click Edit
Review all configuration fields — check email addresses, tenant ID, and any filters
Correct the values and save
Step 3 — Reset the job
Once the root cause is fixed, reset the job to clear the poisoned status:
Open the job in the portal
Click Edit
Make any necessary corrections (or simply re-save if the fix was made elsewhere)
Save the job
The job will return to Enabled status and be scheduled for its next run immediately.
After saving, check the job detail page to confirm the status shows Enabled and a new Next Scheduled Run time is set. The consecutive failure counter will be back to 0.
Frequently asked questions
Can I manually trigger a poisoned job?
No. The Run Now button is disabled for poisoned jobs. You must reset the job first.
Will I lose my job history?
No. All previous execution records are preserved, including the failed runs that caused the job to become poisoned.
What if the job gets poisoned again right after I reset it?
That means the root cause has not been fully resolved. Go back to the execution history, check the new error message, and address the issue before resetting again.
Can I delete a poisoned job and recreate it?
Yes, but resetting it is simpler — you keep your existing configuration and history. Only delete the job if you want to start completely fresh.
Need Help?
If you cannot identify the cause from the error message, contact support with:
Your Worker instance ID (visible on the Worker dashboard)
The Job ID (visible in the job detail URL)
The error message from the failed execution