cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Add browser auth for headless runs

Browse Source
This commit is contained in:
Tomas Kracmar
2026-04-08 16:09:30 +02:00
parent c803a00df7
commit 239e3ec16e
12 changed files with 222 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
Headless/IntuneManagement.Headless.psm1
View File

@@ -37,13 +37,19 @@ function New-TemporaryBatchFile
function Test-AuthParameters
{
param(
[string]$AuthMode,
[string]$Secret,
[string]$Certificate
)
if($AuthMode -eq "Browser")
{
return
}
if((-not $Secret) -and (-not $Certificate))
{
throw "Specify -Secret or -Certificate."
throw "Specify -Secret or -Certificate for AppOnly auth, or use -AuthMode Browser."
}
}
@@ -60,6 +66,11 @@ function Invoke-IntuneHeadlessBatch
[string]$Certificate,
[ValidateSet("AppOnly","Browser")]
[string]$AuthMode = "AppOnly",
[string]$RedirectUri,
[Parameter(Mandatory = $true)]
[psobject]$BatchConfig,
@@ -68,7 +79,7 @@ function Invoke-IntuneHeadlessBatch
[string]$BatchFile
)
Test-AuthParameters -Secret $Secret -Certificate $Certificate
Test-AuthParameters -AuthMode $AuthMode -Secret $Secret -Certificate $Certificate
$projectRoot = Get-IntuneManagementProjectRoot
$runtimeModule = Join-Path $projectRoot "Runtime/IntuneManagement.Runtime.psd1"
@@ -98,13 +109,19 @@ function Invoke-IntuneHeadlessBatch
TenantId = $TenantId
AppId = $AppId
SilentBatchFile = $BatchFile
AuthMode = $AuthMode
}
if($Secret)
if($RedirectUri)
{
$invokeParams.RedirectUri = $RedirectUri
}
if($AuthMode -eq "AppOnly" -and $Secret)
{
$invokeParams.Secret = $Secret
}
else
elseif($AuthMode -eq "AppOnly")
{
$invokeParams.Certificate = $Certificate
}
@@ -135,6 +152,11 @@ function Export-IntunePolicies
[string]$Certificate,
[ValidateSet("AppOnly","Browser")]
[string]$AuthMode = "AppOnly",
[string]$RedirectUri,
[Parameter(Mandatory = $true)]
[string]$ExportPath,
@@ -167,6 +189,8 @@ function Export-IntunePolicies
-AppId $AppId `
-Secret $Secret `
-Certificate $Certificate `
-AuthMode $AuthMode `
-RedirectUri $RedirectUri `
-BatchConfig $batchConfig `
-SettingsFile $SettingsFile `
-BatchFile $BatchFile
@@ -186,6 +210,11 @@ function Import-IntunePolicies
[string]$Certificate,
[ValidateSet("AppOnly","Browser")]
[string]$AuthMode = "AppOnly",
[string]$RedirectUri,
[Parameter(Mandatory = $true)]
[string]$ImportPath,
@@ -225,6 +254,8 @@ function Import-IntunePolicies
-AppId $AppId `
-Secret $Secret `
-Certificate $Certificate `
-AuthMode $AuthMode `
-RedirectUri $RedirectUri `
-BatchConfig $batchConfig `
-SettingsFile $SettingsFile `
-BatchFile $BatchFile
@@ -248,6 +279,11 @@ function Invoke-IntunePolicyAction
[string]$Certificate,
[ValidateSet("AppOnly","Browser")]
[string]$AuthMode = "AppOnly",
[string]$RedirectUri,
[string]$SettingsFile,
[string]$BatchFile,
@@ -282,6 +318,8 @@ function Invoke-IntunePolicyAction
-AppId $AppId `
-Secret $Secret `
-Certificate $Certificate `
-AuthMode $AuthMode `
-RedirectUri $RedirectUri `
-ExportPath $ExportPath `
-SettingsFile $SettingsFile `
-BatchFile $BatchFile `
@@ -298,6 +336,8 @@ function Invoke-IntunePolicyAction
-AppId $AppId `
-Secret $Secret `
-Certificate $Certificate `
-AuthMode $AuthMode `
-RedirectUri $RedirectUri `
-ImportPath $ImportPath `
-SettingsFile $SettingsFile `
-BatchFile $BatchFile `

9
Headless/README.md
View File

@@ -25,3 +25,12 @@ Export-IntunePolicies `
-Secret "<client-secret>" `
-ExportPath "/tmp/intune-export"
```
```powershell
Export-IntunePolicies `
-TenantId "<source-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser `
-RedirectUri "http://localhost" `
-ExportPath "/tmp/intune-export"
```