cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Add browser auth for headless runs

Browse Source
This commit is contained in:
Tomas Kracmar
2026-04-08 16:09:30 +02:00
parent c803a00df7
commit 239e3ec16e
12 changed files with 222 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
README.md
View File

@@ -6,7 +6,7 @@ This repository is now CLI-first. The old WPF application surface has been remov
1. export policies from a source tenant
2. store the exported JSON and migration table
3. import into a target tenant with app-only authentication
3. import into a target tenant with app-only or browser authentication
## Entry points
@@ -18,8 +18,8 @@ This repository is now CLI-first. The old WPF application surface has been remov
## Runtime
* `pwsh` 7+
* Microsoft Graph app registration with app-only access
* Client secret or certificate
* Microsoft Graph app registration
* App-only auth with client secret or certificate, or browser auth with a public client redirect URI
## Default object types
@@ -45,6 +45,16 @@ pwsh ./Scripts/Export-Policies.ps1 `
-IncludeAssignments
```
## Export with browser auth
```powershell
pwsh ./Scripts/Export-Policies.ps1 `
-TenantId "<source-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser `
-ExportPath "/tmp/intune-export"
```
## Import
```powershell
@@ -59,6 +69,16 @@ pwsh ./Scripts/Import-Policies.ps1 `
-ReplaceDependencyIds
```
## Import with browser auth
```powershell
pwsh ./Scripts/Import-Policies.ps1 `
-TenantId "<target-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser `
-ImportPath "/tmp/intune-export/SourceTenantName"
```
## Single entrypoint
```powershell
@@ -80,8 +100,19 @@ pwsh ./Start-HeadlessIntune.ps1 `
-ImportType alwaysImport
```
```powershell
pwsh ./Start-HeadlessIntune.ps1 `
-Action Export `
-TenantId "<source-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser `
-RedirectUri "http://localhost" `
-ExportPath "/tmp/intune-export"
```
## Notes
* Export writes a migration table used during cross-tenant import.
* Import can translate dependency IDs and recreate missing assignment groups.
* This repo intentionally does not preserve the old Windows UI launch flow.
* Browser auth uses the system browser and a loopback redirect. If your app registration does not allow loopback redirects, pass `-RedirectUri "http://localhost"` and configure the same redirect URI in Entra ID.