v4.0.1: per-user app naming, auth deletion, TUI onboarding flow, PIM docs
This commit is contained in:
@@ -1,5 +1,25 @@
|
||||
# macOS Intune Toolkit Changelog
|
||||
|
||||
## 2026-04-16 — v4.0.1 — Accountability, PIM & Auth Management
|
||||
|
||||
### Modified
|
||||
- **`Scripts/Initialize-IntuneAuth.ps1`**
|
||||
- App registrations are now named after the **authenticated Entra user** (e.g., `IntuneManagement-tomas.kracmar@cqre.net`) instead of the local OS username. This improves audit-log traceability when multiple admins use the toolkit against the same tenant.
|
||||
- Added `-Delete` switch to remove local tenant credentials (`Settings.json` + macOS Keychain) without touching the Entra app registration.
|
||||
- Added `-DeleteApp` switch to delete both the **Entra app registration** and local credentials.
|
||||
- Onboarding now automatically caches the tenant display name after auth setup, so the TUI shows friendly names immediately.
|
||||
- Added `Organization.Read.All` to the `Connect-MgGraph` scopes to support tenant name caching.
|
||||
|
||||
- **`Scripts/Start-IntuneToolkit.ps1`**
|
||||
- Added menu items **14** (delete local auth) and **15** (delete auth + app registration) to the TUI.
|
||||
- Selecting **"[+ Onboard new tenant]"** now runs the auth initializer immediately and restarts the launcher, instead of dropping into the main menu for an unconfigured tenant.
|
||||
- The TUI now exits cleanly after deleting tenant auth.
|
||||
|
||||
- **`README.md`**
|
||||
- Added **Accountability & PIM caveats** section explaining the trade-offs of app-only auth versus delegated auth, and how app naming affects audit logs.
|
||||
|
||||
---
|
||||
|
||||
## 2026-04-13 — API Permissions Sync for `Initialize-IntuneAuth.ps1`
|
||||
|
||||
### Modified
|
||||
|
||||
Reference in New Issue
Block a user