Add headless macOS CLI workflow

2026-04-08 15:18:32 +02:00
parent faffa95d8a
commit 8fe71c0078
12 changed files with 917 additions and 66 deletions
--- a/README.md
+++ b/README.md
@@ -1,4 +1,14 @@
-# IntuneManagement with PowerShell and WPF UI
+# IntuneManagement
+
+This repository now contains two usable surfaces:
+
+* the original Windows WPF application
+* a newer headless CLI-first surface for cross-platform export/import
+
+The CLI-first fork shape starts here:
+
+* [Start-HeadlessIntune.ps1](/Users/avedelphina/Local/IntuneManagement/Start-HeadlessIntune.ps1)
+* [Headless/README.md](/Users/avedelphina/Local/IntuneManagement/Headless/README.md)

 <p align="center">
  <a href="https://twitter.com/Micke_K_72">
@@ -64,6 +74,128 @@ The tool will by default generate the files; `BulkExport.json` and `BulkImport.j

 The app authentication can either be passed on the command line or stored in the settings. Tennant Settings is required for multiple environments.

+### Headless use on macOS/Linux
+
+The WPF UI is still Windows-only, but the **silent batch** mode can be used headlessly with `pwsh` on macOS/Linux.
+
+For non-Windows use:
+
+* Run `Start-IntuneManagement.ps1` with `-Silent`
+* Use app-only authentication with `-TenantId`, `-AppId` and `-Secret` or `-Certificate`
+* Use `-JSonSettings` and preferably specify `-JSonFile`
+* Pass a batch configuration JSON with `-SilentBatchFile`
+
+Common policy object type IDs:
+
+* `DeviceConfiguration`
+* `SettingsCatalog`
+* `AdministrativeTemplates`
+* `CompliancePolicies`
+* `EndpointSecurity`
+* `PolicySets`
+* `ConditionalAccess`
+
+**Example export batch file**
+
+```json
+{
+  "BulkExport": [
+    { "Name": "txtExportPath", "Value": "/tmp/intune-export" },
+    { "Name": "txtExportNameFilter", "Value": "" },
+    { "Name": "chkAddObjectType", "Value": true },
+    { "Name": "chkExportAssignments", "Value": true },
+    { "Name": "chkAddCompanyName", "Value": false },
+    {
+      "Name": "ObjectTypes",
+      "Type": "Custom",
+      "ObjectTypes": [
+        "DeviceConfiguration",
+        "SettingsCatalog",
+        "AdministrativeTemplates",
+        "CompliancePolicies",
+        "EndpointSecurity",
+        "PolicySets"
+      ]
+    }
+  ]
+}
+```
+
+**Example export command**
+
+```powershell
+pwsh ./Start-IntuneManagement.ps1 `
+  -Silent `
+  -JSonSettings -JSonFile "/tmp/intune-settings.json" `
+  -TenantId "<source-tenant-id>" `
+  -AppId "<app-id>" `
+  -Secret "<client-secret>" `
+  -SilentBatchFile "/tmp/BulkExport.json"
+```
+
+**Example import batch file**
+
+```json
+{
+  "BulkImport": [
+    { "Name": "txtImportPath", "Value": "/tmp/intune-export/SourceTenantName" },
+    { "Name": "txtImportNameFilter", "Value": "" },
+    { "Name": "chkAddObjectType", "Value": true },
+    { "Name": "chkImportScopes", "Value": true },
+    { "Name": "chkImportAssignments", "Value": true },
+    { "Name": "chkReplaceDependencyIDs", "Value": true },
+    { "Name": "cbImportType", "Value": "alwaysImport" },
+    {
+      "Name": "ObjectTypes",
+      "Type": "Custom",
+      "ObjectTypes": [
+        "DeviceConfiguration",
+        "SettingsCatalog",
+        "AdministrativeTemplates",
+        "CompliancePolicies",
+        "EndpointSecurity",
+        "PolicySets"
+      ]
+    }
+  ]
+}
+```
+
+**Example import command**
+
+```powershell
+pwsh ./Start-IntuneManagement.ps1 `
+  -Silent `
+  -JSonSettings -JSonFile "/tmp/intune-settings.json" `
+  -TenantId "<target-tenant-id>" `
+  -AppId "<app-id>" `
+  -Secret "<client-secret>" `
+  -SilentBatchFile "/tmp/BulkImport.json"
+```
+
+Wrapper scripts are also included:
+
+```powershell
+pwsh ./Scripts/Export-Policies.ps1 `
+  -TenantId "<source-tenant-id>" `
+  -AppId "<app-id>" `
+  -Secret "<client-secret>" `
+  -ExportPath "/tmp/intune-export" `
+  -IncludeAssignments
+```
+
+```powershell
+pwsh ./Scripts/Import-Policies.ps1 `
+  -TenantId "<target-tenant-id>" `
+  -AppId "<app-id>" `
+  -Secret "<client-secret>" `
+  -ImportPath "/tmp/intune-export/SourceTenantName" `
+  -ImportType alwaysImport `
+  -IncludeAssignments `
+  -IncludeScopeTags `
+  -ReplaceDependencyIds
+```
+
 **Command line example:**

 Start-IntuneManagement.ps1 -Silent -TenantId "<*TenantID*>" -SilentBatchFile <*PathToFile*> [-AppId <*AppId*>] [-Secret <*Secret*> | -Certificate <*CertThumb*>]
@@ -341,4 +473,4 @@ Check the log file for errors. The UI might not show errors why login failed etc

 ## License

-This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.