cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Make browser auth app id optional

Browse Source
This commit is contained in:
Tomas Kracmar
2026-04-08 19:10:45 +02:00
parent 239e3ec16e
commit 9dace83cff
6 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Headless/IntuneManagement.Headless.psm1
View File

@@ -10,6 +10,11 @@ function Get-DefaultIntunePolicyObjectTypes
) )
} }
function Get-DefaultBrowserAppId
{
"14d82eec-204b-4c2f-b7e8-296a70dab67e"
}
function Get-IntuneManagementProjectRoot function Get-IntuneManagementProjectRoot
{ {
Split-Path -Parent $PSScriptRoot Split-Path -Parent $PSScriptRoot
@@ -38,6 +43,7 @@ function Test-AuthParameters
{ {
param( param(
[string]$AuthMode, [string]$AuthMode,
[string]$AppId,
[string]$Secret, [string]$Secret,
[string]$Certificate [string]$Certificate
) )
@@ -47,6 +53,12 @@ function Test-AuthParameters
return return
} }
if(-not $AppId)
{
throw "Specify -AppId for AppOnly auth."
return
}
if((-not $Secret) -and (-not $Certificate)) if((-not $Secret) -and (-not $Certificate))
{ {
throw "Specify -Secret or -Certificate for AppOnly auth, or use -AuthMode Browser." throw "Specify -Secret or -Certificate for AppOnly auth, or use -AuthMode Browser."
@@ -59,7 +71,6 @@ function Invoke-IntuneHeadlessBatch
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,
@@ -79,7 +90,12 @@ function Invoke-IntuneHeadlessBatch
[string]$BatchFile [string]$BatchFile
) )
Test-AuthParameters -AuthMode $AuthMode -Secret $Secret -Certificate $Certificate if($AuthMode -eq "Browser" -and -not $AppId)
{
$AppId = Get-DefaultBrowserAppId
}
Test-AuthParameters -AuthMode $AuthMode -AppId $AppId -Secret $Secret -Certificate $Certificate
$projectRoot = Get-IntuneManagementProjectRoot $projectRoot = Get-IntuneManagementProjectRoot
$runtimeModule = Join-Path $projectRoot "Runtime/IntuneManagement.Runtime.psd1" $runtimeModule = Join-Path $projectRoot "Runtime/IntuneManagement.Runtime.psd1"
@@ -145,7 +161,6 @@ function Export-IntunePolicies
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,
@@ -203,7 +218,6 @@ function Import-IntunePolicies
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,
@@ -272,7 +286,6 @@ function Invoke-IntunePolicyAction
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,

1
Headless/README.md
View File

@@ -29,7 +29,6 @@ Export-IntunePolicies `
```powershell ```powershell
Export-IntunePolicies ` Export-IntunePolicies `
-TenantId "<source-tenant-id>" ` -TenantId "<source-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser ` -AuthMode Browser `
-RedirectUri "http://localhost" ` -RedirectUri "http://localhost" `
-ExportPath "/tmp/intune-export" -ExportPath "/tmp/intune-export"

7
README.md
View File

@@ -50,7 +50,6 @@ pwsh ./Scripts/Export-Policies.ps1 `
```powershell ```powershell
pwsh ./Scripts/Export-Policies.ps1 ` pwsh ./Scripts/Export-Policies.ps1 `
-TenantId "<source-tenant-id>" ` -TenantId "<source-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser ` -AuthMode Browser `
-ExportPath "/tmp/intune-export" -ExportPath "/tmp/intune-export"
``` ```
@@ -74,7 +73,6 @@ pwsh ./Scripts/Import-Policies.ps1 `
```powershell ```powershell
pwsh ./Scripts/Import-Policies.ps1 ` pwsh ./Scripts/Import-Policies.ps1 `
-TenantId "<target-tenant-id>" ` -TenantId "<target-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser ` -AuthMode Browser `
-ImportPath "/tmp/intune-export/SourceTenantName" -ImportPath "/tmp/intune-export/SourceTenantName"
``` ```
@@ -104,7 +102,6 @@ pwsh ./Start-HeadlessIntune.ps1 `
pwsh ./Start-HeadlessIntune.ps1 ` pwsh ./Start-HeadlessIntune.ps1 `
-Action Export ` -Action Export `
-TenantId "<source-tenant-id>" ` -TenantId "<source-tenant-id>" `
-AppId "<public-client-app-id>" `
-AuthMode Browser ` -AuthMode Browser `
-RedirectUri "http://localhost" ` -RedirectUri "http://localhost" `
-ExportPath "/tmp/intune-export" -ExportPath "/tmp/intune-export"
@@ -115,4 +112,6 @@ pwsh ./Start-HeadlessIntune.ps1 `
* Export writes a migration table used during cross-tenant import. * Export writes a migration table used during cross-tenant import.
* Import can translate dependency IDs and recreate missing assignment groups. * Import can translate dependency IDs and recreate missing assignment groups.
* This repo intentionally does not preserve the old Windows UI launch flow. * This repo intentionally does not preserve the old Windows UI launch flow.
* Browser auth uses the system browser and a loopback redirect. If your app registration does not allow loopback redirects, pass `-RedirectUri "http://localhost"` and configure the same redirect URI in Entra ID. * Browser auth uses the system browser and a loopback redirect.
* If you omit `-AppId` with `-AuthMode Browser`, the CLI defaults to the Microsoft Graph PowerShell public client app id `14d82eec-204b-4c2f-b7e8-296a70dab67e`.
* If your own app registration does not allow loopback redirects, pass `-AppId` and `-RedirectUri "http://localhost"` and configure the same redirect URI in Entra ID.

1
Scripts/Export-Policies.ps1
View File

@@ -7,7 +7,6 @@ param(
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,

1
Scripts/Import-Policies.ps1
View File

@@ -7,7 +7,6 @@ param(
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,

1
Start-HeadlessIntune.ps1
View File

@@ -7,7 +7,6 @@ param(
[Parameter(Mandatory = $true)] [Parameter(Mandatory = $true)]
[string]$TenantId, [string]$TenantId,
[Parameter(Mandatory = $true)]
[string]$AppId, [string]$AppId,
[string]$Secret, [string]$Secret,