cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

feat(toolkit): complete macOS Intune Toolkit v1

Browse Source 
Core enhancements:
- Expanded default export/import scope to ~45 object types including DeviceManagementIntents
- Added -AllPages pagination support across Graph queries for large tenants
- Invoke-GraphRequest now throws on 4xx/5xx instead of silently returning null
- Added macOS Keychain fallback for secret retrieval in headless auth flow
- Added NameSearchPattern/NameReplacePattern mutation support through export/import forms

New toolkit scripts:
- Bulk-AppAssignment.ps1: bulk-assign apps to groups/All Users/All Devices
- Bulk-AssignmentManager.ps1: add/remove assignments for any policy type with correct @odata.type
- Backup-Restore-Assignments.ps1: JSON backup with cross-tenant group resolution
- Export-AssignmentsToCsv.ps1: CSV/Markdown documentation output
- Bulk-RenamePolicies.ps1: regex search/replace and prefix mutations
- Bulk-DeviceOperations.ps1: delete/retire/wipe/lock/sync with -WhatIf safeguards
- Start-IntuneManagementTui.ps1: interactive terminal UI for headless operations
- Create-IntuneManagementApp.ps1: helper for app registration setup

Updated existing scripts:
- Export-Policies.ps1 / Import-Policies.ps1: wired mutation params through
- Start-HeadlessIntune.ps1: integrated TUI and new parameter forwarding
This commit is contained in:
Tomas Kracmar
2026-04-14 15:11:09 +02:00
parent 0ddd21ab14
commit e13d14edcb
18 changed files with 3649 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
Extensions/EndpointManager.psm1
View File

@@ -206,6 +206,25 @@ function Invoke-InitializeModule
GroupId = "EndpointSecurity"
})
Add-ViewItem (New-Object PSObject -Property @{
Title = "Device Management Intents"
Id = "DeviceManagementIntents"
ViewID = "IntuneGraphAPI"
API = "/deviceManagement/intents"
PropertiesToRemove = @('Settings','@OData.Type')
PreImportCommand = { Start-PreImportEndpointSecurity @args }
PostListCommand = { Start-PostListEndpointSecurity @args }
PostExportCommand = { Start-PostExportEndpointSecurity @args }
PostFileImportCommand = { Start-PostFileImportEndpointSecurity @args }
PostGetCommand = { Start-PostGetEndpointSecurity @args }
PostCopyCommand = { Start-PostCopyEndpointSecurity @args }
PreUpdateCommand = { Start-PreUpdateEndpointSecurity @args }
Permissons=@("DeviceManagementConfiguration.ReadWrite.All")
Dependencies = @("ReusableSettings")
GroupId = "EndpointSecurity"
ImportOrder = 70
})
Add-ViewItem (New-Object PSObject -Property @{
Title = "Compliance Policies"
Id = "CompliancePolicies"
@@ -1221,7 +1240,7 @@ function Start-PostExportEndpointSecurity
$settings = Invoke-GraphRequest -Url "$($objectType.API)/$($obj.id)/settings"
$settingsJson = "{ `"settings`": $((ConvertTo-Json $settings.value -Depth 20 ))`n}"
$fileName = "$path\$((Remove-InvalidFileNameChars $fileName))_Settings.json"
$fileName = Join-Path $path "$((Remove-InvalidFileNameChars $fileName))_Settings.json"
Save-GraphObjectToFile $settingsJson $fileName
}
@@ -1545,7 +1564,7 @@ function Start-PostExportIntuneBranding
{
if($obj.$imgType.Value)
{
$fileName = "$path\$((Get-GraphObjectName $obj $objectType))_$imgType.jpg"
$fileName = Join-Path $path "$((Get-GraphObjectName $obj $objectType))_$imgType.jpg"
[IO.File]::WriteAllBytes($fileName, [System.Convert]::FromBase64String($obj.$imgType.Value))
}
}
@@ -2237,7 +2256,7 @@ function Start-PostExportAppConfiguration
$fileName = ($fileName + "_" + $obj.Id)
}
$tmpObj = $null
$fileName = "$path\$((Remove-InvalidFileNameChars $fileName)).json"
$fileName = Join-Path $path "$((Remove-InvalidFileNameChars $fileName)).json"
if([IO.File]::Exists($fileName))
{
$tmpObj = Get-GraphObjectFromFile $fileName
@@ -2704,7 +2723,7 @@ function Start-PostExportApplications
if($global:chkExportScript.IsChecked)
{
$fileName = Get-GraphObjectFile $obj $objectType
$fi = [IO.FileInfo]"$path\$fileName"
$fi = [IO.FileInfo](Join-Path $path $fileName)
try
{
@@ -2712,7 +2731,7 @@ function Start-PostExportApplications
{
if($rule.ScriptContent)
{
[IO.File]::WriteAllBytes(("$path\$($fi.BaseName)_DetectionScript.ps1"), ([System.Convert]::FromBase64String($rule.ScriptContent)))
[IO.File]::WriteAllBytes((Join-Path $path "$($fi.BaseName)_DetectionScript.ps1"), ([System.Convert]::FromBase64String($rule.ScriptContent)))
}
}
@@ -2723,7 +2742,7 @@ function Start-PostExportApplications
{
if($rule.ScriptContent)
{
[IO.File]::WriteAllBytes(("$path\$($fi.BaseName)_RequirementScript.ps1"), ([System.Convert]::FromBase64String($rule.ScriptContent)))
[IO.File]::WriteAllBytes((Join-Path $path "$($fi.BaseName)_RequirementScript.ps1"), ([System.Convert]::FromBase64String($rule.ScriptContent)))
}
}
}
@@ -3188,7 +3207,7 @@ function Start-PostExportAdministrativeTemplate
$settings = Get-GPOObjectSettings $obj
}
$fileName = "$path\$((Remove-InvalidFileNameChars $fileName))_Settings.json"
$fileName = Join-Path $path "$((Remove-InvalidFileNameChars $fileName))_Settings.json"
Save-GraphObjectToFile $settings $fileName
}
@@ -3443,7 +3462,7 @@ function Start-PostExportRoleDefinitions
$fileName = ($fileName + "_" + $obj.Id)
}
$tmpObj = $null
$fileName = "$path\$((Remove-InvalidFileNameChars $fileName)).json"
$fileName = Join-Path $path "$((Remove-InvalidFileNameChars $fileName)).json"
if([IO.File]::Exists($fileName))
{
$tmpObj = Get-GraphObjectFromFile $fileName
@@ -3910,18 +3929,18 @@ function Start-PostExportDeviceHealthScripts
if($global:chkExportScript.IsChecked)
{
$fileName = Get-GraphObjectFile $obj $objectType
$fi = [IO.FileInfo]"$path\$fileName"
$fi = [IO.FileInfo](Join-Path $path $fileName)
try
{
if($obj.detectionScriptContent)
{
[IO.File]::WriteAllBytes(("$path\$($fi.BaseName)_DetectionScript.ps1"), ([System.Convert]::FromBase64String($obj.detectionScriptContent)))
[IO.File]::WriteAllBytes((Join-Path $path "$($fi.BaseName)_DetectionScript.ps1"), ([System.Convert]::FromBase64String($obj.detectionScriptContent)))
}
if($obj.remediationScriptContent)
{
[IO.File]::WriteAllBytes(("$path\$($fi.BaseName)_RemediationScript.ps1"), ([System.Convert]::FromBase64String($obj.remediationScriptContent)))
[IO.File]::WriteAllBytes((Join-Path $path "$($fi.BaseName)_RemediationScript.ps1"), ([System.Convert]::FromBase64String($obj.remediationScriptContent)))
}
}
catch
@@ -3947,13 +3966,13 @@ function Save-EMDefaultPolicy
if($fileName)
{
$oldFile = "$path\$((Get-GraphObjectName $obj $objectType)).json"
$oldFile = Join-Path $path "$((Get-GraphObjectName $obj $objectType)).json"
if([IO.File]::Exists($oldFile))
{
# Clean up from old version of the script that used the wrong name for Default policies
try { [IO.File]::Delete($oldFile) | Out-Null } Catch {}
}
Save-GraphObjectToFile $obj "$path\$((Remove-InvalidFileNameChars $fileName)).json"
Save-GraphObjectToFile $obj (Join-Path $path "$((Remove-InvalidFileNameChars $fileName)).json")
}
}
catch {}
@@ -4013,7 +4032,7 @@ function Add-EMAssignmentsToExportFile
{
$fileName = ($fileName + "_" + $obj.Id)
}
$fileName = "$path\$((Remove-InvalidFileNameChars $fileName)).json"
$fileName = Join-Path $path "$((Remove-InvalidFileNameChars $fileName)).json"
if([IO.File]::Exists($fileName) -eq $false)
{
Write-Log "File not found: $fileName. Could not add assignments to file" 3
@@ -4288,7 +4307,7 @@ function Start-PostExportTermsOfUse
if($data)
{
Write-Log "Save file $($file.FileName)"
$fileName = "$path\$($file.FileName)"
$fileName = Join-Path $path $file.FileName
[IO.File]::WriteAllBytes($fileName, [System.Convert]::FromBase64String($data))
}
}