- Menu entry 13 re-queries Graph /organization for every saved tenant
- Updates cached TenantName values in Settings.json
- Refreshes the active tenant display in the menu header
- Start-IntuneToolkit.ps1 now shows a tenant picker as the first step
when -TenantId is not provided.
- Lists saved tenants from Settings.json, attempting to display cached
tenant names alongside GUIDs.
- Offers '[+ Onboard new tenant]' option for entering new tenants.
- Automatically resolves unknown tenant names via Graph /organization
and caches them back to Settings.json for future use.
Settings Catalog and other Graph endpoints occasionally return 500
InternalServerError on PATCH. Retry up to 3 times with a 2s delay
to improve reliability for bulk rename operations.
Settings Catalog and other bulk-assign types do not support DELETE on
individual assignments. Removal now reloads existing assignments,
filters out selected targets, sanitizes remaining payloads, and
re-POSTs to <API>/<id>/assign. This mirrors the add flow and works
universally across all supported object types.
Replaces default 100-item page limits and =999 workarounds
with -AllPages on group queries across assignment and baseline scripts.
Enables full fzf inline search/filter for group selection.
Core enhancements:
- Expanded default export/import scope to ~45 object types including DeviceManagementIntents
- Added -AllPages pagination support across Graph queries for large tenants
- Invoke-GraphRequest now throws on 4xx/5xx instead of silently returning null
- Added macOS Keychain fallback for secret retrieval in headless auth flow
- Added NameSearchPattern/NameReplacePattern mutation support through export/import forms
New toolkit scripts:
- Bulk-AppAssignment.ps1: bulk-assign apps to groups/All Users/All Devices
- Bulk-AssignmentManager.ps1: add/remove assignments for any policy type with correct @odata.type
- Backup-Restore-Assignments.ps1: JSON backup with cross-tenant group resolution
- Export-AssignmentsToCsv.ps1: CSV/Markdown documentation output
- Bulk-RenamePolicies.ps1: regex search/replace and prefix mutations
- Bulk-DeviceOperations.ps1: delete/retire/wipe/lock/sync with -WhatIf safeguards
- Start-IntuneManagementTui.ps1: interactive terminal UI for headless operations
- Create-IntuneManagementApp.ps1: helper for app registration setup
Updated existing scripts:
- Export-Policies.ps1 / Import-Policies.ps1: wired mutation params through
- Start-HeadlessIntune.ps1: integrated TUI and new parameter forwarding
- Add Deploy-IntuneBaseline.ps1 for YAML-driven policy + assignment deployment
- Add ConvertTo-IntuneBaseline.ps1 to convert export folders to baseline manifests
- Add example OpenIntuneBaseline YAML in Baselines/
- Supports mutations, group auto-creation, idempotency, and WhatIf mode
- Unified required Microsoft Graph app roles in Initialize-IntuneAuth.ps1
- Added permission patching for existing app registrations
- Logs the change and operations for audit
