- Start-IntuneToolkit.ps1 now shows a tenant picker as the first step
when -TenantId is not provided.
- Lists saved tenants from Settings.json, attempting to display cached
tenant names alongside GUIDs.
- Offers '[+ Onboard new tenant]' option for entering new tenants.
- Automatically resolves unknown tenant names via Graph /organization
and caches them back to Settings.json for future use.
Settings Catalog and other Graph endpoints occasionally return 500
InternalServerError on PATCH. Retry up to 3 times with a 2s delay
to improve reliability for bulk rename operations.
Settings Catalog and other bulk-assign types do not support DELETE on
individual assignments. Removal now reloads existing assignments,
filters out selected targets, sanitizes remaining payloads, and
re-POSTs to <API>/<id>/assign. This mirrors the add flow and works
universally across all supported object types.
Replaces default 100-item page limits and =999 workarounds
with -AllPages on group queries across assignment and baseline scripts.
Enables full fzf inline search/filter for group selection.
Core enhancements:
- Expanded default export/import scope to ~45 object types including DeviceManagementIntents
- Added -AllPages pagination support across Graph queries for large tenants
- Invoke-GraphRequest now throws on 4xx/5xx instead of silently returning null
- Added macOS Keychain fallback for secret retrieval in headless auth flow
- Added NameSearchPattern/NameReplacePattern mutation support through export/import forms
New toolkit scripts:
- Bulk-AppAssignment.ps1: bulk-assign apps to groups/All Users/All Devices
- Bulk-AssignmentManager.ps1: add/remove assignments for any policy type with correct @odata.type
- Backup-Restore-Assignments.ps1: JSON backup with cross-tenant group resolution
- Export-AssignmentsToCsv.ps1: CSV/Markdown documentation output
- Bulk-RenamePolicies.ps1: regex search/replace and prefix mutations
- Bulk-DeviceOperations.ps1: delete/retire/wipe/lock/sync with -WhatIf safeguards
- Start-IntuneManagementTui.ps1: interactive terminal UI for headless operations
- Create-IntuneManagementApp.ps1: helper for app registration setup
Updated existing scripts:
- Export-Policies.ps1 / Import-Policies.ps1: wired mutation params through
- Start-HeadlessIntune.ps1: integrated TUI and new parameter forwarding
- Add Deploy-IntuneBaseline.ps1 for YAML-driven policy + assignment deployment
- Add ConvertTo-IntuneBaseline.ps1 to convert export folders to baseline manifests
- Add example OpenIntuneBaseline YAML in Baselines/
- Supports mutations, group auto-creation, idempotency, and WhatIf mode
- Unified required Microsoft Graph app roles in Initialize-IntuneAuth.ps1
- Added permission patching for existing app registrations
- Logs the change and operations for audit
Fixed issue with ADMX import and different enum format
Fixed issue with skipping Not Configured for Compliance Policies
Added support for documenting Compliance Policy V2 (Linux)
Device settings does not return next page so get top 500
Found a rare issue where Settings Catalog could return next page after all items were returned. This caused the app to crash when scrolling the list.
tomas.kracmar
Mikael Karlsson
Frank
Robert Kooistra
MrR0b3rt
Mykhailo-Roit
Liam