cqrenet/macOS_IntuneManagement
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

4 Releases 5 Tags

RSS Feed
  • 4.1.0 d3e0769799
    Compare

    4.1.0 — restructure, CIS baselines, reporting and fzf hints Stable

    tomas.kracmar released this 2026-06-14 13:24:52 +00:00 | 1 commits to main since this release

    This release reorganizes the entry-point scripts, adds CIS M365 baselines and reporting utilities, and hardens the repository against committing local artifacts.

    New and moved entry points

    • Start-IntuneToolkit.ps1 is now at the repo root (the recommended unified launcher).
    • Scripts/Start-HeadlessIntune.ps1 moved from the repo root.
    • Scripts/Private/Start-IntuneManagementTui.ps1 moved to the Private helper folder.

    New capabilities

    • CIS M365 v7 baselineScripts/Deploy-CISM365Baseline.ps1 plus Baselines/CISM365-v7*.yaml and Baselines/M365-CIS-Rapid/.
    • Python reporting utilitiesExport-SettingsReport.py, Export-AssignmentReport.py, Export-ObjectInventoryReport.py generate CSV/Markdown reports from local exports. Settings Catalog names are resolved automatically via configurationSettings.json.
    • Conditional Access wizardScripts/Start-CAWizard.ps1 and Scripts/ca-wizard.py help scaffold Conditional Access baselines.
    • Baseline batch runnerScripts/Invoke-BaselineBatch.ps1 runs multiple baseline manifests in one pass.

    Improvements

    • Deploy-IntuneBaseline.ps1 adds Merge conflict resolution, -ReportPath output, and optimized group loading.
    • Initialize-IntuneAuth.ps1 adds -RotateSecret and -SecretExpiryYears for secret lifecycle management.
    • Extensions/EndpointManager.psm1 and Extensions/MSGraph.psm1 auto-export Settings Catalog definitions during export.
    • README.md updated with the new entry points and full script catalog.
    • New AGENTS.md documents the project architecture, dependencies, testing notes, and security considerations for AI coding agents.

    Repository hygiene

    • .gitignore now excludes .DS_Store, __pycache__, .venv-pdf/, local export folders, Settings.json, and IntuneManagement.log.
    • Removed an accidental tenant export folder and the local .venv-pdf directory before committing.

    See CHANGELOG_macOS_IntuneToolkit.md and AGENTS.md for full details.

    Downloads
  • v4.1.0 e333af978c
    Compare

    v4.1.0 Stable

    tomas.kracmar released this 2026-04-16 13:43:42 +00:00 | 2 commits to main since this release

    Highlights

    • App registrations are now named after the authenticated Entra user (e.g. IntuneManagement-tomas.kracmar@cqre.net) for better audit-log accountability.
    • Added -Delete and -DeleteApp switches to Initialize-IntuneAuth.ps1 for cleaning up local credentials and Entra app registrations.
    • TUI now has menu items 14 and 15 for auth deletion, and onboarding flows straight into init.
    • Added Accountability & PIM caveats documentation.

    See CHANGELOG_macOS_IntuneToolkit.md for full details.

    Downloads
  • 4.0.1 1ff059342f
    Compare

    4.0.1 — fzf detection and install hints Stable

    tomas.kracmar released this 2026-04-16 09:36:25 +00:00 | 4 commits to main since this release

    This patch release adds user-friendly detection for missing fzf and shows platform-specific install hints before falling back to numbered menus.

    What's new

    • Scripts/Start-IntuneToolkit.ps1 — detects missing fzf at startup and prints install commands for macOS (brew), Linux (apt/dnf/pacman), and Windows (winget/choco).
    • Scripts/Start-IntuneManagementTui.ps1 — same hint behavior for the standalone TUI entry point.
    • README.md — lists fzf as an optional runtime dependency with per-platform install instructions.

    Everything else from 4.0.0 remains unchanged.

    Downloads
  • 4.0.0 15210313cd
    Compare

    4.0.0 — macOS Intune Toolkit Stable

    tomas.kracmar released this 2026-04-16 09:03:05 +00:00 | 6 commits to main since this release

    This release marks the CLI-first pivot for the macOS Intune Toolkit. The legacy WPF application surface has been removed; the supported workflow is now entirely headless PowerShell.

    Highlights

    • Unified launcherScripts/Start-IntuneToolkit.ps1 provides a single fzf-based (or numbered) terminal menu for every tool, with tenant caching and name resolution.
    • Browser auth — headless export/import now supports interactive browser authentication without needing an app secret.
    • Declarative baseline deployerDeploy-IntuneBaseline.ps1 + ConvertTo-IntuneBaseline.ps1 bring YAML-driven, idempotent policy deployment with dry-run support.
    • Bulk assignment manager — add/remove assignments for any policy type (and apps) using the correct bulk /assign endpoint.
    • Auth initializerInitialize-IntuneAuth.ps1 creates an Entra app registration, patches missing permissions, and stores secrets in the macOS Keychain (or Windows Credential Manager).
    • Bulk rename, device operations, and assignment backup/restore — complete the toolkit for day-to-day tenant operations.

    Fixes & improvements

    • Settings Catalog policies now use the name property and the correct #microsoft.graph.deviceManagementConfigurationPolicyAssignment type.
    • Invoke-GraphRequest throws on HTTP errors instead of returning silent nulls.
    • Group and policy queries support -AllPages for large tenants.
    • Retry logic for transient 5xx/429 errors in rename operations.

    See CHANGELOG_macOS_IntuneToolkit.md for the full details.

    Downloads