cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
111 Commits 1 Branch 4 Tags
33e1118cc6f5c6913d02f130b5c1483489942c00
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

macOS Intune Management

Cross-platform, headless Intune policy export/import with PowerShell.

This repository is now CLI-first. The old WPF application surface has been removed from the repo. The supported workflow is:

  1. export policies from a source tenant
  2. store the exported JSON and migration table
  3. import into a target tenant with app-only or browser authentication

Entry points

Runtime

  • pwsh 7+
  • Microsoft Graph app registration
  • App-only auth with client secret or certificate, or browser auth with a public client redirect URI

Default object types

The default headless policy scope is:

  • DeviceConfiguration
  • SettingsCatalog
  • AdministrativeTemplates
  • CompliancePolicies
  • EndpointSecurity
  • PolicySets

You can override that list with -ObjectTypes.

Export

pwsh ./Scripts/Export-Policies.ps1 `
  -TenantId "<source-tenant-id>" `
  -AppId "<app-id>" `
  -Secret "<client-secret>" `
  -ExportPath "/tmp/intune-export" `
  -IncludeAssignments

Export with browser auth

pwsh ./Scripts/Export-Policies.ps1 `
  -TenantId "<source-tenant-id>" `
  -AuthMode Browser `
  -ExportPath "/tmp/intune-export"

Import

pwsh ./Scripts/Import-Policies.ps1 `
  -TenantId "<target-tenant-id>" `
  -AppId "<app-id>" `
  -Secret "<client-secret>" `
  -ImportPath "/tmp/intune-export/SourceTenantName" `
  -ImportType alwaysImport `
  -IncludeAssignments `
  -IncludeScopeTags `
  -ReplaceDependencyIds

Import with browser auth

pwsh ./Scripts/Import-Policies.ps1 `
  -TenantId "<target-tenant-id>" `
  -AuthMode Browser `
  -ImportPath "/tmp/intune-export/SourceTenantName"

Single entrypoint

pwsh ./Start-HeadlessIntune.ps1 `
  -Action Export `
  -TenantId "<source-tenant-id>" `
  -AppId "<app-id>" `
  -Secret "<client-secret>" `
  -ExportPath "/tmp/intune-export"

pwsh ./Start-HeadlessIntune.ps1 `
  -Action Import `
  -TenantId "<target-tenant-id>" `
  -AppId "<app-id>" `
  -Secret "<client-secret>" `
  -ImportPath "/tmp/intune-export/SourceTenantName" `
  -ImportType alwaysImport

pwsh ./Start-HeadlessIntune.ps1 `
  -Action Export `
  -TenantId "<source-tenant-id>" `
  -AuthMode Browser `
  -RedirectUri "http://localhost" `
  -ExportPath "/tmp/intune-export"

Notes

  • Export writes a migration table used during cross-tenant import.
  • Import can translate dependency IDs and recreate missing assignment groups.
  • This repo intentionally does not preserve the old Windows UI launch flow.
  • Browser auth uses the system browser and a loopback redirect.
  • If you omit -AppId with -AuthMode Browser, the CLI defaults to the Microsoft Graph PowerShell public client app id 14d82eec-204b-4c2f-b7e8-296a70dab67e.
  • If your own app registration does not allow loopback redirects, pass -AppId and -RedirectUri "http://localhost" and configure the same redirect URI in Entra ID.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 40 MiB
Releases 3
v4.1.0 Latest
2026-04-16 13:43:42 +00:00
Languages
PowerShell 99.5%
C# 0.5%