cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
87b7af25a7abee03026fe82cc574cf9226609bd0
macOS_IntuneManagement/OPERATIONS_LOG.md
Tomas Kracmar 87b7af25a7 feat(auth): sync full Graph permission set and patch existing apps 
- Unified required Microsoft Graph app roles in Initialize-IntuneAuth.ps1
- Added permission patching for existing app registrations
- Logs the change and operations for audit
2026-04-14 12:15:14 +02:00

2.7 KiB
Raw Blame History

Agent Operations Log

Session: 2026-04-13T13:31:37+02:00

Task

Update Initialize-IntuneAuth.ps1 to ensure the Entra app registration is granted all Microsoft Graph permissions required by the expanded macOS Intune Toolkit, and log all operations.

Operations performed

  1. ReadFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Line offset: 140, Lines: 60
    • Purpose: Inspect the existing roles array and app creation logic.

  2. StrReplaceFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Change: Replaced the inline $roles array + app creation block with a unified $requiredRoles list and added logic to patch missing permissions into an existing app registration via Update-MgApplication.
    • Impact: New apps get the full permission set; existing apps are updated if roles are missing.

  3. Grep

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Pattern: New-MgServicePrincipalAppRoleAssignment
    • Purpose: Verify the downstream admin-consent loop would pick up updated roles.

  4. ReadFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Line offset: 220, Lines: 50
    • Purpose: Inspect the consent-granting region around New-MgServicePrincipalAppRoleAssignment.

  5. Grep

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Pattern: \$roles
    • Purpose: Confirm no stale $roles references remained after the refactor.

  6. Shell

    • Command: pwsh -Command "$ErrorActionPreference='Stop'; Get-Command /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1 | Out-Null; Write-Host 'Syntax OK'"
    • Result: Syntax OK (PowerShell parsed the script without errors).

  7. Shell

    • Command: cd /Users/avedelphina/Local/IntuneManagement && git diff -- Scripts/Initialize-IntuneAuth.ps1
    • Result: No diff output (file is untracked in git).

  8. Shell

    • Command: cd /Users/avedelphina/Local/IntuneManagement && git status --short
    • Result: Listed modified and untracked files, confirming Scripts/Initialize-IntuneAuth.ps1 is ?? (untracked).

  9. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/CHANGELOG_macOS_IntuneToolkit.md
    • Content: High-level changelog of the permissions update and prior context.

  10. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/OPERATIONS_LOG.md
    • Content: This file.

Files modified in this session

  • Scripts/Initialize-IntuneAuth.ps1

Files created in this session

  • CHANGELOG_macOS_IntuneToolkit.md
  • OPERATIONS_LOG.md
Reference in New Issue View Git Blame Copy Permalink