cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
87b7af25a7abee03026fe82cc574cf9226609bd0
macOS_IntuneManagement/OPERATIONS_LOG.md
Tomas Kracmar 87b7af25a7 feat(auth): sync full Graph permission set and patch existing apps 
- Unified required Microsoft Graph app roles in Initialize-IntuneAuth.ps1
- Added permission patching for existing app registrations
- Logs the change and operations for audit
2026-04-14 12:15:14 +02:00

65 lines
2.7 KiB
Markdown
Raw Blame History

# Agent Operations Log
## Session: 2026-04-13T13:31:37+02:00
### Task
Update `Initialize-IntuneAuth.ps1` to ensure the Entra app registration is granted all Microsoft Graph permissions required by the expanded macOS Intune Toolkit, and log all operations.
---
## Operations performed
1. **ReadFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Line offset: `140`, Lines: `60`
- Purpose: Inspect the existing roles array and app creation logic.
2. **StrReplaceFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Change: Replaced the inline `$roles` array + app creation block with a unified `$requiredRoles` list and added logic to patch missing permissions into an existing app registration via `Update-MgApplication`.
- Impact: New apps get the full permission set; existing apps are updated if roles are missing.
3. **Grep**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Pattern: `New-MgServicePrincipalAppRoleAssignment`
- Purpose: Verify the downstream admin-consent loop would pick up updated roles.
4. **ReadFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Line offset: `220`, Lines: `50`
- Purpose: Inspect the consent-granting region around `New-MgServicePrincipalAppRoleAssignment`.
5. **Grep**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Pattern: `\$roles`
- Purpose: Confirm no stale `$roles` references remained after the refactor.
6. **Shell**
- Command: `pwsh -Command "$ErrorActionPreference='Stop'; Get-Command /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1 | Out-Null; Write-Host 'Syntax OK'"`
- Result: Syntax OK (PowerShell parsed the script without errors).
7. **Shell**
- Command: `cd /Users/avedelphina/Local/IntuneManagement && git diff -- Scripts/Initialize-IntuneAuth.ps1`
- Result: No diff output (file is untracked in git).
8. **Shell**
- Command: `cd /Users/avedelphina/Local/IntuneManagement && git status --short`
- Result: Listed modified and untracked files, confirming `Scripts/Initialize-IntuneAuth.ps1` is `??` (untracked).
9. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/CHANGELOG_macOS_IntuneToolkit.md`
- Content: High-level changelog of the permissions update and prior context.
10. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/OPERATIONS_LOG.md`
- Content: This file.
---
## Files modified in this session
- `Scripts/Initialize-IntuneAuth.ps1`
## Files created in this session
- `CHANGELOG_macOS_IntuneToolkit.md`
- `OPERATIONS_LOG.md`
Reference in New Issue View Git Blame Copy Permalink