cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
c4b8f4aaf681739953ff09348d01a914e6b8acf9
macOS_IntuneManagement/OPERATIONS_LOG.md
Tomas Kracmar c4b8f4aaf6 feat(baseline): declarative Intune baseline deployer 
- Add Deploy-IntuneBaseline.ps1 for YAML-driven policy + assignment deployment
- Add ConvertTo-IntuneBaseline.ps1 to convert export folders to baseline manifests
- Add example OpenIntuneBaseline YAML in Baselines/
- Supports mutations, group auto-creation, idempotency, and WhatIf mode
2026-04-14 14:59:29 +02:00

4.5 KiB
Raw Blame History

Agent Operations Log

Session: 2026-04-13T13:31:37+02:00

Task

Update Initialize-IntuneAuth.ps1 to ensure the Entra app registration is granted all Microsoft Graph permissions required by the expanded macOS Intune Toolkit, and log all operations.

Operations performed

  1. ReadFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Line offset: 140, Lines: 60
    • Purpose: Inspect the existing roles array and app creation logic.

  2. StrReplaceFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Change: Replaced the inline $roles array + app creation block with a unified $requiredRoles list and added logic to patch missing permissions into an existing app registration via Update-MgApplication.
    • Impact: New apps get the full permission set; existing apps are updated if roles are missing.

  3. Grep

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Pattern: New-MgServicePrincipalAppRoleAssignment
    • Purpose: Verify the downstream admin-consent loop would pick up updated roles.

  4. ReadFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Line offset: 220, Lines: 50
    • Purpose: Inspect the consent-granting region around New-MgServicePrincipalAppRoleAssignment.

  5. Grep

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1
    • Pattern: \$roles
    • Purpose: Confirm no stale $roles references remained after the refactor.

  6. Shell

    • Command: pwsh -Command "$ErrorActionPreference='Stop'; Get-Command /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1 | Out-Null; Write-Host 'Syntax OK'"
    • Result: Syntax OK (PowerShell parsed the script without errors).

  7. Shell

    • Command: cd /Users/avedelphina/Local/IntuneManagement && git diff -- Scripts/Initialize-IntuneAuth.ps1
    • Result: No diff output (file is untracked in git).

  8. Shell

    • Command: cd /Users/avedelphina/Local/IntuneManagement && git status --short
    • Result: Listed modified and untracked files, confirming Scripts/Initialize-IntuneAuth.ps1 is ?? (untracked).

  9. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/CHANGELOG_macOS_IntuneToolkit.md
    • Content: High-level changelog of the permissions update and prior context.

  10. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/OPERATIONS_LOG.md
    • Content: This file.

Files modified in this session

  • Scripts/Initialize-IntuneAuth.ps1

Files created in this session

  • CHANGELOG_macOS_IntuneToolkit.md
  • OPERATIONS_LOG.md

Session: 2026-04-13 (continuation)

Task

Build a declarative Intune baseline deployment system (YAML manifest + deployer script + converter helper).

Operations performed

  1. ReadFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Bulk-AssignmentManager.ps1
    • Purpose: Studied auth bootstrap pattern, $assignableTypes registry, and assignment payload format.

  2. ReadFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Extensions/MSGraph.psm1
    • Purpose: Verified Invoke-GraphRequest parameter names (Content alias Body, HttpMethod alias Method).

  3. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Baselines/OpenIntuneBaseline.example.yaml
    • Content: Example baseline manifest with groups, mutations, and policy assignments.

  4. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/Deploy-IntuneBaseline.ps1
    • Content: Main deployer script (~550 lines) with YAML parsing, group creation, policy import/update, mutation, idempotency, and assignment deployment.

  5. WriteFile

    • Path: /Users/avedelphina/Local/IntuneManagement/Scripts/ConvertTo-IntuneBaseline.ps1
    • Content: Helper script that scans an export folder and emits a baseline YAML skeleton.

  6. Shell

    • Commands: Syntax validation (Get-Command) on both new scripts.
    • Result: Both scripts parsed successfully.

  7. WriteFile (append)

    • Path: /Users/avedelphina/Local/IntuneManagement/CHANGELOG_macOS_IntuneToolkit.md
    • Added changelog entry for the baseline deployer feature.

  8. WriteFile (append)

    • Path: /Users/avedelphina/Local/IntuneManagement/OPERATIONS_LOG.md
    • Added this very entry.

Files created in this session

  • Baselines/OpenIntuneBaseline.example.yaml
  • Scripts/Deploy-IntuneBaseline.ps1
  • Scripts/ConvertTo-IntuneBaseline.ps1
Reference in New Issue View Git Blame Copy Permalink