cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
c4b8f4aaf681739953ff09348d01a914e6b8acf9
macOS_IntuneManagement/OPERATIONS_LOG.md
Tomas Kracmar c4b8f4aaf6 feat(baseline): declarative Intune baseline deployer 
- Add Deploy-IntuneBaseline.ps1 for YAML-driven policy + assignment deployment
- Add ConvertTo-IntuneBaseline.ps1 to convert export folders to baseline manifests
- Add example OpenIntuneBaseline YAML in Baselines/
- Supports mutations, group auto-creation, idempotency, and WhatIf mode
2026-04-14 14:59:29 +02:00

112 lines
4.5 KiB
Markdown
Raw Blame History

# Agent Operations Log
## Session: 2026-04-13T13:31:37+02:00
### Task
Update `Initialize-IntuneAuth.ps1` to ensure the Entra app registration is granted all Microsoft Graph permissions required by the expanded macOS Intune Toolkit, and log all operations.
---
## Operations performed
1. **ReadFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Line offset: `140`, Lines: `60`
- Purpose: Inspect the existing roles array and app creation logic.
2. **StrReplaceFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Change: Replaced the inline `$roles` array + app creation block with a unified `$requiredRoles` list and added logic to patch missing permissions into an existing app registration via `Update-MgApplication`.
- Impact: New apps get the full permission set; existing apps are updated if roles are missing.
3. **Grep**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Pattern: `New-MgServicePrincipalAppRoleAssignment`
- Purpose: Verify the downstream admin-consent loop would pick up updated roles.
4. **ReadFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Line offset: `220`, Lines: `50`
- Purpose: Inspect the consent-granting region around `New-MgServicePrincipalAppRoleAssignment`.
5. **Grep**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1`
- Pattern: `\$roles`
- Purpose: Confirm no stale `$roles` references remained after the refactor.
6. **Shell**
- Command: `pwsh -Command "$ErrorActionPreference='Stop'; Get-Command /Users/avedelphina/Local/IntuneManagement/Scripts/Initialize-IntuneAuth.ps1 | Out-Null; Write-Host 'Syntax OK'"`
- Result: Syntax OK (PowerShell parsed the script without errors).
7. **Shell**
- Command: `cd /Users/avedelphina/Local/IntuneManagement && git diff -- Scripts/Initialize-IntuneAuth.ps1`
- Result: No diff output (file is untracked in git).
8. **Shell**
- Command: `cd /Users/avedelphina/Local/IntuneManagement && git status --short`
- Result: Listed modified and untracked files, confirming `Scripts/Initialize-IntuneAuth.ps1` is `??` (untracked).
9. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/CHANGELOG_macOS_IntuneToolkit.md`
- Content: High-level changelog of the permissions update and prior context.
10. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/OPERATIONS_LOG.md`
- Content: This file.
---
## Files modified in this session
- `Scripts/Initialize-IntuneAuth.ps1`
## Files created in this session
- `CHANGELOG_macOS_IntuneToolkit.md`
- `OPERATIONS_LOG.md`
## Session: 2026-04-13 (continuation)
### Task
Build a declarative Intune baseline deployment system (YAML manifest + deployer script + converter helper).
---
## Operations performed
1. **ReadFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Bulk-AssignmentManager.ps1`
- Purpose: Studied auth bootstrap pattern, `$assignableTypes` registry, and assignment payload format.
2. **ReadFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Extensions/MSGraph.psm1`
- Purpose: Verified `Invoke-GraphRequest` parameter names (`Content` alias `Body`, `HttpMethod` alias `Method`).
3. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Baselines/OpenIntuneBaseline.example.yaml`
- Content: Example baseline manifest with groups, mutations, and policy assignments.
4. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/Deploy-IntuneBaseline.ps1`
- Content: Main deployer script (~550 lines) with YAML parsing, group creation, policy import/update, mutation, idempotency, and assignment deployment.
5. **WriteFile**
- Path: `/Users/avedelphina/Local/IntuneManagement/Scripts/ConvertTo-IntuneBaseline.ps1`
- Content: Helper script that scans an export folder and emits a baseline YAML skeleton.
6. **Shell**
- Commands: Syntax validation (`Get-Command`) on both new scripts.
- Result: Both scripts parsed successfully.
7. **WriteFile (append)**
- Path: `/Users/avedelphina/Local/IntuneManagement/CHANGELOG_macOS_IntuneToolkit.md`
- Added changelog entry for the baseline deployer feature.
8. **WriteFile (append)**
- Path: `/Users/avedelphina/Local/IntuneManagement/OPERATIONS_LOG.md`
- Added this very entry.
## Files created in this session
- `Baselines/OpenIntuneBaseline.example.yaml`
- `Scripts/Deploy-IntuneBaseline.ps1`
- `Scripts/ConvertTo-IntuneBaseline.ps1`
Reference in New Issue View Git Blame Copy Permalink