2.3 KiB
2.3 KiB
macOS Intune Management
Cross-platform, headless Intune policy export/import with PowerShell.
This repository is now CLI-first. The old WPF application surface has been removed from the repo. The supported workflow is:
- export policies from a source tenant
- store the exported JSON and migration table
- import into a target tenant with app-only authentication
Entry points
- Start-HeadlessIntune.ps1
- Scripts/Export-Policies.ps1
- Scripts/Import-Policies.ps1
- Headless/IntuneManagement.Headless.psd1
Runtime
pwsh7+- Microsoft Graph app registration with app-only access
- Client secret or certificate
Default object types
The default headless policy scope is:
DeviceConfigurationSettingsCatalogAdministrativeTemplatesCompliancePoliciesEndpointSecurityPolicySets
You can override that list with -ObjectTypes.
Export
pwsh ./Scripts/Export-Policies.ps1 `
-TenantId "<source-tenant-id>" `
-AppId "<app-id>" `
-Secret "<client-secret>" `
-ExportPath "/tmp/intune-export" `
-IncludeAssignments
Import
pwsh ./Scripts/Import-Policies.ps1 `
-TenantId "<target-tenant-id>" `
-AppId "<app-id>" `
-Secret "<client-secret>" `
-ImportPath "/tmp/intune-export/SourceTenantName" `
-ImportType alwaysImport `
-IncludeAssignments `
-IncludeScopeTags `
-ReplaceDependencyIds
Single entrypoint
pwsh ./Start-HeadlessIntune.ps1 `
-Action Export `
-TenantId "<source-tenant-id>" `
-AppId "<app-id>" `
-Secret "<client-secret>" `
-ExportPath "/tmp/intune-export"
pwsh ./Start-HeadlessIntune.ps1 `
-Action Import `
-TenantId "<target-tenant-id>" `
-AppId "<app-id>" `
-Secret "<client-secret>" `
-ImportPath "/tmp/intune-export/SourceTenantName" `
-ImportType alwaysImport
Notes
- Export writes a migration table used during cross-tenant import.
- Import can translate dependency IDs and recreate missing assignment groups.
- This repo intentionally does not preserve the old Windows UI launch flow.