New features
- Intune Info
- Added 'Baseline Templates - Settings Catalog'
This list templates for Settings Catalog policies eg. Security Baseline for Windows 10 and later
- Added 'Baseline Templates - Settings Catalog'
Fixes
-
Import/Export
- Fixed support for export/import App Configurations (Device) - Android between environments
Based on Issue 255
Thank you @jimmywinberg for all the testing! - Fixed support for export/import App Configurations (Device) - iOS (VPP) between environments
Based on Issue 260
Thank you @Arne-RFA for all the testing! - Added support for exporting Groups targeted in W365 assignments
Based on Issue 261
- Fixed support for export/import App Configurations (Device) - Android between environments
-
Added tooltip that variables are supported in the Export folder path
Based on Discussions 269 -
Documentation
- App Configuration (Device) documentation updated
Added support for value type for Android policies
Please continue discussion on the Issue below if this is still not working
Based on Issue 231
This required some rewriting of the core documentation and an update to all output providers
This will make it easier to add additional tables to the documentation in the future - Fixed issue with missing group name when exporting CSV
Based on Issue 274 - Fixed issue with Authentication Strength when documenting Conditional Access policies
- Language files re-generated
- ObjectInfo files re-generated. Some Android updates
- ObjectCategory file re-generated
- App Configuration (Device) documentation updated
-
Compare
- Fixed issue with assignments on exported files when doing a Documentation compare
The group name was not resolved from migration table file
Based on Issue 274
- Fixed issue with assignments on exported files when doing a Documentation compare
-
Authentication
- Added setting to allow Sort Tenant List
Based on Issue 265
- Added setting to allow Sort Tenant List
New features
-
Compare
- Added support for automation with batch job
- Added a new Compare provider - Intune Objects with Exported Files (Name)
This will support comparison exported policies between environments - Added support for skipping missing source policies
- Added support for skipping missing destination policies
Based on Issue 203 and Issue 128
- Added support for automation with batch job
-
Compliance
- Added support for Compliance v2 policies eg Linx policies
- Added support for Compliance v2 policies eg Linx policies
Fixes
-
Compare
- Renamed default provider to "Exported Files with Intune Objects (Id)" from "Intune Objects with Exported Files"
- Renamed default provider to "Exported Files with Intune Objects (Id)" from "Intune Objects with Exported Files"
-
Generic
- Fixed issue with domain names with special characters in Profile info
Based on Issue 237 - Lots of spelling and languag fixes in documentation, script and UI
A huge thank you to @ee61r1 for doing all this!
- Fixed issue with domain names with special characters in Profile info
-
Import/Export
- Added support for exporting script for MacOS Custom attribute
Based on Issue 244
- Added support for exporting script for MacOS Custom attribute
-
Documentation
- App Configuration (Device) documentation updated
Initial support for Android
Please continue discussion on the Issue below if this is still not working
Based on Issue 231 - Added support for documenting MacOS Custom attribute
Based on Issue 244 - Fixed issed when documenting Shell script. Code was not included
- Language files re-generated
- AppTypes file re-generated. Some apps were not documented with proper name
- App Configuration (Device) documentation updated
BREAKING CHANGE
Microsoft are decommissioning the Intune PowerShell App with id d1ddf0e4-d672-4dae-b554-9d5bdfd93547, mentioned here
This was the default app in IntuneManagement. The default app is now changed to Microsoft Graph PowerShell app with id 14d82eec-204b-4c2f-b7e8-296a70dab67e
The script will automatically use that app for new installationsbr
A warning to change will be displayed if d1ddf0e4-d672-4dae-b554-9d5bdfd93547 is used
You can also register a new app, documented here and then configure that app in Settings
Note: This might require consent for the required permissions
There is no change if you are currently using a custom app or already changed to Microsoft Graph PowerShell in Settings
Also note that changing application will reset cached accounts
New features
- Compare
Fixes
-
Compare
- Fixed issue when comparing Settings Catalog settings with child settings eg Hardened UNC Paths in Security Baseline
- Fixed issue when comparing Settings Catalog settings with child settings eg Hardened UNC Paths in Security Baseline
-
Import/Export
- Added support for import of MSIX app content
Based on Discussion 191 - Disable autoload of modules to prevent loading MSGraph module if found
Based on Issue 208
- Added support for import of MSIX app content
-
Documentation
- Language files re-generated.
- AppTypes file re-generated. Some apps were not documented with proper name.
- Language files re-generated.
Fixes
-
Import/Export
- Assignments were not exported for some policies with trailing . in the name
Based on Issue 184
NOTE: Policy will not export if full path is over 260 characters - Fixed issue with policies not being exported when Batch was enabled in Settings
and there was only one policy for the specified object type - Failed to get App Protection policies when Proxy was configured
- Fixed issue with importing policies with dependency in tenants with 100+ policies for a single policy type
Dependency only imported first page. All pages will be imported now to resolve dependencies
Based on Issue 183
- Assignments were not exported for some policies with trailing . in the name
-
Fixed issue with multiple export folders when using %DateTime% in path
Based on Issue 189 -
Get Assignment Filter usage
- Filters not returned if only assigned to one policy
Based on Issue 141
NOTE: Start the tool from: Views -> Intune Tools -> Intune Filter Usage
- Filters not returned if only assigned to one policy
-
Compare
- Comparing Settings Catalog objects with exported objects failed
Issue cause by offline documentation was not working
Based on Issue 183
- Comparing Settings Catalog objects with exported objects failed
-
Documentation
- Offline documentation of Settings Catalog was not working.
Values were always documented from online object - Conditional Access documentation updates for Android and iOS
- App Protection documentation updates for Android and iOS
- Language files re-generated. Azure shou now be Entra for some documentations.
- Offline documentation of Settings Catalog was not working.
Fixes
-
Get Assignment Filter usage
- All policies that supports filter should now be collected
Please create an issue if not all expected filters are listed
Based on Issue 141
NOTE: Start the tool from: Views -> Intune Tools -> Intune Filter Usage
- All policies that supports filter should now be collected
-
Documentation
- Added support for documenting Conditional Access policies based on Workloads
Not 100% tested. Please report if not documented correctly
- Added support for documenting Conditional Access policies based on Workloads
New features
-
New tool - Get Assignment Filter usage
- List all policies and assignments with a Filter defined
Based on Issue 141
NOTE: Start the tool from: Views -> Intune Tools -> Intune Filter Usage
- List all policies and assignments with a Filter defined
-
Batch Export of App Content Encryption Key from Intunewin files
This script can export encryption keys from existing intunewin files
Example:
Export-EncrytionKeys -RootFolder C:\Intune\Packages -ExportFolder C:\Intune\Download
This will export the encryption key information for each .intunewinfiles under C:\Intune\Packages
One json file will be created (for each .intunwinfile) in the C:\Intune\Download folder
File name will be <IntunewinFileBaseName>_<UnencryptedFileSize>.json
Do NOT rename this file since the script will search for that file when downloading or exporting App content
The script will not require authentication and it will have no knowledge of apps in Intune
Filename and unencrypted file size is used as the identifier to match app content in Intune with encryption file
Important notes:
Exported and decrypted .intunewin files are not supported to use for import at the moment.
These files are just the "zip" version of the source and can be unzipped with any zip extraction tool
The .intunewin file used for import has the "zip" version of the file and an xml with the encryption information +
additional file information eg. msi properties, file size etc.
Use the exported unencrypted "zip" version to restore the original files. Re-run the packaging tool if it should be re-used as applications content
Please report any issues or create a discussion if there are any questions
Script is located: <RootFolder>\Scripts\Export-EncrytionKeys.ps1
Fixes
-
Export
- Fixed issue where Assignments were included in export even if 'Export Assignments' was unchecked
Based on Issue 171
- Fixed issue where Assignments were included in export even if 'Export Assignments' was unchecked
-
Documentation
- Fixed issue where filter was not documented on some policies
- Fixed issue with Word Output provider if a policy only had one settings
- Fixed issue where filter was not documented on some policies
-
Custom ADMX Files
- Fixed bug with migrating custom policies between environments. Cache was not cleared when swapping tenants or imported additional ADMX files
- Fixed documentention issue with Administrative template policies in GCC environment. Name and Category was missing
Based on Issue 174 - Custom ADMX based policies was missing properties when swapping tenant
Based on Issue 124
- Fixed bug with migrating custom policies between environments. Cache was not cleared when swapping tenants or imported additional ADMX files
-
Generic
- Fixed logging issues when processing objects with a group that was deleted. ID was not reported
- Generic Batch request function created to support other batch requests eg Groups
- Fixed logging issues when processing objects with a group that was deleted. ID was not reported
New features
-
Application Content Export - Experimental
- Added support for Exporting Appliction with decrypted content
App file can be downloaded during export or from the detail view of the Application
Enable "Save Encryption File" and specify "App download folder" in Settings
"App download folder" is used for encryption file and manual download
File content will be downloaded to the export foler during export
Files will be downloaded with .encrypted extension and then decrypted to original file name
Please report any issue or any suggestions
NOTE: This will ONLY work if the encryption file is exported and available
- Added support for Exporting Appliction with decrypted content
-
Authentication
- Login with application
This will login with specified Azure App ID and Secret/Certificate that is used for Batch processes
NOTE: This will require a restart of the app
Start with app must use -TenantID on command line. AppID and Secret/Certificate can be specified in Settings or command line
Example: Start-IntuneManagement.ps1 -tenantId "<TenantID>" -appid "<AppID>" -secret "<Secret>"
See Start-WithApp.cmd for samle file
Based on Issue 122 and Issue 134
- Login with application
-
Support for new Settings
- Save encryption file - Saves a json file with encryption data when an application file is uploaded eg created or uploaded in details view
- App download folder - Folder where application files should be downloaded and decrypted
- Login with App in UI (Preview) - Use app batch login in UI
- Use Graph 1.0 (Not Recommended) - Use Graph v1.0 instead of Beta. Note: Some features will NOT work in v1.0
Based on Issue 170
- Save encryption file - Saves a json file with encryption data when an application file is uploaded eg created or uploaded in details view
Fixes
-
Documentation
- Language files re-generated eg Supersedence (preview) -> Supersedence
- Added support for documenting "Filter for devices" info for Conditional Access policies
Based on Issue 168
- Language files re-generated eg Supersedence (preview) -> Supersedence
-
Custom ADMX Files
-
Importing Windows LoB Apps
- Fixed issue when importing LoB Apps that was only targeted to System context
Available Assignment option was missing after import
Based on Discussion 164 - Added support for Depnedency and Supersedence reations at import
Application will need to be re-exported since additinal data is added to the export file
Based on Discussion 159
- Fixed issue when importing LoB Apps that was only targeted to System context
-
Generic
- Fixed issue when compiling Procxy CS file
- Tls 1.2 is now enforced.
Based on Discussion 166
- Fixed issue when compiling Procxy CS file
New features
-
Added support for Windows Update Driver Policies
-
Support for new Settings
- Proxy configuration - If configured, Proxy will be used for authentication, APIs and upload
- Disable Write-Error output - Skip PowerShell errors in output
- Proxy configuration - If configured, Proxy will be used for authentication, APIs and upload
Default Settings Value Changes
- Conditional Access policies will now be imported as Disabled by default
- New import option added: As Exported - Change On to Report-only
- This is to avoid being locked out from the tenant when importing Conditional Access policies
- Based on Discussion 139
Fixes
-
Documentation
- Fixed issues with some Feature Updates properties
- Added missing strings on Windows Update polices
- Regenerated Language files and Translation tables for Template policies
Note: Conditional Access string has changed file in background. Please report if there is anything missing
- Fixed issues with some Feature Updates properties
-
Custom ADMX Files
- Fixed issues with migrating custom policies between environments
- Case reopened due to something broke the initial functionality
- Only custom ADMX policies with #Definition properties can be imported into a new environment
- Based on Issue 124
- Fixed issues with migrating custom policies between environments
-
Scope Tags
- Fixed issues with importing policies with Scope Tags but they were not set
- Based on Issue 133
- Fixed issues with importing policies with Scope Tags but they were not set
Generic
- Remove invalid characters from path.
- Based on Issue 150
New features
-
Added support for Authentication Context objects
- These are used by Conditional Access policies
Based on Issue 109
- These are used by Conditional Access policies
-
Added support for Windows 365 Cloud PC settings
- Based on Issue 125
- Based on Issue 125
-
Added support for Export/Import Tennant Settings
- This is added the Intune Info view for now (Views -> Intune Info)
This means that there is no support for Bulk Import/Export. It must be done manually
This is to minimize the risk of re-importing Tenant settings
Based on Discussion 131
- This is added the Intune Info view for now (Views -> Intune Info)
Fixes
- Documentation
- Intunwin File Upload
- Fixed issue when uploading very large files
Based on Issue 112 - Fixed issue when IE not installed
- Fixed issue when uploading very large files
- Compare
- Fixed issue where Compare could generate an exception in the log
Based on Issue 128
Note: Issue 128 is only partially fixed. Compare needs a major update to fix the rest
- Fixed issue where Compare could generate an exception in the log
- Import
- Fixed an issue when creating Cloud groups based on on-prem groups without MigTable
- Fixed an issue when importing groups with a space in the beginning
Note: Inital spaces will be removed when importing groups - Fixed issue when importing Endpoint Status Page polices with applications defined
- Fixed issue when importing Proactive Remediations (Health Scripts) with assignments
- Fixed issue when importing a Conditional Policy with Session propery disableResilienceDefaults set to $false
- Fixed issue when importing WiFi profiles. Support for multiple references was added eg multiple server verification certificates
Based on Issue 114 - Terms of Use was not visible in the menu
Note: This might generate a Consent prompt if Use Default Permissions is not enabled
Additional permission required on the Azure App: Agreement.ReadWrite.All
- Fixed an issue when creating Cloud groups based on on-prem groups without MigTable
New features
-
Added support for Reusable Settings objects
- These are used by some of the Endpoint Security polices like Firewall rules
Based on private request
Note: No documentation support yet
- These are used by some of the Endpoint Security polices like Firewall rules
-
Added support for custom Authentication Strengths objects
- These can be used in Conditional Access policies
Based on Issue 109
Note: Not all issues in 109 are fixed yet and no documentation support yet
- These can be used in Conditional Access policies
-
Export/Import
- PowerShell files for Health Scripts exported to the Export folder
- PowerShell files for Application Detection scripts are exported to the Export folder
Both scripts exports are based on Issue 103
- PowerShell files for Health Scripts exported to the Export folder
-
Documentation
- Documentation engine completely rewritten for Settings Catalog and had major updates for other object types
Please create an issue if there are any problems - Added support for HTML output
- MD output is now official with included support for CSS and single file Output.
Based on Issue 35 - Added support for indent on sub-properties so it will be visible that a property is set based on a parent
Based on Discussion 90 - Added option to skip assignments in the documentation
Based on Issue 102 - Moved some Output options to generic output settings; Document scripts and Remove script signature
- Documentation engine completely rewritten for Settings Catalog and had major updates for other object types
-
Generic
- Added new property on applications, InstallerType. This can be added as a new column to the View for Applications.
It specifies the New Microsoft Store App type; UWP or Win32
Based on Issue 101 - Added response information f an API call failed. The log should now have a better description on why an API failed.
- Added new property on applications, InstallerType. This can be added as a new column to the View for Applications.
Fixes
-
Documentation
- Lots of documentation issues fixed by the new Documentation engine
- Sections and policies should now be in correct alphabetic order
Based on Discussion 90 - Fixed issues with assignments for Setting Catalog issues
Based on Issue 102 - Translation files re-generated
- Fixed error message: "Invoke-WordTranslateColumnHeader is not recognized as the name of a cmdlet"
Based on Issue 99
- Lots of documentation issues fixed by the new Documentation engine
-
Authentication
- Fixed an issue when authentication to China Cloud
Based on Issue 106
- Fixed an issue when authentication to China Cloud
Fixes
Lots of these issues are based on Issue 94
Thank you Dominique for all the amazing help with testing!
-
Import/Export
- Added support for Export of TermsOfUse PDF files
Based on Issue 27 - Fixed an issue where it failed to import .intunewin files during bulk import
- Fixed issue with importing Edge app assignments
- Changed the order for Bulk delete to make sure policies are deleted in the correct order
- Lots of logging fixes for Bulk Export - Logged error when exporting object types not used
- Business Store Apps will not be delete - Not supported
- No import of assignments for default policies (Enrollment Status Page and Enrolment Restrictions)
- Lots of logging fixes for Bulk Delete - Errors if deleting default policies, trying to delete object types that were not used etc.
- Added support for Export of TermsOfUse PDF files
-
Documentation
- Logging
- Added additional response error information if it failed to call a Graph API
- Missing groups will now only generate a warning instead of Graph API error
- No error for users without a profile photo
- Added additional response error information if it failed to call a Graph API
Fixes
- Import
- Fixed a bug where it failed to import Endpoint Security policies
- Fixed an issue where it failed to import Assignment Filters. A new property was added that is not supported during the import
- Fixed a bug where it failed to import Endpoint Security policies
New features
- Added support for ADMX Files (Preview)
- First version of supporting the ADMX file import
- Support for export/import policies based on ADMX files
The import/export between environments is very tricky so please report any issues
Note: The ADMX/ADML files must be copied to the app package folder or the policy exported folder
The ADMX files imported is based on last modify date. This will make sure files are imported in the correct order eg Mozilla and Firefox ADMX files
Based on Issue 84
- First version of supporting the ADMX file import
- Added support for value output type when documenting Administrative Templates
- Select Output value in the Documentation form. Value with label will add the label when documenting sub-properties
- Select Output value in the Documentation form. Value with label will add the label when documenting sub-properties
- Translate TenantID when migrating policies between environment
- Any policy with a Tenant ID value will be translated when importing to a new environment
Based on Discussion 83
- Any policy with a Tenant ID value will be translated when importing to a new environment
Fixes
-
Authentication
- Fixed an issue when auhencating with certificates during batch jobs
Fixed by @cstaubli. Thank you!
Based on Issue 85
- Fixed an issue when auhencating with certificates during batch jobs
-
Export\Import Fixes
- Fixed an issue when importing Microsoft Apps files and the default document format was not set
Based on Issue 92
- Fixed an issue when importing Microsoft Apps files and the default document format was not set
-
Documentation
- Fixed the order of sub-properties when documenting Administrative Templates
- Fixed an issue where some xml values were not documented eg taskbar xml
- Translation files re-generated
- Fixed the order of sub-properties when documenting Administrative Templates
Fixes
- UI
- Fixed a bug where the menu bar was empty if not logged in
- Fixed a bug where the menu bar was empty if not logged in
Breaking changes
- A third header level was added when documenting to word
This level is used during bulk documentation and a group has more than one object type
Eg. The Conditional Access group documents Conditional Access, Named Locations and Terms of Use
The document will now have one section for each object type as third header level
This could break documentation if a custom word template is used, and it does not have a third level header named 'Heading 3'
Specify the name of the 'Header 3 style' value in the Word settings before documenting
New features
-
Support for tenant menu colors
- Set colors and add tenant name to the menu bar
- Configure this in Tenant Settings and use this to distinguish lab from production environments
Based on Issue 63
- Set colors and add tenant name to the menu bar
-
Support for Compliance Scripts
- Added support to Export, Import and Document Compliance Scripts profiles
- Compliance Script will now be included when documenting Compliance policy objects
Based on Issue 60
- Added support to Export, Import and Document Compliance Scripts profiles
Setting changes
- 'Allow update on import (Preview)' is removed
The 'Import type' is now always available
Note that Replace/Update are not fully verified yet
Based on Issue 68
Fixes
-
Export\Import Fixes
- Target app groups was not set properly for App Protection policies during import
Based on Issue 67 - Scope Tags were not assigned to objects during import
This happened in environment where Scope Tags already existed before import
Labels renamed to clarify that Scope Tags are assigned and not imported during import
Based on Issue 61 - Default branding file had double dots in the exported file name Issue 64
- Added API throttling during batch mode
- Target app groups was not set properly for App Protection policies during import
-
Documentation
- Some properties were not documented for Endpoint Security objects
- Authentication context name added to Conditional Access
- Translation files re-generated. This might add support for updated settings eg DFCI objects now uses separate category files
- Some properties were not documented for Endpoint Security objects
New features
Silent batch job
- Added support for silent batch documentation
Based on Issue 39
Support for Co-management Settings
- Added support for Export,Import and Document Co-management Settings profiles
Documentation
- Re-generated language files and translation files
Some changes in Android profiles, iOS VPN and Windows Wired Network - Add support for documenting the following profiles - Issue 57
- Intune Roles
- Custom Device Type Restrictions
- Intune Roles
Fixes
- UI Fixes
- View did not show properties below 10 levels
- View did not show properties below 10 levels
- Silent batch job - Issue 39
- Unchecking default values was not working
- Failed to start without configuration file
- Failed to authenticate with certificate
- Unchecking default values was not working
- Documentation Fixes
- Export\Import Fixes
- AssignmentFilters were not assigned during import (Twitter reported issue)
- Failed to assigned dependencies during import when dependency objects existed in the environment (Twitter reported issue)
- Failed to import/export lots of policies (Twitter reported issue)
429 - Too many requests. Graph API throttling kicked in. - PowerShell script exported with wrong encoding (Issue 48)
- AssignmentFilters were not assigned during import (Twitter reported issue)
New features
-
Automatic update check
The app will check GitHub at start-up if there is a new version available
This can be disabled in settings -
Use PowerShell 5
Command files will now use PowerShell 5 (-version 5 in the command line)
This is based on Issue 44 -
Documentation
- New Word settings: Table text style and table caption location
This is based on an additional request in Issue 37 - Terms of Use info when documenting Conditional Access
- Added documentation support for Terms of Use
- Added additional support for offline documentation
Note: Offline is defined as documenting an exported folder while logged in to another tenant.
If logged in to the same tenant as the exported folder, "online" documentation will be used - Changed the layout for the assignment table on Win32 Applications. There were too many columns so additional info is changed to a table in the value column
- Filter / Filter Mode column headers are now set from language files
- New Word settings: Table text style and table caption location
- Export/Import
- Users in Conditional Access are now added to the Migration Table
This is so the user IDs can be translated during Offline documentation - Referenced settings are now included in the export
This is to support referenced settings during import, copy and offline documentation (Certs on VPN profiles etc.)
These properties are named #CustomRef_PropertyName in the json file
Note: This might cause export/copy to take longer once every second week since it requires the MetaData XML for Graph to be downloaded.
This feature can be turned off by unchecking 'Resolve reference info' in Settings
- Users in Conditional Access are now added to the Migration Table
- Copy
- New dialog when copying an object. Description can now be changed during the copy
- New dialog when copying an object. Description can now be changed during the copy
- **Authentication**
- Full authentication support for US Government and China clouds
This requires that 'Show Azure AD login menu' is enabled in Settings
- Consent can be requested for missing permissions. This can be triggered via the 'Request Consent' link in the user profile info
- New version of MSAL.DLL, version 4.42.1
- Object types with only Read permissions are now supported. These will be orange in the menu
Buttons like Import and Delete will still be available but they will not work
- List objects
- IsAssigned column is added to objects that supports it (property on the Graph object)
- Enable 'Expand assignments' in Settings to include Assignments when getting a full list of objects from Graph
This can be used for adding Custom columns based on assignment info
It is also used for setting the IsAssigned column for objects that doesn't have the info in Graph
This is based on Issue 30 - Apps can be filtered in the request
If there are more than 1000 applications in the environment, the filter box can be used to return only matched items
Enter the filter in the text box and press the Refresh button. Clear the filter box and click Refresh to reload other objects
This is based on Issue 28
- IsAssigned column is added to objects that supports it (property on the Graph object)
Fixes
-
Documentation
- Fixed bug in Conditional Access documentation that caused some Grant information to be excluded from documentation
- Fixed missing properties when documenting Device restrictions (Windows 10 Team) profiles
- Fixed some Offline Documentation issues
Get dependency info from exported folders instead of Graph
Offline documentation is not 100% fully supported yet. Dependency applications for Win32 apps are not included in this version
and there might be more properties missing. Please report anything missing for offline documentation to Issue 37
Note Offline documentation will always require online access. Some information like language text, Azure roles, Mobile apps etc. will use Graph API
-
Authentication
- First login with last used account could fail if the user domain was changed after the initial token was cached
- First login with last used account could fail if the user domain was changed after the initial token was cached
New features
-
Silent batch job Export/Import can now be executed without UI
See documentation for full requirementsNote Please report any issues to Issue 39
This is based on Issue 39
-
Documentation
-
Support for documenting an environment based on exported files
Select the Source files folder in the Documentation Types (Bulk menu) dialog.
Note: Some values will NOT be included. These are referenced values and not a property on the object eg Certificate on a VPN profile, Root certificate on a SCEP profile etc. These values will be documented with ##TBD...
This is based on Issue 37
-
Support for attaching the json file for the object in the word document
-
Support for documentation output level (Word)
Documenting the full environment can create a document with 1000+ pages depending on the amount of profiles and policies. The documentation output level can now be used to reduce the document size. The output level options are:- Full - Document every single value
- Limited - Set max value and truncate size for documentation and as option, attach the original value as a text document to the value cell e.g. truncate all values over 500 characters to 10 characters and attach the full value as a text file in the document. This will reduce documentation size for profiles with large XML strings like ADMX ingestion
- Basic - Only include the Basic and Assignments tables in the documentation
-
Added support for documenting Filters
-
-
Added UI for configuring custom columns
This can now be done in the Detail View
This is based on Issue 30 -
Added support for updating Name and Descriptions of the object in Detail View
This is As-Is functionality. Not all object types have been tested.
It is recommended to use the portal for this.
This is based on a private request -
Added support for copying an app
Note This requires that the App packages folder is specified in Settings and that the file for the app is available in that folder. If the app file is missing it can be uploaded manually in the Details view
This is based on Issue 42
-
Added support for manually upload an app file via the Details view
Fixes
-
Documentation
- Updated documentation files with support for new properties and removed unused values (Windows Updates, Windows Feature Updates etc.)
- Fixed an issue where VPN profiles in some cases was missing the Base VPN settings
- Fixed an issue when using a template
A table of content will no longer be created. That should be included in the template
-
Application import
-
Minor change in the app Win32 upload functionality to align to portal APIs
-
The File Name is now updated to be based on the actual uploaded file
Important Please create an issue if there are any problems
-
-
Fixed an issue where ESP and Enrolment Restriction objects were not listed The original filters stopped working
Note The Enrolment restrictions has changed in Graph. There is now one object for each OS type. So there will be multiple restriction objects exported. platformType column was added to identify each object
This is based on Issue 41
-
Minor fixes in Import/Export extensions - Required for silent batch job support
-
Fixed an issue where PostListCommand was not triggered
- Additional Endpoint Security columns were not listed
- Azure Branding objects was missing the language column
- Fixed issue where the Document button was not enabled when **Select All** was clicked (without selecting an object first)
This is based on Issue 36
- Other minor bug fixes to support the new features
Fixes
- Fixed issue where displayName was missing in object list
Thank you Jason!
New features
-
Markdown support for documentation (Experimental) This will create a MD document in the Documents folder. Note: This is not working 100% at the moment. The script will create a MD document but it might be too large if all objects in the environment are documented.
Also note that HTML tables are used so that code can be documented as code blocks. This must be supported by the MD Viewer. The Markdown Viewer extension in Chrome was used during testing.
Please report any suggestions to the issue.
This is based on Issue 35 -
Added support for batched export This will use batch API to request full info for up to 20 objects per batch to reduce export time This can be enabled in setting
-
Added support for scrolling cached users and guest accounts in the profile info
This can be enabled in settings -
Added support for sorting cached users
This can be enabled in settings
Fixes
-
Paged return of objects
Only first page of objects will be loaded by default. Additional pages can be loaded with Load More or all available objects can be loaded with Load All.
This is based on Issue 28 -
Fixed an issue where a checkbox had to be clicked twice to be checked when the list was filtered
This is based on a known issue -
Fixed an issue where buttons were not enabled when Select All was checked
This is based on Issue 36 -
Fixed an issue when adding object ID to the file name during export The separate settings file was not exported with the ID in the name which could cause issues during import
This is a BETA release. It contains core changes for Authentication and Settings management. Please report any issues here.
New features
-
Added support for selecting GCC when using US Government Cloud
-
Tenant Specific Setting
The script now supports tenant specific settings. This can be used in scenarios like: only allow delete on you test environments, tenant specific Intune app folders etc. Login settings like Cloud and GCC is only used if logging on with a cached token. It will otherwise use the current tenant settings.
Test feedback request: If there are any users accessing multiple cloud environments like US Government with different GCC levels, please report any issues, working or not. Please report it to Issue 26
Note: Not all settings have be tested and verified and only Setting Values are supported e.g. last Bulk Compare strings are global. Cached settings might not be updated when connecting to another tenant.
-
Log View
View the log of the current session in the app
-
Added support for documenting scripts for Word This is based on Issue 34
- New Script options in the Output option tab e.g. enable/disable script documentation, remove PowerShell signature block and documentation styles
- Supports PowerShell/Shell scripts, Proactive Remediations and Win32 Apps (Requirement/Detection scripts)
- Scripts will be documented in a separate table with style HTLM Code by default. Spell check is disabled for the script text.
-
Permission detection if Use Default Permissions is enabled
Default permissions will only use the permission consented to the selected Azure App. The script will check the required permissions with the Access Token. If permissions are missing for one or more objects, they will be marked as red in the menu or they can be excluded from the menu by enable Hide No-access items in Settings
Default Settings Value Changes
- Use Default Permissions is now set to Enabled by default. With the Tenant Specific Settings feature, this can now be enabled globally or per tenant. Consultants accessing multiple environments might not have permissions to grant consent requests so this could be enabled on a global level and then disabled for tenants where the permissions can be added.
Fixes
- Fixed an issue when using Json settings where it could not add child settings
This is a BETA release. It contains core changes for Authentication and Settings management. Please report any issues here.
New features
-
Support for Settings in Json files Settings can now be stored in json files and copied between devices.
See Readme on how to use this feature This is based on Issue 33
-
Bulk Compare for exported folders
The tool can now compare two exported folders This is based on Issue 32
-
Support for Azure AD US Government cloud and Azure AD China cloud. Default is Azure AD Public cloud.
Change cloud in Settings Note: This is a major change to the authentication. This may have an impact if a custom configured Azure app is used. This is based on Issue 26. Please report any problem, progress or testing with US Government/China cloud or if there are any issues when a custom configured Azure app is used.
-
Export can now add Id to the name of the backup file
This can be used if there are multiple objects with the same name.
This can be enabled in Settings. Backup file name will be _.json.
-
Export/Import/Compare/Delete now supports name filter Objects are filtered based on escaped RegEx -nomatch expression so wildcards are not supported.
-
IntuneAssignments report will now include the id of deleted groups
Fixes
- Fixed an issue in Export. Groups were not exported if exporting multiple times and multiple folders during the same session.
- Fixed an issue in Compare where the csv file was not stored in the correct folder
- Fixed an issue in Compare where the comparing object may return System[]. This can happen if the generated files has multiple documentation items for a property. First result will be used.
New features
-
Added support for Terms of Use Export/Import. This requires that the pdf file is available during import, in either the export folder or the Intune App folder. This is added as a Known Issue in Readme.
Note: This is in preview and it requires that the Preview option in Settings is enabled and then a script restart. This will most likely generate a new consent prompt. This is based on Issue 27
-
All objects are returned
This might take long time in huge environments. Please report feedback on how this works in environments with 1000+ objects e.g. does it take too long time, memory issues etc. This is based on Issue 29
-
Added support for custom columns This must be manually added to the registry.
-
Object count will be displayed
Fixes
- Fixed minor bugs in IntuneAssignments - Support Name for objects that don't use displayName
- Regenerated documentation and language files - New properties for the iOS Device Restriction profile is now supported
New features
- Added support for setting Conditional Access policy state during import. The default setting is to import Conditional Access policies with the same sate as they were exported. This is based on feature request Issue 25 Note: Security defaults must be disabled before Conditional Access policies can be imported as Enabled.
Fixes
- Fixed bugs when using the ImportExtension command
New features
- PowerShell Scripts can now be viewed and edited in the tool
- Intune Tools
- Added Intune Assignment - Simple tool to quickly gather all assignments from exported objects
- Documentation
- Added documentation support for
- Scope (Tags) Note: This will generate one section for all Scopes in the word document
- Health Scripts (Remediation Scripts)
- Added documentation support for
Fixes
-
General
- Custom Device Configuration profiles will convert encrypted OMA URI values when the full object is loaded instead of only during Copy and Export.
- All file exports are now saved in UTF8
-
Compare
- Fixed issue where the wrong name was specified if the compare object was missing
- Administrative Templates, Settings Catalog and Endpoint Security will always compare based on documentation.
- Encrypted OMA URI values are now supported
-
Documentation
- Minor updates to support documenting all objects of a specific object type in one section instead of one section per object
- Fixed "Not Configured" value issues for empty arrays
- Fixed documentation of Microsoft 365 Apps when XML is used
- Minor updates on VPN profile documentation. EAP XML will be in XML format and removed duplicate SplitTunneling values. Note: The EAP XML will require manual update of the column sizes in Word
New features
-
Intune Tools (New View)
-
ADMX Import - Configure settings for 3rd party ADMX files with a UI similar to GPMC and create a Custom Profile based on the configured settings
-
Reg Values - Add registry values to HKLM or HKCU. This will create and ADMX based on the configured settings and create a Custom Profile in Intune
See ADMX Import for more information on how this works
Note: There is only Import functionality in this version. It does not support updating an existing Custom Profile ADMX policies.
-
Important! Consider this tool to be in preview at this moment. It has only been tested on Cloud only joined devices. It looks like there are different functionality in the Policy CSP between hybrid and cloud only joined devices. It would be great if anyone testing this on hybrid (or cloud only joined) devices could create an issue and report back the findings, even if it works as intended.
There are indications that Microsoft is implementing this into the portal UI. The groupPolicyUploadedDefinitionFile API suggests that the portal will support this in the future. It would be good if this could be integrated with the Settings Catalog.
-
-
Documentation:
- Create cover page and table of contents when no template is selected
- Select CSV delimiter when documenting to a CSV file
-
Compare:
- Select CSV delimiter for bulk compare
Fixes
-
Authentication
-
The script will start even if it failed to add type TokenCacheHelperEx.
This is based on Issue 21
Note: The token will not support caching if this fails. This could be caused by not having write access to the \CS folder or by restrictive ASR policies
-
-
Export/Import
-
Added support for exporting OMA-URI values that are stored encrypted.
Note: OMA-URI strings and XML Files are stored encrypted. These values will be decrypted and stored in clear text. Be careful if sensitive data is stored e.g. passwords.
-
Fix for updating existing Autopilot profiles during import. A new property was added that broke the functionality. This is based on the feature request in Issue 17
-
-
Documentation
- New handling of Not Configured properties. Skipping unconfigured properties will now skip all these properties during documentation
- Minor fixes to avoid duplicate documentation of properties
-
Compare
- Fixed bugs when comparing Intent objects (Endpoint Security) policies in Documentation mode.
-
Copy
- Copy Custom Profiles with encrypted values
Additional Changes:
- Documentation files has be re-generated to support new\updated properties on Property based objects.
New features
- Forget cached users - Forget a user by clicking on the bin icon in the user information. This will remove the user from the cached file. It will not remove it from the browser cache.
- Update existing profiles during import is moved to preview. Important: See the Import section in the Readme file for more information This is based on the feature request in Issue 17
Fixes
- Fixed a bug when exporting Settings Catalog. When exporting settings based on key/value pairs, some parts were not converted to json objects. Import worked but not the update. Depth parameter was increased in the ConvertTo-Json functions.
New features
- Support for documenting Notifications
- PREVIEW/EXPERIMENTAL - Support for Replace/Update existing profiles/policies during import. See the Import section in the Readme file for more information This is based on the feature request in Issue 17
Fixes
-
Fixed bug that caused an exception when listing App Protection objects and only one object existed in the environment.
See Issue 15 for more info
-
Import Priority based objects in the priority order specified in the files (Enrolment Restrictions and Autopilot profiles)
-
Set default settings for the options in the Import forms (Based on Settings)
-
Delete Autopilot profiles with assignments
-
Moved the assignments import to a separate function
Fixes
-
Fixed invalid file name characters - Issue 19
- Added -LiteralPath to Get and Set-Content
- Save CSV in document
- Import/Export Administrative Template and Role Definitions
- Saving the PowerShell script file
- Export with assignments for multiple profiles
-
Added support for [ and ] in file names
Note: This can cause duplicate files if exporting to the same location as pre 3.1.6 export and the profile name contains [ or ]
-
Changed to custom documentation for Custom OMA-URI profiles
-
Administrative Template now includes definitionValues in detailed view and export
-
Fixed exporting PowerShell script in Bulk export. Option was only available if PowerShell was active type.
-
Fixed issue with MigrationTable when exporting from two different environments without restart. The Group information was save to the same MigrationTable.
Fixes
- Fixed rushed update for Issue 18
- Fixed bug in Compare module
Fixes
-
Fixed issue importing Administrative Templates
See Issue 18 for more info
New features
- Bulk Compare
- Compare with exported files
- Compare with existing objects based on name patterns
- Bulk Copy
- Copy existing objects based on name patterns
- Support for documenting PolicySets
- Release Notes check - Check if there are any updates by comparing the local version of ReleaseNotes.md with the GitHub version
Fixes
-
Fixed bug that caused an exception when exporting objects with an assignment and the 'Export Assignment' option disabled.
See Issue 16 for more info
-
Export Assignments in Bulk Export and Object Export did not get default value from Settings
-
Fixed issue where the required permissions were not passed during authentication
New features
-
Delete and Bulk Delete - Delete selected items or delete ALL items of selected object types
Note: This must be enabled in the settings. They are not visible by default.
WARNING: Use this carefully! It will delete profiles and policies in Intune.
-
Support for new object Health Scripts
-
Object permissions is now handled by ViewObject and authentication provider. This is to support future view extensions.
Fixes
- Azure Role Read permission can be disabled in settings
- Minor UI changes e.g. List Boxes for bulk Import/Export changed to DataGrid
- Minor bulk export fixes
New features
- Download script for Custom Attribute
- Documentation
- Added support for additional objects (Enrollment restrictions)
Fixes
-
Failed to get user information during logon. Something was changed in Graph that caused calling ME with full ODATA to fail.
-
Added RoleManagement.Read.Directory as a default required permission.
NOTE: This will most likely cause a consent prompt
-
Some additional minor fixes
Breaking Changes
- Export folder for PowerShell is changed to PowerShellScripts
New features
- Documentation
-
Document Intune objects to CSV or Word
-
Object will be documented with text from Intune
-
Document in any supported language
-
See Documentation for more information
Note: This is the first version of the documentation. It does not support ALL object types and might be missing some properties
-
- Compare
- Compare objects with exported files
- Property comparison
- Documentation comparison
- Support for additional objects
- Quality Updates, Filters, Mac Scripts and Custom Attributes
- Azure AD role displayed in token info
- Fixed sending additional headers in the Graph request
Fixes
- Support for Privacy Access Controls in Windows 10 Device Restriction profiles
- Support for AppLocker files in WIP policy
- Select All checkboxes moved from below data grids to the header of the column
Breaking changes
- Dropped support for Azure Branding and MAM/MDM settings...for now
- Import might not work for items exported with previous versions. Some folders are renamed, import is depending on additional information.
New features
- Authentication managed by Microsoft Authentication Library (MSAL)
- Support for switching user
- Support for switching tenant. Multi tenant support must be enabled in Settings
- Token info, Profile picture info support etc.
- See MSAL info for more information
- Support for multiple Views - Intune Management and Intune Info for now...
- Intune Management - Export/Import/Copy objects in Intune
- Intune Info - Show information about some objects in Intune
- Improved UI experience
- Support for resizing the Window
- Support for searching for objects
- Refresh objects in the list
- Scaled popup dialogs
- API management redeveloped from scratch to simplify support for new object types in the future
- Support for new object types (Settings Catalog, Named Locations, Scope Tags, Policy Sets etc.)
- Better support for migrating objects between environments
- Group migrations e.g. support for Dynamic Groups, different group types etc.
- Support for dependency objects e.g. Policy Sets reference other objects like Compliance Settings etc. The import of an object uses exported json files to identify dependent items and map old Id to the new Id in the target environment
- Support for migrating Scope Tags (Uses the dependency functionallity so Scope Tags must be Exported/Imported)
- Better support for migrating Assignments
Dependencies
- MSAL - Microsoft.Identity.Client.dll. This is included in Az / MSAL.PS modules or it can be installed separately. This release was developed and tested with MSAL version 4.21.0.0.
Breaking changes
- Removed support for AzureRM
New features
- Support for Az module
Fixes
- Allow more than 9 Conditional Access policies. Issue #5
- Include WIP policies. Issue #7
- Import is not working. Issue #6 and #4
- Intune module can now be install with scope user. Issue #8
- Intune Management with PowerShell
- Dependencies: Intune and AzureRM PowerShell modules