8000 GitHub - ugurkocde/IntuneAutomation
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

ugurkocde/IntuneAutomation

BranchesTags

Repository files navigation

Intune Automation Logo

A collection of PowerShell scripts for automating Microsoft Intune device management tasks.

Quick Start β€’ Scripts β€’ Prerequisites β€’ Contributing β€’ Website

πŸš€ Overview

This repository contains PowerShell scripts designed to help IT administrators automate common Microsoft Intune management operations. All scripts use the Microsoft Graph API and are organized by functional category for easy discovery and use.

✨ Key Features

  • πŸ“± Device Management: Automated device operations and lifecycle management
  • πŸ”’ Security & Compliance: Automated compliance reporting and security operations
  • πŸ“¦ Application Management: Streamlined app deployment and management
  • πŸ“Š Monitoring & Reporting: Comprehensive monitoring and analytics tools
  • ☁️ Azure Integration: Native support for Azure Automation runbooks
  • πŸ” Security-First: Built with enterprise security best practices

πŸš€ Quick Start

Option 1: Local Execution (Recommended for Testing)

The simplest way to use these scripts is to download and run them locally:

  1. πŸ“₯ Download the scripts you need from this repository
  2. πŸ“¦ Install required modules (the scripts will prompt you if needed)
  3. ▢️ Run the scripts directly from PowerShell with appropriate parameters
  4. πŸ“‹ Review the output and logs for results

Most scripts are designed to work immediately without additional setup beyond the required PowerShell modules.

Example:

# Download a script and run it
.\Get-DeviceComplianceReport.ps1 -TenantId "your-tenant-id"

Option 2: Azure Automation (unattended execution and scheduling)

For scheduling, unattended execution, or more complex automation, you can deploy these scripts as Azure Automation Runbooks:

Step 1: Create Managed Identity

Create a User Assigned Managed Identity in your Azure tenant through the Azure Portal.

Step 2: Grant Permissions

Use our setup script to grant necessary Microsoft Graph permissions:

# Grant default Intune permissions to your managed identity
.\grant-permissions-managed-identity.ps1 -ManagedIdentityDisplayName "YourManagedIdentityName"

# Or grant custom permissions for specific use cases
.\grant-permissions-managed-identity.ps1 -ManagedIdentityDisplayName "YourManagedIdentityName" -CustomPermissions @("User.Read.All", "Group.Read.All")

Step 3: Configure Azure Automation

  1. Assign the managed identity to your Azure Automation Account
  2. Import the scripts as runbooks
  3. Schedule execution as needed

This approach enables:

  • ⏰ Scheduled execution (daily, weekly, etc.)
  • πŸ€– Unattended operations without user interaction
  • πŸ“ˆ Centralized logging and monitoring
  • πŸ”— Integration with other Azure services

Default Permissions for Automation

The grant-permissions-managed-identity.ps1 script grants these Microsoft Graph API permissions by default:

Permission Description
DeviceManagementManagedDevices.ReadWrite.All Full device management access
DeviceManagementConfiguration.ReadWrite.All Configuration policy management
DeviceManagementApps.ReadWrite.All Application management
Device 8000 ManagementServiceConfig.ReadWrite.All Service configuration
DeviceManagementRBAC.ReadWrite.All Role-based access control
DeviceManagementManagedDevices.PrivilegedOperations.All Advanced device operations

These permissions cover most common Intune automation scenarios.

πŸ“ Scripts Overview

IntuneAutomation/
β”œβ”€β”€ πŸ”§ grant-permissions-managed-identity.ps1  # Setup script for managed identity permissions
β”œβ”€β”€ πŸ“‚ scripts/
β”‚   β”œβ”€β”€ πŸ”„ operational/       # Device operations (restart, wipe, sync)
β”‚   β”œβ”€β”€ πŸ“± apps/              # Application management and deployment
β”‚   β”œβ”€β”€ βœ… compliance/        # Compliance reporting and remediation
β”‚   β”œβ”€β”€ πŸ”’ security/          # Security operations and policies
β”‚   β”œβ”€β”€ πŸ’» devices/           # Device management and inventory
β”‚   └── πŸ“Š monitoring/        # Monitoring, reporting, and analytics
β”œβ”€β”€ πŸ“„ templates/             # Script templates for contributors
β”œβ”€β”€ πŸ“‹ LICENSE
β”œβ”€β”€ 🀝 CONTRIBUTING.md
└── πŸ“– README.md

Popular Scripts

  • Device Operations: Bulk device actions, automated device cleanup
  • Compliance Reporting: Automated compliance dashboards and alerts
  • App Management: Silent app deployment and update automation
  • Security Monitoring: Threat detection and response automation

πŸ’‘ Tip: Each script category includes detailed documentation and usage examples.

πŸ“‹ Prerequisites

If you are running the scripts locally

  • PowerShell 5.1 or later (PowerShell 7+ recommended)
  • Microsoft Graph PowerShell modules:
    • Microsoft.Graph.Authentication
  • You have to sign in with an Intune Admin account

If you are running the scripts in Azure Automation as a Runbook

  • Azure Automation Account
  • User Assigned Managed Identity with the following permissions:
    • DeviceManagementManagedDevices.ReadWrite.All
    • DeviceManagementConfiguration.ReadWrite.All
    • DeviceManagementApps.ReadWrite.All
    • DeviceManagementServiceConfig.ReadWrite.All
    • DeviceManagementRBAC.ReadWrite.All
    • DeviceManagementManagedDevices.PrivilegedOperations.All

πŸ’‘ Tip: Check grant-permissions-managed-identity.ps1 for more details and how to grant the permissions

  • Your Environment in the Azure Automation Account has to have the following modules installed:
    • Az.Accounts
    • Az.Resources
    • Microsoft.Graph.Applications
    • Microsoft.Graph.Authentication

Authentication Methods Supported

  • Interactive Authentication (default for local execution)
  • Managed Identity (recommended for Azure Automation)

🀝 Contributing

We welcome contributions from the community! Whether you're fixing bugs, improving existing scripts, or adding new automation tools, your contributions help IT professionals worldwide.

Quick Start for Contributors

  1. 🍴 Fork the repository and clone it locally
  2. πŸ“ Use our script template: Copy templates/script-template.ps1 to get started
  3. πŸ“ Follow our guidelines: Read CONTRIBUTING.md for detailed instructions
  4. πŸ§ͺ Test thoroughly: Always test your scripts in a lab environment first
  5. πŸ”„ Submit a pull request: Use our PR template for faster reviews

See our Contributing Guide for detailed instructions, coding standards, and submission guidelines.

❓ Support & FAQ

Common Issues

Q: I have an Idea for a new script but I need someone to implement it? A: Open an issue and let me know. I'll be happy to implement it.

Q: Scripts fail with authentication errors A: Ensure you have the required Microsoft Graph permissions and modules installed.

Q: Can I use these scripts with GCC High/DoD tenants? A: Yes, but you may need to modify the Graph API endpoints for government clouds.

Q: Are these scripts suitable for production use? A: Yes, but always test in a lab environment first and follow your organization's change management processes.

Getting Help

πŸ“œ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ‘¨β€πŸ’» Author

Ugur Koc - Microsoft MVP

⭐ If this project helps you, please give it a star! ⭐

About

IntuneAutomation.com

Resources

Readme

License

MIT license
Activity

Stars

46 stars

Watchers

0 watching

Forks

7 forks
Report repository

Contributors 2

Languages
0