ThomasKur/IntuneDocumentation ThomasKur/IntuneDocumentation

  • Stars
    star
    339
  • Rank 124,632 (Top 3 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ThomasKur/IntuneDocumentation
github

ThomasKur

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automatic Intune Documentation to simplify the life of admins and consultants.

Intune & Azure AD Conditional Access Documentation (Depreciated)






Please use the evolved M365Documentation script which provides more options.






Automatic Intune Documentation LogoAutomatic Intune and Conditional Access Documentation to simplify the life of admins and consultants.

This function Invoke-IntuneDocumentation will document:

  • Configuration Policies
  • Compliance Policies
  • Device Enrollment Restrictions
  • Terms and Conditions
  • Applications (Only Assigned)
  • Application Protection Policies
  • AutoPilot Configuration
  • Enrollment Page Configuration
  • Apple Push Certificate
  • Apple VPP
  • Device Categories
  • Exchange Connector
  • Application Configuration
  • PowerShell Scripts
  • ADMX backed Configuration Profiles
  • Security Baseline
  • Custom Roles

The function Invoke-ConditionalAccessDocumentation will document:

  • Azure AD Conditional Access Policies
  • Translate referenced id's to real object names (users, groups, roles and applications)

Usage Intune Documentation

Since version 2.0.0 the Automatic Intune Documentation script is available in th PowerShell Gallery and therefore its much simpler to install and use it. You can just use these two commands:

Install-Module IntuneDocumentation
Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx

Important: Before using the Script the first time, you have to ensure, that you have installed the Microsoft.Graph.Intune and PSWord Module. To do that, you have to start PowerShell as an Adminstrator and install them:

Install-Module Microsoft.Graph.Intune
Install-Module PSWord

Usage Conditional Access Documentation

You can just use these two commands:

Important: The Conditional Access Policy Documentation does not support login with interactive credentials. Therefore, it's required to create a custom app which can be done by calling 'New-IntuneDocumentationAppRegistration'. I recommend saving the result in a password vault and using always the same client secret.

# If you have already have the modulte installed then you can skip the first command. 
Install-Module IntuneDocumentation
# If App registration already exists it will only creade new CLient Secret. If you know the existing from a previous execution you can skip the next line.
$clientCreds = New-IntuneDocumentationAppRegistration -TokenLifetimeDays 5
Invoke-ConditionalAccessDocumentation -FullDocumentationPath c:\temp\CADoc.docx -ClientId $clientCreds.ClientId -Tenant $clientCreds.TenantId -ClientSecret $clientCreds.ClientSecret

Additional Options

UseTranslationBeta

When using this parameter the API names will be translated to the labels used in the Intune Portal. Note: These Translations need to be created manually, only a few are translated yet. If you are willing to support this project. You can do this by translating the json files which are mentioned to you when you generate the documentation in your tenant.

Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx -UseTranslationBeta

Use script silently

In the past I got requests that users would like to execute the Intune Documentation script silently. I have now extended the script by two new option and a new functions which can automatically create the App Registration in Azure AD for you.

Automatically Create App Registration

Your account requires Global Admin privileges to execute these commands and you need to have the AzureAD Module installed.

$p = New-IntuneDocumentationAppRegistration
$p | fl

The following result will be displayed and can then be used. Safe the ClientSecret in your password vault.

ClientID               : d5cf6364-82f7-4024-9ac1-73a9fd2a6ec3
ClientSecret           : S03AESdMlhLQIPYYw/cYtLkGkQS0H49jXh02AS6Ek0U=
ClientSecretExpiration : 21.07.2025 21:39:02
TenantId               : d873f16a-73a2-4ccf-9d36-67b8243ab99a

Manually Create App Registration

You can follow the manual of Michael Niehaus https://oofhours.com/2019/11/29/app-based-authentication-with-intune/

But select also the following permission scopes:

  • 'Policy.Read.All'
  • 'Directory.Read.All'
  • 'DeviceManagementServiceConfig.Read.All'
  • 'DeviceManagementRBAC.Read.All'
  • 'DeviceManagementManagedDevices.Read.All'
  • 'DeviceManagementConfiguration.Read.All'
  • 'DeviceManagementApps.Read.All'
  • 'Device.Read.All'
  • 'Agreement.Read.All'
  • 'Application.Read.All'

Generate Documentation without user interaction

You can now call the Intune Documentation with the new parameters:

Invoke-IntuneDocumentation `
    -FullDocumentationPath c:\temp\IntuneDoc.docx `
    -ClientId d5cf6364-82f7-4024-9ac1-73a9fd2a6ec3 `
    -ClientSecret S03AESdMlhLQIPYYw/cYtLkGkQS0H49jXh02AS6Ek0U= `
    -Tenant d873f16a-73a2-4ccf-9d36-67b8243ab99a

Issues / Feedback

For any issues or feedback related to this module, please register for GitHub, and post your inquiry to this project's issue tracker.

Thanks to

@Microsoftgraph for the PowerShell Examples: https://github.com/microsoftgraph/powershell-intune-samples

@guidooliveira for the PSWord Module, which enables the creation of the Word file. https://github.com/guidooliveira/PSWord

@MScholtes for the Transponse-Object example https://github.com/MScholtes/TechNet-Gallery

@joslieben for extending and improving the script

@dads07a for adding Application protection Policies to the documentation

@mirkocolemberg for the help and testing of the script.

Created by baseVISION

More Repositories

1

M365Documentation

Automatic Microsoft 365 Documentation to simplify the life of admins and consultants.
PowerShell
304
star
2

ModernAndSecureWorkplace

All about automating the Modern and Secure Workplace based on Windows 10, Intune, Syntaro and Azure.
PowerShell
74
star
3

ModernWorkplaceClientCenter

This repository will be the home of a PowerShell Module, which helps to simplify tasks on MDM managed Windows clients. In a second step there will be a UI, which leverages these PowerShell functions for Admins which like a UI. Feedback is welcome!
PowerShell
38
star
4

WPNinjas.Dsregcmd

This repo provides options to use dsregcmd information in managed code and powershell not by parsing the dsregcmd.exe commandline output. Therefore, direct calls to netapi32 will be used.
PowerShell
11
star
5

IntuneConnectorForADExtender

This service extends the Intune connector for Active Directory by adding the possibility to trigger additional actions on Offline Domain Join. Like adding the computer to a specific group or remove existing computer accounts and much more.
PowerShell
10
star
6

MMS2022-KioskConfig

PowerShell
4
star
7

WPNinjas.AADDeviceAuthentication

This repo contains libraries to support device based authentication in Azure AD based on the existing certificates.
C#
4
star
8

MMS2022-Automation

PowerShell
3
star
9

Sentinel-Content-Dev

Microsoft Sentinel -Content Development
2
star
10

SyntaroApplicationManagementBaseScript

This Repository will contain helpfull functions, which can be used by Syntaro Application Management. Feel free to contribute to this project.
PowerShell
1
star
11

WPNinjas_Sentinel

Content to be used with Microsoft Sentinel.
Bicep
1
star
12

baseVISION.Tool.Connectors.Zoho

This library allows connecting to the Zoho CRM API v2 and requesting the most important entities from there.
C#
1
star