v2.3.2-beta.1

Fixes

• Audit was processed for Applications and Settings Catalog payloads as data is being pre-fetched in these modules. An additional check has been added to ensure audit is configured using arguments before getting data.
• Managed Google Play last sync time was being included even when excluded with -e GPlaySyncTime because the incorrect key was being removed.

v2.3.1

Fixes

• Audit data was not included for Applications and Management Intents as the path was incorrect when running git add during audit data processing. #192

Improvements

• Improvements to verbose output when git commit fails during audit processing.

Full Changelog: v2.3.0...v2.3.1

v2.3.1-beta.1

Fixes

• Audit data was not included for Applications and Management Intents as the path was incorrect when running git add.

Improvements

• Improvements to verbose output when git commit fails during audit processing.

v2.3.0

New Features

• Added a new argument --token which lets you pass an authentication token during run time. This allows for use of other authentications methods such as Workload Identity federation in Azure DevOps pipelines.

Improvements

• To ensure seamless updates and creation of configurations, dependent elements such as scope tags, filters, and notification templates are now created beforehand.
• Compliance policy creation and updates now include a verification step to ensure the existence of notification templates by matching their names.
• Backup of a compliance policy now includes the name of the notification template used, enhancing the processing in update scenarios.
• Message template isDefault value is now updated if they do not match.
• Logging output has been updated to be consistent between update and backup runs as well as to provide more useful information.
• Assignments is no longer updated on configurations being created if the --update-assignment argument is not used.
• The accuracy of the diff output has been improved to ensure all changes are correctly reflected in the diff summary.
• When using --split during documentation, index.md no longer includes known files such as README, index and prod-as-built. Additionally, the index file now sorts the list alphabetically.

Other Updates

Codebase Refactoring

In this release, IntuneCD has undergone a significant refactoring of the codebase to adopt a class inheritance structure. This architectural change was implemented to enhance the maintainability, scalability, and extensibility.

Why the Refactoring Was Necessary:

Previously, the codebase utilized a more procedural approach, which led to code duplication, difficulty in making changes, and a lack of consistency across modules. As the complexity of IntuneCD grew, it became clear that a more structured and modular approach was needed to facilitate ongoing development and maintenance.

Benefits of the Refactoring:

• Improved Code Organization: Organizing functionality into classes and leveraging inheritance enhances codebase logic and readability.
• Enhanced Readability and Understandability: Code reuse and encapsulation promote concise and readable code.
• Scalability and Extensibility: IntuneCD is better prepared for future feature additions and changes.

Impact on Users:

No significant impact is expected on current setups, except for additional commits during backup.

Next Steps:

Impact of these refactoring changes will be monitored and feedback gathered from users to further refine and optimize IntuneCD.

Full Changelog: v2.2.0...v2.3.0

v2.3.0-rc.2

New Features

• Added a new argument --token which lets you pass an authentication token during run time.

Improvements

• To ensure seamless updates and creation of configurations, dependent elements such as scope tags, filters, and notification templates are now created beforehand.
• Compliance policy creation and updates now include a verification step to ensure the existence of notification templates by matching their names.
• Backup of a compliance policy now includes the name of the notification template used, enhancing the processing in update scenarios.
• Message template isDefault value is now updated if they do not match.

Other Updates

• The codebase has undergone a significant refactoring to adopt a class inheritance structure. Backup and update modules now share a base class, leading to more maintainable code and a standardized template for future configuration additions.
• The accuracy of the diff output has been improved to ensure all changes are correctly reflected in the diff summary.

v2.2.0

New Features

• A new argument for retrieving audit data and creating commits based on the user UPN and action has been added. By just including --audit when running a backup, IntuneCD will check the Intune audit log for who made the change, set the UPN as the git user and commit the change in that users name. Additionally, if you want to get audit data further back than the default 24h, an env key can be set to the number of days you'd like to grab, AUDIT_DAYS_BACK.
  Payloads that supports audit checks are:

  • Apple Push Notification
  • App Configuration
  • Apple Enrolment Profiles
  • Autopilot profiles
  • Applications
  • App Protection
  • Filters
  • Compliance policies
  • Settings Catalog
  • Custom Attributes
  • Device Categories
  • Device Management Settings
  • Enrolment Configurations
  • Custom ADMX template profiles
  • Managed Google Play
  • Management Intents
  • Partner Device Management
  • Configuration Profiles
  • Notification templates
  • Powershell Scripts
  • Proactive Remediation
  • Remote Assistance Partner
  • Roles
  • Scope Tags
  • Shell Scripts
  • VPP tokens
  • Windows Driver Updates
  • Windows Feature Updates
  • Windows Quality Updates

• Example commit message:

• Scope Tags is now backed up with the name instead of ID and compared using the name when updating minimising the risk of conflicts between tenants.

• Backup, update and remove custom compliance scripts for Linux and Windows

• Backup, update and remove compliance polices for Linux

Fixes

• Updates of Conditional Access and Roles failed in some cases due to keys that should be removed before performing an update.
• Creating Scope Tags failed due to incorrect response code configured.

Other updates

• Updated unit tests for better coverage.

Notes

Be aware that this update will cause commits in your repo as the scope tags on payloads will change from the ID to the name instead.

If you are planning to use --audit and do not want that the last user from the audit log is committing changed to documentation and other files not included in the audit run, make sure to configure your git user and email after IntuneCD has run the backup. Also remove --global from the git config to make sure it's set locally for the repo.

Full Changelog: v2.1.2...v2.2.0

v2.2.0 Beta

Beta 1

New features

• A new argument for retrieving audit data and creating commits based on the user UPN and action has been added. By just including --audit, IntuneCD will check the Intune audit log for who made the change, set the UPN as the git user and commit the change in that users name. Payloads that supports audit checks are:
  • Apple Push Notification
  • App Configuration
  • Apple Enrolment Profiles
  • Autopilot profiles
  • Applications
  • App Protection
  • Filters
  • Compliance policies
  • Settings Catalog
  • Custom Attributes
  • Device Categories
  • Device Management Settings
  • Enrolment Configurations
  • Custom ADMX template profiles
  • Managed Google Play
  • Management Intents
  • Partner Device Management
  • Configuration Profiles
  • Notification templates
  • Powershell Scripts
  • Proactive Remediation
  • Remote Assistance Partner
  • Roles
  • Scope Tags
  • Shell Scripts
  • VPP tokens
  • Windows Driver Updates
  • Windows Feature Updates
  • Windows Quality Updates

Example of a commit message made by IntuneCD in the users name: Updated by [email protected] on 2024-02-24T14:22:15.197621Z, change type: Patch, result: Success

Beta 2

Fixes

• Configure git user email and set scope to repository

Beta 3

New Features

• Scope Tags is now backed up with the name instead of ID and compared using the name when updating minimising the risk of conflicts between tenants.

Other updates

• Audit data is now fetched in bulk for each payload type instead of per config improving run speed.

Beta 4

New Features

• Configure how long back to check for audit data by configuring the ENV variable AUDIT_DAYS_BACK to an int the number of days you'd like to get. Default is 24h.

Fixes

• Scope tags are now backed up for Applications and Filters.

Other updates

• Commit messages for --audit has been cleaned up a bit and includes line breaks.

Beta 5

Fixes

• Scope tags were not processed when creating a policy.
• Scope tag for notification template was incorrectly set to None.

Beta 6

Fixes

• Include scope tags on ESP updates.
• Remove additional keys before updating Conditional Access and Roles which otherwise caused the update to fail.

Other updates

• Audit Resource Type is now included in the commit message.

Beta 7

New Features

• Backup, update and remove custom compliance scripts
• Backup, update and remove Linux compliance policies and custom compliance scripts

v2.1.2

New Features

• Added an option to override scopes when running authentication in interactive mode. Instead of using all required scopes for IntuneCD to target all payloads, you can now specify which scopes you want to have. When doing so, payloads not in a scope added must be excluded with -e. To override default scopes, use the new --scopes argument, for example --scopes DeviceManagementApps.ReadWrite.All DeviceManagementConfiguration.ReadWrite.All.
• Exclusion of Compliance Partner heartbeat: -e CompliancePartnerHeartbeat.
• New argument for IntuneCD-startbackup and IntuneCD-startupdate, added -v to allow for verbose logging. For now, only the retry_failed_requests function is using it.

Fixes

• Non encrypted OMAs on custom Windows profiles were not included in the backup when running without --ignore-omasettings.
• Setup Assistant screens were not updated when running an update.

Other updates

• Additional tweaks to batch request retries, max retry count is increased to 10 and an exponential backoff has been implemented. If Retry-After is included in the headers, the wait time will be multiplied on each iteration until the max_wait_time is reached which is 60 seconds. if a Retry-After is not included in the headers a 20 second wait is used by default to lower the risk of being throttled again.

Full Changelog: v2.1.1...v2.1.2

v2.1.2-beta.3

New features

• Exclusion of Compliance Partner heartbeat: -e CompliancePartnerHeartbeat.

Other updates

• Additional tweaks to batch request retries, max retry count is increased to 10 and an exponential backoff has been implemented. If Retry-After is included in the headers, the wait time will be multiplied on each iteration until the max_wait_time is reached which is 60 seconds.

v2.1.2-beta.2

New features

• New argument for IntuneCD-startbackup and IntuneCD-startupdate, added -v to allow for verbose logging. For now, only the batch_request function is using it.

Fixes

• Non encrypted OMAs on custom Windows profiles were not included in the backup when running without --ignore-omasettings.
• Additional retries has been added to the batching (5 maximum), additionally, if a Retry-After is not included in the headers a 20 second wait is used bu default to lower the risk of being throttled again.