-
-
Notifications
You must be signed in to change notification settings - Fork 40
Update
Tobias Almén edited this page Jun 28, 2024
·
14 revisions
List of available arguments that can be passed when running IntuneCD-startupdate.
| Argument | Description |
|---|---|
| -p, --path | The path to which the configurations are saved |
| -m, --mode | The mode in which the script is run, 0 = devtoprod (backup from dev -> update to prod) uses os.environ DEV_TENANT_NAME, DEV_CLIENT_ID, DEV_CLIENT_SECRET1 = standalone (backup from prod) uses os.environ TENANT_NAME, CLIENT_ID,CLIENT_SECRET
|
| -a, --localauth | When this paramater is set, provide a path to a local dict file containing the following keys: params:TENANT_NAME, CLIENT_ID, CLIENT_SECRET when run in standalone mode andparams:DEV_TENANT_NAME, DEV_CLIENT_ID, DEV_CLIENT_SECRET when run in devtoprod
|
| -c, --certauth | When using certificate auth, the following ENV variables is required:
|
| -i, --interactive | When using interactive auth, the following ENV variables is required:
|
| -u | When this parameter is set, assignments are updated for all configurations |
| -r, --report | When this parameter is set, no updates are pushed to Intune but the change summary is pushed to the frontend |
| -e, --exclude | List of objects to exclude from the update, separated by space. Available options are:
|
| -g, --create-groups | When this parameter is set, groups are created if they do not exist |
| --intunecdmonitor | When this parameter is set, the script is run in the IntuneCDMonitor context |
| --remove | When this parameter is set, configurations in Intune that are not in the backup are removed |
| --entraupdate | When this parameter is set, the script will also update Entra configurations |
| --scopes | The scopes to use when obtaining an access token interactively separated by space. Only used when using interactive auth. Default is:
|
| -v, --verbose | Prints verbose output |
| --token | The authentication token to use for the update if not using an app registration |
| --exit-on-error | When this parameter is set, IntuneCD will exit on error |
In the example below, since it is run from the terminal interactively, the -i argument is used for interactive authentication. The tool will get the configurations from Intune and compare them to the configurations locally. If any differences are found, they will be pushed to Intune automatically since -r is not specified.
IntuneCD-startupdate -i -p /tmp/IntuneBackupIn the example pipeline below, the update is running with the parameter -m 1 (standalone mode). If you are running this in DEV -> PROD mode, remove -m and add PROD_ in front of all env: variables except for REPO_DIR. CLIENT_SECRET should be added as a secret variable.
env:
REPO_DIR: $(REPO_DIR)
PROD_TENANT_NAME: $(TENANT_NAME)
PROD_CLIENT_ID: $(CLIENT_ID)
PROD_CLIENT_SECRET: $(CLIENT_SECRET)trigger:
- main
pool:
vmImage: ubuntu-latest
variables:
REPO_DIR: $(Build.SourcesDirectory)
TENANT_NAME: example.onmicrosoft.com
CLIENT_ID: xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx
steps:
- checkout: self
persistCredentials: true
- script: pip3 install IntuneCD
displayName: Install IntuneCD
- script: IntuneCD-startupdate -m 1
env:
REPO_DIR: $(REPO_DIR)
TENANT_NAME: $(TENANT_NAME)
CLIENT_ID: $(CLIENT_ID)
CLIENT_SECRET: $(CLIENT_SECRET)
displayName: Run update