Christmas is coming soon! And to go with it, I wrote the PowerShell module "IntuneStarterKit", which I gave Santa for the "Festive Tech Calendar 2022". With the module, you can very quickly put together a basic configuration with autopilot, a few apps, and Windows and security configuration. In this way, you can start managing Windows devices with Intune without much effort and clicks, or you have automated the deployment .
Table of Contents
- quick overview
- Install module
- Create an Intune environment with the Intune StarterKit
- Use own configuration
- Use custom apps
- Create your own deployment
- Credits #Community Rocks
The main function of the module is called "
Add ISK" and calls all other functions to provide you with:
- Dynamic group containing all Autopilot registered devices
- Default group for apps and configurations
- The dynamic autopilot group is a member of this
- Autopilot profile named "Default ISK Profile"
- Enrollment Status Page (ESP) named "Autopilot ESP"
- Basic Intune configuration from my GitHub
- Basic applications from my GitHub
- IntuneStarterKit/Samples/Apps at main FlorianSLZ/IntuneStarterKit (github.com)
- One installation group per app, of which the default group is a member
To start, you must first install the module on your system, you can either do this system-wide or just in your user context.
# Installation on local machine (as Admin) Install-Module -Name IntuneStarterKit # Installation in user context (no Admin needed) Install-Module -Scope CurrentUser -Name IntuneStarterKitCode language: PowerShell (powershell)
If you have problems with the installation, authentication or module conflicts, I recommend that you test the module in a Windows Sandbox. Then you are sure that no old module version or anything else is interfering on your PC.
Create an Intune environment with the Intune StarterKit
You can easily deploy the entire environment after installing the module. Basically even just with the command "
Add ISK". But there are a few more parameters you can add. Like the
-Language Parameter, otherwise the language will be "de-CH".
Below are some examples.
And with that, you've automated the Intune deployment. (At least with my template)
Here is the whole process in a GIF:
And here are the promised examples of custom groups and languages, but there's more to come. You can also import configurations and apps as you wish.
# Deploy with an English Autopilot profile (en-us) Add-ISK -Language "en-us" # Deploy with different default groups Add-ISK -APGroupName "WIN-Devices_Autopilot" -StdGroupName "WIN-StandardConfiguration" # Deploy without a group per app installation Add-ISK -AppGroup:$falseCode language: PowerShell (powershell)
Use own configuration
To use your own configuration template, you can compile the configuration in Intune the way you like it and use the module "IntuneBackupAndRestore" export.
For the export you only have to issue the backup command with the path specification:
Start-IntuneBackup -Path "C:\temp\IntuneBackup"
You then have your own configuration files together and can import them.
(The variable $GroupID is the ID of the group to which the configurations are assigned. )
Add-ISKConfiguration -AssignTo $GroupID -Path "C:\temp\IntuneBackup"
You can also store the configuration in a GitHub repository (currently only public) and then enter the URL for the path:
Add-ISKConfiguration -AssignTo $GroupID -Path "https://github.com/FlorianSLZ/.../Configuration"
Use custom apps
As with the configuration, you can also specify your own for the apps. To do this, you set up a repository in the correct format. You pack each Win32 app in its own folder with the app name, in which the install win is also located with the app name. In addition, you create a validation script with the name "check.ps1".
If you have never created a Win32 app, you can find some help and templates on my blog in the "Win32" category: Win32 | scloud
The programs/folders must be structured like this:
|AppName.intunewin||Intunewinfile of the app|
And the repository visualized looks like this:
The command to import and assign these apps is:
# Add and assign App to Group with ID Add-ISKApps -AssignTo $GroupID -Path "C:\temp\Repository" # Add and assign App to individual grou per App and add Group with ID as member Add-ISKApps -AssignTo $GroupID -AppGroup -Path "C:\temp\Repository" # only add apps (without assigning) Add-ISKApps -Path "C:\temp\Repository"Code language: PowerShell (powershell)
Create your own deployment
If you have your own apps and configurations together, you have everything you need to write your own deployment script.
Here are two examples of what this could look like:
# Option 1: Custom Language, Apps, Config and Group names Add-ISK ` -APGroupName "My-AP-Group" ` -StdGroupName "My-Default-Group" ` -Language "de-CH" ` -AppGroupPrefix "My-App-" ` -AppRepoPath "C:\ISK\Apps" ` -ConfigRepoPath "C:\ISK\Configuration" # Option 2: Only Autopilot Profile, Apps and Configuration with custom dynamic "marketing" Group ## create dynamic group based on group tag "Marketing" $APGroupTag = New-MgGroup -DisplayName "DEV-WIN-Marketing" ` -Description "Autopilot group tag: Marketing" ` -MailEnabled:$false ` -SecurityEnabled:$true ` -MailNickname "DEV-WIN-Marketing" ` -GroupTypes "DynamicMembership" ` -MembershipRule '(device.devicePhysicalIds -any (_ -eq "[OrderID]:Marketing"))' ` -MembershipRuleProcessingState "On" ## create Autopilot profile for Marketing Add-ISKAPProfile -Name "Marketing" -AssignTo $APGroupTag.id -Language "en-UK" ## Import configuration and assign to Marketing group Add-ISKConfiguration -Path "C:\ISK\Configuration" -AssignTo $APGroupTag.id ## Import Apps for marketing and assign them Add-ISKApps -Path "C:\ISK\Apps" -AssignTo $APGroupTag.idCode language: PowerShell (powershell)
Credits #Community Rocks
Of course, I didn't build all the features from scratch. Many parts have already been developed by other community members or are used in a similar way.
The following sources have been of great help to me:
- microsoftgraph/powershell-intune-samples: This repository of PowerShell sample scripts show how to access Intune service resources. They demonstrate this by making HTTPS RESTful API requests to the Microsoft Graph API from PowerShell. (github.com)
- MSEndpointMgr/IntuneWin32App: Provides a set of functions to manage all aspects of Win32 apps in Microsoft Endpoint Manager (Intune). (github.com)
- jseerden/IntuneBackupAndRestore: PowerShell Module that queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration. (github.com)