Update: Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

Today I want to show you some updates, that I made to the Azure DevOps Project for Config as a Code for Intune since publishing the initial blog post: Audit changes in Intune configs using Azure DevOps – Config as Code Part 1 – Mike’s MDM Blog

You will find the Updated Version on GitHub: Scripts/ConfigAsACode/IntuneV2 at main · mmeierm/Scripts

Backend

The main changes from an infrastructure side are, that I decided to move from a self-hosted DevOps Agent to a Microsoft provided Host, you can still run the pipeline on a self-hosted Agent if you want, for my test lab it’s just easier not to run an additional server for that.


The biggest change within the code is the switch from doing the API calls ourselfs with Invoke-RestMethod to using the Invoke-MGGraphRequest that has improved error handling included and handles things like graph throttling way better.

Settings

From the settings side, the major differences are the addition of a lot of new profiles and policies that are getting monitored, like Windows Update for Business Settings for Quality (incl. expedite) and Feature Update Policies (It will also contain Policies that are created by Autopatch):

It will also cover Windows Update Driver and Firmware Settings including an export of the actual drivers that are approved or denied per policy:

Finally, we will also export Enrollment specific settings like Windows Autopilot profiles, ESP Profiles and Enrollment restrictions. Most of the newer added settings in Intune like EPM Settings or Autopilot device preparation policies were already covered by the settings catalog category.

Conclusion

The main goal of this update for me, was to make sure we cover all “business critical” settings in Intune and to have this data as a basis for my upcoming project, which will allow to “sync” these profiles between a prod and a staging tenant to limit the risk of production breaking changes. If you are missing some type of settings in the export that you want to see in one of the next updates, let me know in the comments and I will have a look if and how it is possible to also cover these.


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *