Skip to content

INTUNE.md

Latest commit

 

History

History
180 lines (130 loc) · 7.36 KB

INTUNE.md

File metadata and controls

180 lines (130 loc) · 7.36 KB

☁️ Enterprise & Intune Integration

SwitchCraft is completely ready for modern management with Microsoft Intune.

🚀 All-in-One Automation

Pro-Users can enable the "All-in-One" button in the Analyzer result pane to automate the entire deployment chain:

  1. Generate Script: Intelligent PowerShell template generation based on analysis.
  2. Sign Script: Authenticode signing (auto-detects certs or custom PFX).
  3. Local Test: Validates installation/uninstallation locally (requires Admin).
  4. Package: Converts the validated script into an .intunewin package using the Microsoft Content Prep Tool.
  5. Upload: Pushes the app to Microsoft Intune (Graph API) and opens the portal.

⚙️ Configuration & Settings

SwitchCraft supports extensive configuration via the GUI or Registry/GPO for enterprise environments.

Important

Intune OMA-URI Configuration: For detailed instructions on configuring Intune Custom Profiles (OMA-URI), please refer to the Intune Configuration Guide. Critical: Ensure you use the String (XML) Data Type for all ADMX-backed policies.

Intune API Access

To enable direct uploads, you must register an App in Azure AD (Entra ID) and provide the credentials in Settings:

  • Tenant ID
  • Client ID
  • Client Secret

Note

Minimum Required API Permissions: DeviceManagementApps.ReadWrite.All

For Group Manager: Additional permissions required:

  • Group.Read.All or Group.ReadWrite.All
  • User.Read.All (for user search)
  • GroupMember.ReadWrite.All (for member management)

Intune Test Groups

You can configure Test Groups in Settings. When enabled, newly uploaded apps will be automatically assigned to these groups (Intent: Available or Required).

  • Add groups by Name and Object ID (GUID).

External Tools

  • IntuneWinAppUtil Path: SwitchCraft attempts to download the Content Prep Tool automatically. You can specify a custom path in settings if you use a specific version.

Script Signing

Enforce code signing on all generated scripts for AppLocker/WDAC compliance:

  • Enable Signing: Toggles the signing step.
  • Certificate Path: Path to a .pfx file. If left empty, SwitchCraft attempts to find a valid Code Signing certificate in your User/Machine certificate store.

📦 Intune Utility

Even without the automation, you can use the Intune Utility tab to:

  • Manually create .intunewin packages from any folder.
  • Generate Install/Uninstall PowerShell scripts from templates.

🛒 Intune Store Browser

The Intune Store view (Modern UI only) allows you to:

  • Browse all your Intune applications with logo display
  • View detailed metadata (ID, Publisher, Created Date, App Type)
  • See group assignments (Required, Available, Uninstall)
  • View install/uninstall command lines (Ensure /ALLUSERS is present for machine-wide installs)
  • Launch the Packaging Wizard directly from an existing app
  • Search and filter applications

Using the Intune Store

  1. Navigate to Apps & Devices → Intune Store
  2. Search for applications or browse the list
  3. Click on any app to view details
  4. Use "Deploy / Package..." to create a new version or package

Note

Requires Microsoft Graph API credentials configured in Settings → Graph API.

👥 Entra Group Manager

The Group Manager (Modern UI only) provides comprehensive management of Microsoft Entra ID (Azure AD) groups directly from SwitchCraft.

Features

  • Browse Groups: View all Entra ID groups in your tenant with search and filter capabilities
  • Create Groups: Create new Security or Microsoft 365 groups with name and description
  • Delete Groups: Safely delete groups with confirmation dialog (requires Deletion Mode toggle)
  • Manage Members: Add and remove users from groups
  • User Search: Search for users by name or email to add to groups
  • Group Details: View group ID, type, and description

Required Permissions

The Group Manager requires additional Graph API permissions beyond the standard Intune permissions:

Permission Purpose
Group.Read.All Read group information and members
Group.ReadWrite.All Create, update, and delete groups
User.Read.All Search for users to add to groups
GroupMember.ReadWrite.All Add and remove group members

Important

These permissions must be granted by an Azure AD administrator. Standard DeviceManagementApps.ReadWrite.All is not sufficient for group management.

Using the Group Manager

  1. Navigate to Apps & Devices → Group Manager
  2. Groups are automatically loaded from your tenant
  3. Use the search field to filter groups by name or description
  4. Select a group to enable member management

Creating a Group

  1. Click "Create Group"
  2. Enter a Group Name (required)
  3. Optionally add a Description
  4. Click "Create"

The group will be created as a Security group by default.

Managing Members

  1. Select a group from the list
  2. Click "Manage Members"
  3. View current members with their email addresses
  4. Click "Add Member" to search and add users
  5. Click the remove icon (🗑️) next to a member to remove them

Deleting a Group

  1. Enable "Enable Deletion (Danger Zone)" toggle
  2. Select the group you want to delete
  3. Click "Delete Selected"
  4. Confirm the deletion in the dialog

Warning

Group deletion is permanent and cannot be undone. Use with caution.

Use Cases

  • Test Groups: Create dedicated groups for testing Intune app deployments
  • Department Groups: Organize users into groups for targeted deployments
  • Assignment Management: Quickly add or remove users from deployment groups
  • Group Cleanup: Remove unused or obsolete groups

Integration with Intune

Groups created or managed in the Group Manager can be used for:

  • Intune App Assignments: Assign apps to groups created in Group Manager
  • Test Groups: Configure in Settings → Intune → Test Groups for automatic assignment
  • Deployment Stacks: Use groups with Stack Manager for batch deployments

🧩 Stack Manager

The Stack Manager (Modern UI only) allows you to organize multiple applications into named "stacks" for batch deployment to Intune.

Features

  • Create Stacks: Group multiple apps together by name
  • Add Applications: Add apps to stacks by Winget ID or file path
  • Batch Deployment: Deploy entire stacks to Intune with one click
  • Stack Management: Edit, rename, and delete stacks
  • Visual Organization: Keep track of related applications together

Using Stack Manager

  1. Navigate to Apps & Devices → Stack Manager
  2. Enter a stack name and click "Add Stack"
  3. Select the stack and add applications:
    • Enter a Winget Package ID (e.g., Microsoft.PowerToys)
    • Or provide a file path to an installer
  4. Click "Save Stack" to persist your changes
  5. Click "Deploy Stack" to deploy all apps in the stack to Intune

Tip

Stacks are useful for deploying related applications together, such as a "Development Tools" stack or "Security Software" stack.

Stack Storage

Stacks are stored locally in data/stacks.json and persist between sessions. You can:

  • Create multiple stacks for different deployment scenarios
  • Reuse stacks for repeated deployments
  • Organize apps by department, function, or project