{"id":50578113,"url":"https://github.com/JayRHa/IntuneScripts","last_synced_at":"2026-06-21T19:00:38.144Z","repository":{"id":43789349,"uuid":"387502988","full_name":"JayRHa/IntuneScripts","owner":"JayRHa","description":"Collection of practical PowerShell scripts for Microsoft Intune administration and device management.","archived":false,"fork":false,"pushed_at":"2026-05-15T07:15:10.000Z","size":1089,"stargazers_count":187,"open_issues_count":10,"forks_count":56,"subscribers_count":15,"default_branch":"main","last_synced_at":"2026-05-15T07:17:46.069Z","etag":null,"topics":["endpoint-management","microsoft-intune","powershell","scripts","windows"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JayRHa.png","metadata":{"files":{"readme":"README.md","changelog":"Change-DeviceCategory.ps1","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-07-19T15:00:54.000Z","updated_at":"2026-05-15T07:15:11.000Z","dependencies_parsed_at":"2024-01-06T12:36:27.221Z","dependency_job_id":"39cab6e4-a4b3-490c-9b9c-de996ecc05a0","html_url":"https://github.com/JayRHa/IntuneScripts","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JayRHa/IntuneScripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JayRHa%2FIntuneScripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JayRHa%2FIntuneScripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JayRHa%2FIntuneScripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JayRHa%2FIntuneScripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JayRHa","download_url":"https://codeload.github.com/JayRHa/IntuneScripts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JayRHa%2FIntuneScripts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34622271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-21T02:00:05.568Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["endpoint-management","microsoft-intune","powershell","scripts","windows"],"created_at":"2026-06-05T00:00:33.529Z","updated_at":"2026-06-21T19:00:38.138Z","avatar_url":"https://github.com/JayRHa.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"\u003c!-- unified-readme:start --\u003e\n\u003cdiv align=\"center\"\u003e\n\n# Intune Scripts\n\n**A curated collection of PowerShell (and Python) scripts for Microsoft Intune administration, automation, and device management.**\n\nScript. Deploy. Automate.\n\n[![GitHub stars](https://img.shields.io/github/stars/JayRHa/IntuneScripts?style=for-the-badge\u0026logo=github\u0026color=f4c542)](https://github.com/JayRHa/IntuneScripts/stargazers)\n[![GitHub forks](https://img.shields.io/github/forks/JayRHa/IntuneScripts?style=for-the-badge\u0026logo=github\u0026color=4078c0)](https://github.com/JayRHa/IntuneScripts/network/members)\n[![GitHub issues](https://img.shields.io/github/issues/JayRHa/IntuneScripts?style=for-the-badge\u0026logo=github\u0026color=d73a4a)](https://github.com/JayRHa/IntuneScripts/issues)\n[![Contributors](https://img.shields.io/github/contributors/JayRHa/IntuneScripts?style=for-the-badge\u0026logo=github\u0026color=28a745)](https://github.com/JayRHa/IntuneScripts/graphs/contributors)\n\n[![PowerShell](https://img.shields.io/badge/PowerShell-5.1+-blue?logo=powershell\u0026logoColor=white)](https://docs.microsoft.com/powershell/)\n[![Intune](https://img.shields.io/badge/Microsoft-Intune-0078D4?logo=microsoft\u0026logoColor=white)](https://endpoint.microsoft.com)\n[![Graph API](https://img.shields.io/badge/Microsoft_Graph-API-6264A7?logo=microsoftazure\u0026logoColor=white)](https://graph.microsoft.com)\n\u003cp\u003e\n  \u003ca href=\"https://jannikreinhard.com/\"\u003eBlog\u003c/a\u003e ·\n  \u003ca href=\"https://www.linkedin.com/in/jannik-r/\"\u003eLinkedIn\u003c/a\u003e ·\n  \u003ca href=\"https://x.com/jannik_reinhard\"\u003eX\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n`Endpoint Management` | `PowerShell` | `Public` | `Maintained`\n\n\u003c/div\u003e\n\n## What is this?\n\nIntune Scripts supports Microsoft Intune and endpoint management workflows such as automation, troubleshooting, remediation, deployment, or reporting.\n\n## Project Context\n\n- Use it when Intune work should be scripted, packaged, synchronized, or made easier to repeat.\n- Most workflows start from repository assets, then move through Microsoft Graph, Intune, or device-side execution.\n- This repository is maintained as a practical project and reference asset.\n\n## How It Works\n\nThe repository stores scripts or tooling, administrators configure or run them, Intune and Microsoft Graph apply the work, and endpoint results feed back into reports or follow-up actions.\n\n```mermaid\nflowchart LR\n    Repo[Repository assets] --\u003e Admin[Administrator workflow]\n    Admin --\u003e Graph[Microsoft Graph or Intune]\n    Graph --\u003e Device[Managed endpoint]\n    Device --\u003e Result[Detection, remediation, or report]\n    Result --\u003e Review[Review and iterate]\n    Review --\u003e Repo\n```\n\n---\n\u003c!-- unified-readme:end --\u003e\n\n## Overview\r\n\r\nThis repository contains **40+ ready-to-use scripts** for Intune administrators covering:\r\n\r\n- **Device Management** -- Change device categories, remove primary users, sync kiosk assignments\r\n- **Proactive Remediations** -- Disk cleanup, pending reboot detection, taskbar customization, toast notifications\r\n- **Reporting \u0026 Analytics** -- Enrollment reports, app inventory, compliance anomaly detection, Windows 11 readiness\r\n- **Autopilot** -- Prerequisite checks, ESP detection, deployment wave groups\r\n- **Automation** -- Azure Automation runbooks for group management, assignment monitoring, filter deployment\r\n- **Diagnostics** -- IME log analysis (with AI summarization), MDM diagnostic log parsing, speed tests\r\n- **UX Customization** -- Desktop shortcuts, system tray tools, context menu changes, taskbar alignment\r\n\r\n---\r\n\r\n## Repository Structure\r\n\r\n| Folder | Category | Description |\r\n|---|---|---|\r\n| `Add-CertificateToTrustedStore/` | Device Config | Deploy certificates to Trusted Publisher store via OMA-URI |\r\n| `Change-DeviceCategory/` | Device Mgmt | Assign device categories (single \u0026 bulk) |\r\n| `Change-ImeLogLevel/` | Diagnostics | Toggle IME log verbosity and restart the service |\r\n| `Change-Windows11ContextMenu/` | UX | Revert Windows 11 right-click menu to classic style |\r\n| `Check-AutopilotPrerequisites/` | Autopilot | Full network, TPM, OS, and NTP diagnostic for Autopilot |\r\n| `Collect-CustomInventory/` | Inventory | Client-side telemetry collection via Azure Function to Log Analytics |\r\n| `Copy-DeviceConfigurationProfile/` | Device Config | Duplicate an existing Intune configuration profile |\r\n| `Create-AadGroupFromEaScript/` | Automation | Dynamic AAD groups based on Endpoint Analytics script output |\r\n| `Create-AssignmentGroupsForNewApps/` | Automation | Auto-create Available/Required/Uninstall groups for new apps |\r\n| `Create-DesktopShortcut/` | UX | Deploy/detect/remove website shortcuts on public desktop |\r\n| `Create-IntuneSystemtray/` | UX | System tray icon with IT quick-actions (sync, diagnostics, etc.) |\r\n| `Create-WaveDeplyomentGroups/` | Automation | Percentage-based wave deployment group distribution |\r\n| `Deploy-DefaultFilter/` | Device Config | Create a standard set of Intune assignment filters |\r\n| `Get-AllAadGroupAssignments/` | Reporting | List all Intune assignments for a given AAD group |\r\n| `Get-AllAssignmentsError/` | Reporting | Export failed config profile \u0026 app assignments to CSV |\r\n| `Get-AllDeviceAssignments/` | Reporting | Show all assignments targeting a specific device |\r\n| `Get-CleanUpDisk/` | Remediation | Detect low disk space and run automated cleanup |\r\n| `Get-ConnectedDevices/` | Detection | Detect specific PnP device connections |\r\n| `Get-DeviceAppInventory/` | Inventory | Export detected apps per device to Log Analytics or JSON |\r\n| `Get-EspDetection/` | Autopilot | Detect whether ESP is currently active (two methods) |\r\n| `Get-GraphExportApiReport/` | Reporting | Trigger and download Intune export API reports |\r\n| `Get-IMEChange/` | Diagnostics | Monitor IME binary changes with hash baseline and toast alerts |\r\n| `Get-IntuneApplicationInstallationAnomaly/` | Analytics | Anomaly detection on app install failures via Azure AI |\r\n| `Get-IntuneBlueScreenAnomaly/` | Analytics | Anomaly detection on BSOD rates via Azure AI |\r\n| `Get-IntuneComplianceAnomaly/` | Analytics | Anomaly detection on compliance drift via Azure AI |\r\n| `Get-IntuneDataScience/` | Analytics | EDA report on managed devices using Pandas + Sweetviz |\r\n| `Get-IntuneStatus/` | Reporting | Quick tenant status overview (device counts, sync dates) |\r\n| `Get-MdmDiagnostigLogs/` | Diagnostics | Parse MDM diagnostic XML into structured PowerShell objects |\r\n| `Get-NewEnrolledDevicesReport/` | Reporting | Email report of devices enrolled in the past 7 days |\r\n| `Get-PendingReboot/` | Remediation | Detect pending reboots and show toast notification |\r\n| `Get-Top5FailedAppInstallations/` | Reporting | Teams webhook alert for top 5 failing app installs |\r\n| `Get-UnassignedAppsAndConfigurations/` | Reporting | Find apps/configs with no assignments |\r\n| `Get-Windows11Report/` | Reporting | HTML report with Chart.js pie chart of Win11 adoption |\r\n| `Hide-TaskViewWidgetsAndSearch/` | Remediation | Hide Task View, Widgets, and Search from taskbar |\r\n| `Ime-LogSummarizer/` | Diagnostics | AI-powered IME log analysis (local \u0026 remote, Python) |\r\n| `Make-Speedtest/` | Diagnostics | Download speed test with Log Analytics upload |\r\n| [`ManagementImprovements/`](ManagementImprovements/README.md) | Tenant Mgmt | 10 housekeeping scripts: stale/duplicate devices, config backup, empty groups, unused filters, BitLocker escrow, app success rate, unassigned scripts, tenant health, policy conflicts |\r\n| `Move-Windows11Taskbar/` | Remediation | Set Windows 11 taskbar alignment to left |\r\n| `Remove-ApplicabilityRule/` | Device Config | Strip OS applicability rules from all config profiles |\r\n| `Remove-PrimaryUserFromIntuneDevices/` | Device Mgmt | Remove primary user from managed devices |\r\n| `Sync-KioskAssignmentWithAadGroup/` | Automation | Sync AAD group members into Kiosk profile user lists |\r\n| `Sync-SecWithDistributionGroup/` | Automation | Mirror security group members to Exchange distribution groups |\r\n| `Translate-DeivceAndUserGroups/` | Automation | Migrate user/device membership between AAD groups |\r\n| `Write-ToastSurveyLogAnalytics/` | Remediation | Toast survey with response logging to Log Analytics |\r\n\r\n---\r\n\r\n## Prerequisites\r\n\r\n- **PowerShell 5.1+** (Windows PowerShell) or **PowerShell 7+**\r\n- **Microsoft Graph PowerShell SDK** (`Install-Module Microsoft.Graph`)\r\n- **Azure AD / Entra ID permissions** appropriate to each script (see individual script headers)\r\n- For Python scripts: **Python 3.9+** with `msal`, `requests`, `pandas`, `sweetviz`, `openai`\r\n\r\n## Quick Start\r\n\r\n```powershell\r\n# Clone the repository\r\ngit clone https://github.com/JayRHa/IntuneScripts.git\r\ncd IntuneScripts\r\n\r\n# Example: Check Autopilot prerequisites on a device\r\n.\\Check-AutopilotPrerequisites\\Check-AutopilotPrerequisites.ps1\r\n\r\n# Example: Get all assignments for a specific AAD group\r\n.\\Get-AllAadGroupAssignments\\Get-AllAadGroupAssignments.ps1\r\n\r\n# Example: Deploy default Intune filters\r\n.\\Deploy-DefaultFilter\\Deploy-DefaultFilter.ps1\r\n```\r\n\r\n## Authentication\r\n\r\nScripts use different authentication methods depending on their execution context:\r\n\r\n| Method | Use Case | Scripts |\r\n|---|---|---|\r\n| `Connect-MgGraph` (interactive) | Admin-run scripts | Deploy-DefaultFilter, Get-AllAadGroupAssignments, etc. |\r\n| Client Credentials (App Registration) | Azure Automation runbooks | Create-AadGroupFromEaScript, Get-AllAssignmentsError, etc. |\r\n| Managed Identity | Azure Functions / Automation | Collect-CustomInventory, Get-Windows11Report, etc. |\r\n| MSAL Device Code (Python) | Data science notebooks | Get-IntuneDataScience |\r\n\r\n## Script Categories\r\n\r\n### Proactive Remediations (Detection + Remediation pairs)\r\n\r\nUpload the Detection and Remediation scripts as a pair in the Intune portal:\r\n\r\n| Script Pair | Purpose |\r\n|---|---|\r\n| `Get-CleanUpDisk/` | Detect low disk space, run Windows Disk Cleanup |\r\n| `Get-PendingReboot/` | Detect pending reboot, show toast notification |\r\n| `Hide-TaskViewWidgetsAndSearch/` | Detect visible taskbar elements, hide them |\r\n| `Move-Windows11Taskbar/` | Detect centered taskbar, move to left |\r\n| `Collect-CustomInventory/` | Collect device telemetry, POST to Azure Function |\r\n\r\n### Azure Automation Runbooks\r\n\r\nThese scripts are designed to run on a schedule in Azure Automation:\r\n\r\n| Script | Purpose |\r\n|---|---|\r\n| `Create-AadGroupFromEaScript/` | Dynamic groups from Endpoint Analytics data |\r\n| `Create-AssignmentGroupsForNewApps/` | Auto-create assignment groups for new apps |\r\n| `Sync-KioskAssignmentWithAadGroup/` | Sync kiosk profile users from AAD group |\r\n| `Get-NewEnrolledDevicesReport/` | Weekly enrollment email report |\r\n| `Get-AllAssignmentsError/*AppRegistration.ps1` | Email CSV of failed assignments |\r\n\r\n## Exit Codes\r\n\r\nAll detection and remediation scripts follow this convention:\r\n\r\n| Code | Meaning |\r\n|---|---|\r\n| `0` | Success / Compliant (no remediation needed) |\r\n| `1` | Runtime error / Non-compliant (remediation needed) |\r\n\r\n## Contributing\r\n\r\n1. Fork the repository\r\n2. Create a feature branch\r\n3. Follow existing naming conventions (`Verb-Noun/Verb-Noun.ps1`)\r\n4. Include a comment-based help header with `.SYNOPSIS`, `.DESCRIPTION`, and `.NOTES`\r\n5. Add proper error handling (`try/catch`) and exit codes\r\n6. Submit a Pull Request\r\n\r\n## Author\r\n\r\n**Jannik Reinhard** -- [Blog](https://jannikreinhard.com) | [X](https://x.com/jannik_reinhard) | [GitHub](https://github.com/JayRHa)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJayRHa%2FIntuneScripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJayRHa%2FIntuneScripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJayRHa%2FIntuneScripts/lists"}