IntuneManagement
IntuneManagement copied to clipboard
Micke-K
Non-interactive mode (e.g. for automation / scripting)
Would it be possible to add support to run without the UI to complete certain tasks. Would be especially handy for including in automations
Awesome work on the tool BTW, has saved me countless hours, and love the recently added documentation capabilities
Hello!
Thank you for the support!
This has been requested before. I started looking into it but realised it would be a massive change. I am not sure exactly how to do it. Command line arguments would be a mess since that would end up being way too many to support all options. I might look into having a json file for each environment you want to automate. Another issue is login. For fully automation, the json file should support logging in with an app/secret instead of interactive login.
Any suggestions on how you would like it to work?
Cheers!
Yeah agree it could become difficult... Maybe start with some bigger / broader tasks only.... For example bulk export / bulk import actions.
Def. happy to have a chat and see how I could help, I haven't done a heap with Powershell GUI so be good to understand the structure of your code etc... I have written a heap of similar automations as well but like what you've done so keen to support and expand on it.
Drop me a message maybe via LinkedIn and we can chat more
I'm having an issue with the Silent Batch Job feature. Currently, I am cloning the repo on a GitHub runner (temporary VM) to execute the silent batch job.
Each time I run the job (which includes a properly formatted call to the Silent Batch Job feature which includes an appId, tenantId, and secret), I receive "Not authenticated. Batch job will be skipped".
If, on an identical machine, I run start.cmd and accept the EULA, I am then able to close the IntuneManagement window and perform the exact same call to the silent Bulk Export feature with success.
In summary, is there a way I can automate the acceptance of the EULA or have the EULA check disabled for the Silent Batch Job feature?
Hello!
Thank you for reporting this!
The acceptance of the EULA only happens when the windows is displayed, so it will not be "used" during the batch job.
I found a bug when using secret/certificate from Settings. Can you please test with the attached MSALAuthentication file and try?
Cheers!
Thank you for the response.
I tried replacing the MSALAuthentication.psm1 file without success. I'm creating a fresh [static] machine (Windows Server 2022) now so I can dig a little deeper. I wonder what caused the Silent Batch Job feature to work in my test yesterday.
Here is the statement I am using to execute the Batch Job.
Start-Process -NoNewWindow -Wait -WorkingDirectory $env:GITHUB_WORKSPACE -FilePath powershell -ArgumentList "-File "".\Start-IntuneManagement.ps1""", "-Silent", "-SilentBatchFile .\BulkExport.json", "-TenantId <myTeantId>", "-AppId <myAppId>", "-Secret $env:THIS_SECRET"
Thank you for the update!
Well, that explains why the change didn't work. There was a bug in the script that caused it to fail if the information was stored in Settings or if a certificate was used. Secret on the command line should have worked.
Do you get any errors in the log before it says It isn't authenticated? It has all required info eg TenantId, AppId and Secret because in would not try to authenticate without them. So it should try but I'm not sure what the error would be if one if them are wrong. I can do some testing on the weekend and see if what it could be + add more logging and see where it fails.
Cheers!
I am seeing the same behavior as yesterday. On a brand new server where I have copied the necessary files and set the appropriate environment variables, I cannot run the statement above without the "Not authenticated. Batch job will be skipped" error.
For the second test I run start.cmd by double-clicking and select "cancel" at the EULA, closing the window. I receive the same error when trying to execute the above statement after the window/GUI is closed.
For the third test, I run start.cmd by double-click and accept the conditions in the EULA. After the window displaying the EULA disappears, I close the main window. I run the same statement as above (for all of my test, I have ISE open so I can easily re-run the same statement) and I receive the Intune data I need.
Maybe there is some initialization step that happens after accepting the EULA.
Edit: I see you replied as I was writing this.
Here's a screenshot of a complete run-through from "test 1" which was executing the call to the Silent Batch Job feature before launching start.cmd
The logs from "test 2" look the same.
I really appreciate your time on this. I have a feeling there's something simple I missed and I'm going to be embarrassed when I find the answer.
Found it...not sure if I can call it a bug or just bad design. If failed the first time because the reg value FirstTimeRunning was not False, which is obvious since it doesn't exist at that point. It was a way to force a manual login the first time which might not be what we want during a batch job. Try this version of the file.
Sorry about that!
Cheers!
That fixed it! Thank you very much for your help!!! My GitHub Action (automation) isn't the most advanced right now, but we're now able to schedule regular exports from Intune using this feature. This is much appreciated.
Hello! This is a great project and a huge help!
First off, who ever setup my tenant many years ago put a space at the end of the tenant name. I'm not sure what could be using the name so I'd rather not change the name and break other things. So when I run an export in non-interactive mode, the export is working but it is still using tenant name in the file paths.
- I've unchecked 'Add company Name' in File > Settings
- I've unchecked 'Add company name to path' in Bulk > Export and saved that to the json file to use with the -SilentBatchFile switch
- I've verified that 'AddCompanyName' in HKCU\Software\CloudAPIPowerShellManagement is set to 'False'
Is there something else that I'm missing?
Hello @b1grif
Thank you for reporting this! Looks like there is a bug so values that are false were not used.
I'll have a look at this over the weekend.
Cheers!