IntuneHydrationKit
0.2.1
Hydrates Microsoft Intune tenants with best-practice baseline configurations including policies, compliance packs, enrollment profiles, dynamic groups, security baselines, and conditional access starter packs.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2025 Jorgeasaurus. All rights reserved.
Package Details
Author(s)
- Jorgeasaurus
Tags
Intune Microsoft365 Graph Baseline Compliance Security Autopilot MDM Endpoint MEM Azure EntraID ConditionalAccess DeviceManagement
Functions
Invoke-IntuneHydration Connect-IntuneHydration Test-IntunePrerequisites New-IntuneDynamicGroup New-IntuneStaticGroup Get-OpenIntuneBaseline Import-IntuneBaseline Import-IntuneCompliancePolicy Import-IntuneAppProtectionPolicy Import-IntuneNotificationTemplate Import-IntuneEnrollmentProfile Import-IntuneDeviceFilter Import-IntuneConditionalAccessPolicy Import-IntuneMobileApp Initialize-HydrationLogging Write-HydrationLog Import-HydrationSettings New-HydrationResult Get-ResultSummary Get-GraphErrorMessage Test-HydrationKitObject Get-ObfuscatedTenantId
PSEditions
Dependencies
-
- Microsoft.Graph.Authentication (>= 2.0.0)
Release Notes
## v0.2.1 - PSGallery Publishing Support
- Module now publishable to PowerShell Gallery (Install-Module IntuneHydrationKit)
- Added Invoke-IntuneHydration as exported module function
- Backward compatible wrapper script for users who clone the repo
- InvokeBuild-based build system (build.ps1, IntuneHydrationKit.build.ps1)
- GitHub Actions CI/CD workflows for automated testing and publishing
- Added Pester tests for main orchestrator function
- Fixed PSScriptAnalyzer warnings (variable naming conflicts)
## v0.1.8 - Parameter-Based Invocation
- Added full parameter support for command-line invocation
- Settings file is now optional when using parameters
- Parameters override settings file values when both provided
- New parameters for all configuration options (tenant, auth, imports, reporting)
- Added -All switch to enable all import types
- Backwards compatible with existing settings.json workflow
- Added Windows Driver Update license pre-check (avoids 403 errors)
## v0.1.0 - Initial Release
- OpenIntuneBaseline integration (auto-downloads latest policies)
- Compliance policy templates (Windows, macOS, iOS, Android, Linux)
- App protection policies (Android/iOS MAM)
- Dynamic groups and device filters
- Enrollment profiles (Autopilot, ESP)
- Conditional Access starter pack (always created disabled)
- Safe deletion (only removes kit-created objects)
- Multi-cloud support (Global, USGov, USGovDoD, Germany, China)
- WhatIf/dry-run mode
- Detailed logging and reporting
FileList
- IntuneHydrationKit.nuspec
- Private\Remove-ReadOnlyGraphProperties.ps1
- Templates\Compliance\iOS-Compliance-Strict.json
- Templates\DynamicGroups\Autopilot-Groups.json
- IntuneHydrationKit.psd1
- Private\New-HydrationResult.ps1
- Templates\Compliance\Linux-Compliance-Basic.json
- Templates\Notifications\First-Warning.json
- IntuneHydrationKit.psm1
- Private\Get-HydrationTemplates.ps1
- Templates\Compliance\Windows-Custom-Compliance.json
- Templates\Enrollment\Windows-Autopilot-Profile.json
- Public\Write-HydrationLog.ps1
- Private\Get-ResultSummary.ps1
- Templates\Compliance\Linux-Compliance-Strict.json
- Templates\Enrollment\macOS-DEP-Enrollment-Profile.json
- Public\Test-IntunePrerequisites.ps1
- Private\Get-ObfuscatedTenantId.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Basic.json
- Templates\Enrollment\Windows-ESP-Profile.json
- Public\Get-OpenIntuneBaseline.ps1
- Private\Copy-DeepObject.ps1
- Templates\Compliance\macOS-Compliance-Strict.json
- Templates\ConditionalAccess\Block access for unknown or unsupported device platform.json
- Public\Import-IntuneAppProtectionPolicy.ps1
- Private\Test-HydrationKitObject.ps1
- Templates\Compliance\macOS-Compliance-Basic.json
- Templates\ConditionalAccess\No persistent browser session.json
- Public\Import-IntuneEnrollmentProfile.ps1
- Private\Test-WindowsDriverUpdateLicense.ps1
- Templates\MobileApps\CompanyPortalWinStoreNew.json
- Templates\ConditionalAccess\Require multifactor authentication for Azure management.json
- Public\Import-IntuneCompliancePolicy.ps1
- Private\Get-GraphErrorMessage.ps1
- Templates\MobileApps\M365AppsWin.json
- Templates\ConditionalAccess\Require multifactor authentication for admins.json
- Public\Import-IntuneDeviceFilter.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-Android.json
- Templates\MobileApps\MsEdgeMacOS.json
- Templates\ConditionalAccess\Use application enforced restrictions for O365 apps.json
- Public\Import-IntuneNotificationTemplate.ps1
- Templates\AppProtection\Android-App-Protection.json
- Templates\MobileApps\M365AppsMacOs.json
- Templates\ConditionalAccess\Require multifactor authentication for all users.json
- Public\Invoke-IntuneHydration.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-iOS.json
- Templates\MobileApps\PowershellWinStoreNew.json
- Templates\ConditionalAccess\Require multifactor authentication for Microsoft admin portals.json
- Public\Initialize-HydrationLogging.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-iOS.json
- Templates\MobileApps\VsCodeWinStoreNew.json
- Templates\ConditionalAccess\Require phishing-resistant multifactor authentication for admins.json
- Public\Import-HydrationSettings.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-Android.json
- Templates\MobileApps\AdobeAcrobatReader.json
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device for admins.json
- Public\Connect-IntuneHydration.ps1
- Templates\AppProtection\iOS-App-Protection.json
- Templates\StaticGroups\Update-Ring-Groups.json
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device or multifactor authentication for all users.json
- Public\Import-IntuneBaseline.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-Android.json
- Templates\DynamicGroups\Ownership-Groups.json
- Templates\ConditionalAccess\Require multifactor authentication for guest access.json
- Public\New-IntuneDynamicGroup.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-iOS.json
- Templates\DynamicGroups\OS-Groups.json
- Templates\ConditionalAccess\Require MDM-enrolled and compliant device to access cloud apps for all users (Preview).json
- Public\Import-IntuneMobileApp.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Strict.json
- Templates\DynamicGroups\User-Groups.json
- Templates\ConditionalAccess\Block legacy authentication.json
- Public\New-IntuneStaticGroup.ps1
- Templates\Compliance\Windows-Compliance-Policy.json
- Templates\DynamicGroups\Manufacturer-Groups.json
- Templates\ConditionalAccess\Securing security info registration.json
- Public\Import-IntuneConditionalAccessPolicy.ps1
- Templates\Compliance\iOS-Compliance-Basic.json
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 0.2.2 | 32 | 12/9/2025 |
| 0.2.1 (current version) | 22 | 12/8/2025 |
| 0.1.1 | 27 | 11/28/2025 |