IntuneHydrationKit
0.2.6
Hydrates Microsoft Intune tenants with best-practice baseline configurations including policies, compliance packs, enrollment profiles, dynamic groups, security baselines, and conditional access starter packs.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2025 Jorgeasaurus. All rights reserved.
Package Details
Author(s)
- Jorgeasaurus
Tags
Intune Microsoft365 Graph Baseline Compliance Security Autopilot MDM Endpoint MEM Azure EntraID ConditionalAccess DeviceManagement
Functions
Invoke-IntuneHydration Connect-IntuneHydration Test-IntunePrerequisites New-IntuneDynamicGroup New-IntuneStaticGroup Get-OpenIntuneBaseline Import-IntuneBaseline Import-IntuneCompliancePolicy Import-IntuneAppProtectionPolicy Import-IntuneNotificationTemplate Import-IntuneEnrollmentProfile Import-IntuneDeviceFilter Import-IntuneConditionalAccessPolicy Import-IntuneMobileApp Initialize-HydrationLogging Write-HydrationLog Import-HydrationSettings New-HydrationResult Get-ResultSummary Get-GraphErrorMessage Test-HydrationKitObject Get-ObfuscatedTenantId
PSEditions
Dependencies
-
- Microsoft.Graph.Authentication (>= 2.0.0)
Release Notes
## v0.2.6
- **Features:**
- Notion mobile app template
- VLC mobile app template
- VM-based dynamic groups (12 new groups for AVD, Windows 365, Hyper-V, VMware, VirtualBox, Parallels, QEMU/KVM)
- VM-based device filters (12 new filters matching the dynamic groups)
- Template-based device filter import (`Templates/Filters/` directory)
- Device filter templates organized by platform (Windows, macOS, iOS, Android)
- CHANGELOG.md
- **Changes:**
- Refactored Import-IntuneDeviceFilter to use JSON templates instead of hardcoded definitions
- Dynamic Groups count increased from 31 to 43
- Device Filters count increased from 12 to 24
- Changelog moved to CHANGELOG.md following Keep a Changelog format
FileList
- IntuneHydrationKit.nuspec
- Templates\ConditionalAccess\Block legacy authentication.json
- Templates\Filters\iOS-Filters.json
- Public\Invoke-IntuneHydration.ps1
- Templates\ConditionalAccess\No persistent browser session.json
- Templates\Filters\macOS-Filters.json
- IntuneHydrationKit.psd1
- Public\New-IntuneDynamicGroup.ps1
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device for admins.json
- Templates\Filters\Windows-Manufacturer-Filters.json
- IntuneHydrationKit.psm1
- Public\New-IntuneStaticGroup.ps1
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device or multifactor authentication for all users.json
- Templates\Filters\Windows-VM-Filters.json
- Private\Copy-DeepObject.ps1
- Public\Test-IntunePrerequisites.ps1
- Templates\ConditionalAccess\Require MDM-enrolled and compliant device to access cloud apps for all users (Preview).json
- Templates\MobileApps\macOS\M365Apps.json
- Private\Get-GraphErrorMessage.ps1
- Public\Write-HydrationLog.ps1
- Templates\ConditionalAccess\Require multifactor authentication for admins.json
- Templates\MobileApps\macOS\MicrosoftEdge.json
- Private\Get-HydrationTemplates.ps1
- Templates\AppProtection\Android-App-Protection.json
- Templates\ConditionalAccess\Require multifactor authentication for all users.json
- Templates\MobileApps\Windows\M365\M365Apps.json
- Private\Get-ObfuscatedTenantId.ps1
- Templates\AppProtection\iOS-App-Protection.json
- Templates\ConditionalAccess\Require multifactor authentication for Azure management.json
- Templates\MobileApps\Windows\Store\AdobeAcrobatReaderDC.json
- Private\Get-ResultSummary.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for guest access.json
- Templates\MobileApps\Windows\Store\CompanyPortal.json
- Private\New-HydrationResult.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-iOS.json
- Templates\ConditionalAccess\Require multifactor authentication for Microsoft admin portals.json
- Templates\MobileApps\Windows\Store\MicrosoftCopilot.json
- Private\Remove-ReadOnlyGraphProperties.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-Android.json
- Templates\ConditionalAccess\Require phishing-resistant multifactor authentication for admins.json
- Templates\MobileApps\Windows\Store\MicrosoftTeams.json
- Private\Test-HydrationKitObject.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-iOS.json
- Templates\ConditionalAccess\Securing security info registration.json
- Templates\MobileApps\Windows\Store\Notion.json
- Private\Test-WindowsDriverUpdateLicense.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-Android.json
- Templates\ConditionalAccess\Use application enforced restrictions for O365 apps.json
- Templates\MobileApps\Windows\Store\PowerBIDesktop.json
- Public\Connect-IntuneHydration.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-iOS.json
- Templates\DynamicGroups\Autopilot-Groups.json
- Templates\MobileApps\Windows\Store\PowerShell.json
- Public\Get-OpenIntuneBaseline.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Basic.json
- Templates\DynamicGroups\Manufacturer-Groups.json
- Templates\MobileApps\Windows\Store\Slack.json
- Public\Import-HydrationSettings.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Strict.json
- Templates\DynamicGroups\OS-Groups.json
- Templates\MobileApps\Windows\Store\Spotify-MusicandPodcasts.json
- Public\Import-IntuneAppProtectionPolicy.ps1
- Templates\Compliance\iOS-Compliance-Basic.json
- Templates\DynamicGroups\Ownership-Groups.json
- Templates\MobileApps\Windows\Store\VisualStudioCode.json
- Public\Import-IntuneBaseline.ps1
- Templates\Compliance\iOS-Compliance-Strict.json
- Templates\DynamicGroups\User-Groups.json
- Templates\MobileApps\Windows\Store\VLC.json
- Public\Import-IntuneCompliancePolicy.ps1
- Templates\Compliance\Linux-Compliance-Basic.json
- Templates\DynamicGroups\VM-Groups.json
- Templates\MobileApps\Windows\Store\WhatsApp.json
- Public\Import-IntuneConditionalAccessPolicy.ps1
- Templates\Compliance\Linux-Compliance-Strict.json
- Templates\Enrollment\Windows-Autopilot-Profile.json
- Templates\MobileApps\Windows\Store\WindowsApp.json
- Public\Import-IntuneDeviceFilter.ps1
- Templates\Compliance\macOS-Compliance-Basic.json
- Templates\Enrollment\Windows-ESP-Profile.json
- Templates\MobileApps\Windows\Store\WindowsTerminal.json
- Public\Import-IntuneEnrollmentProfile.ps1
- Templates\Compliance\macOS-Compliance-Strict.json
- Templates\Enrollment\Windows-Self-Deploy-Autopilot-Profile.json
- Templates\Notifications\First-Warning.json
- Public\Import-IntuneMobileApp.ps1
- Templates\Compliance\Windows-Compliance-Policy.json
- Templates\Filters\Android-Filters.json
- Templates\StaticGroups\Static-Groups.json
- Public\Import-IntuneNotificationTemplate.ps1
- Templates\Compliance\Windows-Custom-Compliance.json
- Public\Initialize-HydrationLogging.ps1
- Templates\ConditionalAccess\Block access for unknown or unsupported device platform.json