Skip to content

v4.0: Convert to PowerShell module with new features#120

Merged
ugurkocde merged 10 commits intomainfrom
version-4.0
Apr 14, 2026
Merged

v4.0: Convert to PowerShell module with new features#120
ugurkocde merged 10 commits intomainfrom
version-4.0

Conversation

@ugurkocde
Copy link
Copy Markdown
Owner

Summary

Major release that converts the 11K-line monolith script into a proper PowerShell module and adds several new features.

Module conversion

  • 52 files: 30 Private helpers, 18 Public cmdlets, manifest, loader, html-export, settings catalog
  • 18 exported cmdlets available as standalone commands (e.g., Get-IntuneUserAssignment, Search-IntuneSetting)
  • IntuneAssignmentChecker alias launches the familiar interactive menu
  • PSGallery-ready: Install-Module IntuneAssignmentChecker (replaces Install-Script)
  • PSGallery version check replaces the old GitHub self-update mechanism

New features

  • Option 12: Simulate Group Membership Impact -- shows what policies a user would receive if added to a group
  • Option 13: Simulate Removing User from Group -- shows what policies a user would lose if removed
  • Option 14: Search Policy Assignments -- reverse lookup: search by policy name, see all assignment targets
  • Option 15: Search for Specific Settings -- search 17,785 setting definitions across Settings Catalog and Endpoint Security policies, shows configured values per policy

UI/UX improvements

  • Terminal-width-aware separators (adapts to window size, no more 120-char overflow)
  • Sequential menu numbering (1-15, T for Switch Tenant)
  • UPN format validation before network calls
  • y/n prompts accept Y/y/Yes/yes (not just lowercase y)
  • Simulation results use distinct Yellow banner to differentiate from real reports
  • Compact impact summaries with category counts
  • Meta-options 98/99 dimmed in DarkGray

Bug fixes and cleanup

  • Remove deprecated groupPolicyConfigurations (Administrative Templates)
  • Migrate deviceStatuses API endpoints
  • Fix hardcoded Graph URLs to use dynamic GraphEndpoint variable
  • Add Autopilot Deployment Profiles and ESP Profiles to simulations
  • Add ScopeTagFilter support to simulation options

Test plan

  • Import-Module ./Module/IntuneAssignmentChecker -Force loads without errors
  • Get-Command -Module IntuneAssignmentChecker shows 18 commands
  • IntuneAssignmentChecker (alias) launches interactive menu
  • Options 1-11 work as before (no regression)
  • Option 12: simulate add to group shows new policies
  • Option 13: simulate remove from group shows lost policies
  • Option 14: search policy by name shows assignment targets
  • Option 15: search setting keyword shows configured values (only configured by default, -ShowAll for all)
  • CSV export works for all new options
  • Update-IntuneSettingDefinition refreshes the JSON catalog
  • Switch Tenant (T) works in interactive mode

- Replace 6 hardcoded graph.microsoft.com URLs with $script:GraphEndpoint
  in Get-AssignmentFailures to fix USGov/USGovDoD tenant support
- Add try/catch error handling to Get-GroupMemberships matching the
  pattern from Get-TransitiveGroupMembership
- Remove ghost .PARAMETER ShowAdminTemplates from comment-based help
- Add missing v3.10.0 release notes entry

Fixes #115
…s API (#117)

- Remove Administrative Templates (groupPolicyConfigurations) from all 9
  feature areas -- migrated policies already appear under Settings Catalog
  via configurationPolicies
- Remove AdminTemplates from html-export.ps1 chart and categories
- Migrate deviceConfigurations deviceStatuses endpoint (removed May 2024)
  to POST-based getConfigurationPolicyDevicesReport reporting API
- Update totalCategories counter from 17 to 16

Fixes #117
- Add Option 12: Simulate Group Membership Impact (what-if add to group)
- Add Option 14: Simulate Removing User from Group (what-if remove)
- Add Option 15: Search Policy Assignments (reverse lookup by name)
- Add terminal-width-aware separators via Get-Separator helper
- Add UPN format validation before network calls
- Normalize y/n prompts to accept Y/y/Yes/yes
- Add Autopilot Deployment Profiles and ESP Profiles to simulation
- Add ScopeTagFilter support to simulation options
- Add dedicated -SimulateTargetGroup and -SimulateRemoveTargetGroup params
- Remove deprecated groupPolicyConfigurations policy type
- Fix hardcoded Graph URLs to use dynamic GraphEndpoint variable
- Bump version to 4.0.0
Convert the 11K-line monolith script into a proper PowerShell module
publishable to PSGallery via Install-Module.

Module structure:
- 18 exported cmdlets (Public/) for all features
- 30 private helper functions (Private/)
- Pre-cached SettingDefinitions.json (17,785 definitions)
- IntuneAssignmentChecker alias for interactive mode

New features:
- Search-IntuneSetting: search for specific settings across all
  Settings Catalog and Endpoint Security policies with configured values
- Update-IntuneSettingDefinition: refresh the settings catalog from Graph
- All options available as standalone cmdlets (e.g., Get-IntuneUserAssignment)
- PSGallery version check (replaces GitHub self-update)

Architecture:
- Module manifest (.psd1) with proper metadata and dependencies
- Module loader (.psm1) dot-sources Public/ and Private/ functions
- Module-scoped variables for shared state (GraphEndpoint, etc.)
- html-export.ps1 bundled locally (no more GitHub download)
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 30, 2026

PSScriptAnalyzer Results

Found 0 error(s) and 9 warning(s).

See the workflow run for details.

- Add publish-module.yml: uses Publish-Module instead of Publish-Script,
  validates module loads before publishing
- Update psscriptanalyzer.yml: scan Module/ directory recursively instead
  of single script file
- Old publish-script.yml kept for reference (can be removed after v4.0 ships)
- Add abbreviation map for common Intune terms (PSSO -> Platform SSO,
  WHFB -> Windows Hello for Business, LAPS, ASR, EDR, etc.)
- Add normalized matching (strips spaces/separators for fuzzy ID matching)
- Search now matches against both original keyword and expanded form
- Default to showing only configured settings (-ShowAll for everything)
- Widen policy name column to 80 chars to avoid truncation
- Fix progress line overwrite artifact on shorter policy names
Windows app types without the literal 'windows' substring in their
@odata.type (win32LobApp, winGetApp, microsoftStoreForBusinessApp,
officeSuiteApp) fell through to 'Multi-Platform' in the HTML report.
Adds explicit mappings and returns 'Web App' for webApp.

Closes #121
@ugurkocde ugurkocde mentioned this pull request Apr 14, 2026
- Move legacy IntuneAssignmentChecker.ps1 and html-export.ps1 to old/v3/
  to match existing old/v1, old/v2 pattern and prevent users from running
  the outdated monolith after switching to the module.
- Delete publish-script.yml workflow (replaced by publish-module.yml;
  the old workflow would fail on release since Publish-Script cannot
  republish a path-moved script).
- Correct release notes menu option numbers (13/14/15 were misnumbered
  as 14/15/16) and mention the app platform detection fix.
- Replace .\IntuneAssignmentChecker.ps1 CLI examples with cmdlet usage
  (Get-IntuneUserAssignment, Connect-IntuneAssignmentChecker, etc.).
- Update parameter reference table to list the 18 exported cmdlets and
  their common parameters instead of old script switches.
- Document the four new v4.0 menu options (12-15): group simulations,
  policy search, and setting search.
- Fix System Options section: [T] Switch Tenant, [0] Exit, [98]/[99].
- Update Azure Automation runbook example to use Connect-* and New-* flow.
- Add migration note for users upgrading from the v3.x Install-Script.
- Remove the legacy 'Download and run the script' manual install path;
  replace with a local clone + Import-Module example.
@ugurkocde ugurkocde merged commit b2378c5 into main Apr 14, 2026
1 check passed
@ugurkocde ugurkocde deleted the version-4.0 branch April 14, 2026 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant