v2.5.0

What's Changed

Enriched Settings Catalog Documentation (--enrich-documentation) - thanks @snodecoder

Added a new optional flag to both backup and documentation commands that produces significantly richer output for Settings Catalog configurations. When enabled during backup, IntuneCD fetches configurationSettings and configurationCategories from Graph API and stores them alongside the backup. During documentation, these are used to render setting display names, descriptions (collapsible), info URLs, and grouped tables by category hierarchy instead of raw setting definition IDs.

Win32 and macOS PKG Script Extraction

Application backup now decodes and saves embedded scripts to disk:

• Win32 apps: detection and requirement PowerShell scripts extracted to Script Data/
• macOS PKG apps: pre- and post-install shell scripts extracted to Script Data/

Minor Fixes

• --max-workers in run_update.py now correctly typed as int, preventing runtime errors when the argument is passed from the CLI
• Key exclusion logic in remove_keys refactored to use a EXCLUDE_KEY_MAP dict; also adds releaseDateTime as an excludable key (VPPeleaseDateTime)
• escape_markdown updated to preserve URLs while escaping other markdown characters

Full Changelog: v2.4.1...v2.5.0

v2.4.2-beta.1

Changed

• Pre/Post install scripts and rule scripts for Mac and Windows apps are now decoded and saved to Script Data folder for the platform.

v2.4.1

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226
• The actual deletion of the file when moving from backup to archive will also include a config removal commit based on the audit logs.
• Added option to use a passphrase protected key. To use a passphrase, add it as an env var alongside the other required env vars for certificate authentication. #228

Fixed

• file_deleted was not assigned any value when result was true in audit data which caused changes to be included only in the overall commit.
• Ensure that the path is relative to the base repo and that it's normalized in _git_commit_changes as the add operation otherwise might fail. #230
• Fixed typo in exclude options and added settings catalog to exclude #229
• Fixed a memory leak when using --prefix: _process_single_item() returned a reference to the shared results object for non-matching items, causing exponential growth in memory usage #237
• Documentation now correctly shows the assignment intent, thanks @snodecoder #232
• Assignment report now correctly shows the assignment intent

Full Changelog: v2.4.0...v2.4.1

v2.4.1-beta.6

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226
• The actual deletion of the file when moving from backup to archive will also include a config removal commit based on the audit logs.
• Added option to use a passphrase protected key. To use a passphrase, add it as an env var alongside the other required env vars for certificate authentication. #228

Fixed

• file_deleted was not assigned any value when result was true in audit data which caused changes to be included only in the overall commit.
• Ensure that the path is relative to the base repo and that it's normalized in _git_commit_changes as the add operation otherwise might fail. #230
• Fixed typo in exclude options and added settings catalog to exclude #229
• Fixed a memory leak when using --prefix: _process_single_item() returned a reference to the shared results object for non-matching items, causing exponential growth in memory usage #237
• Documentation now correctly shows the assignment intent, thanks @snodecoder #232
• Assignment report now correctly shows the assignment intent

v2.4.1-beta.5

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226
• The actual deletion of the file when moving from backup to archive will also include a config removal commit based on the audit logs.
• Added option to use a passphrase protected key. To use a passphrase, add it as an env var alongside the other required env vars for certificate authentication. #228

Fixed

• file_deleted was not assigned any value when result was true in audit data which caused changes to be included only in the overall commit.
• Ensure that the path is relative to the base repo and that it's normalized in _git_commit_changes as the add operation otherwise might fail. #230
• Fixed typo in exclude options and added settings catalog to exclude #229

v2.4.1-beta.4

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226
• The actual deletion of the file when moving from backup to archive will also include a config removal commit based on the audit logs.
• Added option to use a passphrase protected key. To use a passphrase, add it as an env var alongside the other required env vars for certificate authentication. #228

Fixed

• file_deleted was not assigned any value when result was true in audit data which caused changes to be included only in the overall commit.

v2.4.1-beta.3

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226
• The actual deletion of the file when moving from backup to archive will also include a config removal commit based on the audit logs.
• Added option to use a passphrase protected key. To use a passphrase, add it as an env var alongside the other required env vars for certificate authentication. #228

v2.4.1-beta.2

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226
• The actual deletion of the file when moving from backup to archive will also include a config removal commit based on the audit logs.

v2.4.1-beta.1

Changed

• When moving to archive and if --append-id and --audit is set, the audit logs will now be checked for delete actions and add a commit message for the created file in the archive who removed it. The id used is the id in the filename from the backup. Anything that cannot be checked based on id will not use audit when moving to archive. #226

v2.4.0

Added

• A new argument --max-workers has been added to the backup module to configure how many workers the backup should use as a maximum, default is 10.
• A new argument --max-workers has been added to the update module to configure how many workers the update should use as a maximum, default is 10.
• A new argument --max-workers has been added to the documentation module to configure how many workers the documentation should use as a maximum, default is 10.
• A new argument --split-per-config has been added to documentation to allow for splitting the docs further by each config to their own MD doc. When set, documents each config in /docs in the config path, creates an index in the config path with the files and an additional index in the root for easy access.
• A new argument --platforms has been added to the backup module to allow for specifying which platform type that should be included in the backup. Valid options are mac, mobile and windows. It is possible to specify multiple platforms, e.g., --platforms mac mobile.
• Support running IntuneCD with subcommands (e.g. backup, update), example: IntuneCD -h, IntuneCD backup -h, IntuneCD update -h, IntuneCD document -h.
• A decorator to run functions to be able to time the commands in debug mode.

Changed

• The backup process is now threaded, allowing multiple payloads to be backed up simultaneously. 🚀
  • Initial testing shows a ~4x speed improvement, reducing backup time by 74%!
• The update process is now threaded, allowing multiple payloads to be updated simultaneously
• The filename preparation has been updated to remove " from file names and replace with _
• Documentation will now replace \\ with \\\\ to correctly display the correct amount of \ in the documentation
• Dependency versions bumped
• Commit messages for audit has been changed to use activityType to make it easier to see what action exactly has been performed. Thanks @snodecoder #224

Full Changelog: v2.3.7...v2.4.0