Configure and manage device settings and policies
A comprehensive web tool for browsing and exploring Apple device management policies across iOS, macOS, tvOS, watchOS, and visionOS. Provides detailed documentation for MDM and DDM (Declarative Device Management) policies.
A web-based tool for creating and managing Windows AppLocker policies. Create application control rules through an intuitive interface and export them as valid AppLocker XML files for use with Windows Group Policy or Microsoft Intune.
A PowerShell-based customization tool packaged as an Intune Win32 app for configuring Windows 10/11 devices during Autopilot deployment. Customizes start menu layout, background/theme, time zone, removes built-in apps, installs OneDrive, configures language packs, and manages Windows features.
A lightweight user environment manager for Intune-managed devices. Manages drive mappings, printer mappings, registry settings, file actions, application launcher, Start Menu and desktop shortcuts, with on-demand refresh and centralized JSON-based configuration.
Feature Update Controller is a remediation package for Microsoft Intune that centralizes Windows feature upgrades with configurable setup, scripts, and custom actions. It generates and manages SetupConfig.ini, prestages Script Modules, and configures Custom Actions to tailor upgrade behavior, including post-install and rollback steps. The solution downloads and applies a manifest.json, stages scripts and actions, and supports updating or removing configurations on devices for a consistent upgrade experience.
InToolz is a management tool for Microsoft Intune designed to simplify cross-tenant migrations and bulk configuration tasks. It enables tenant-to-tenant copy of Intune content, bulk assignment deployment and removal between groups, profiles, and applications, and mass updates to description fields. Note that the project is a work in progress, with several features planned for future releases.
Intune Baselines provides curated JSON Intune profiles that implement CIS, compliance, and security baselines across Windows, macOS, iOS/iPadOS, Android, and enterprise apps. Built from best practices, Zero Trust concepts, and official CIS benchmarks, these profiles are designed for rapid import into Intune (via Micke-K's IntuneManagement tool). Regularly updated, they support scalable Modern Workplace deployments and testing in diverse environments.
Intune Registry Builder is a browser-based tool to create, validate, and export Intune-ready PowerShell scripts for Windows registry changes. It supports Proactive Remediations and Win32 apps, allows direct deployment to Intune, and processes everything locally in the browser. No data or credentials are stored or sent to any server.
A powerful, free tool for comparing Microsoft Intune policies and analyzing configuration differences. Features real-time policy access via Microsoft Graph API, JSON import for offline comparison, device comparison against security baselines, settings search, and full Settings Catalog support.
IntuneFirewallMigration is a public-preview tool that migrates Group Policy and local firewall rules into Intune as Settings Catalog policies. It supports selecting specific firewall profiles (Domain, Private, Public) and importing only inbound or outbound rules, using Microsoft.Graph.Authentication with Invoke-MgGraphRequest. The script disables telemetry, requires Graph permissions (DeviceManagementConfiguration.ReadWrite.All), and works with PowerShell 5 or 7 to modernize firewall management in Intune.
A web-based tool for building Windows kiosk deployments by generating Assigned Access XML configurations. Supports Single-App, Multi-App, and Restricted User modes with customizable Start menu, taskbar, auto-launch, idle timeout, and breakout keys. Exports for Intune OMA-URI, PowerShell, or provisioning packages.
A Microsoft Intune wrapper that enables deploying a custom wallpaper to Microsoft Teams Rooms devices via a PowerShell installer. It packages a wallpaper into an .INTUNEWIN package, supports install and uninstall commands, and uses registry-based detection to verify the deployed version. It also generates logs under the Intune Management Extension folder for troubleshooting, with a configurable company name for branding.
PowerShell ADMX Wizard creates custom ADMX/ADML templates from a CSV of registry keys, enabling Windows policies via Intune. It generates GUID-based templates, adds registry entries (STRING, DWORD, BINARY), and logs progress. After creation, upload the ADM/ADML to Intune as Imported ADMX to apply through a configuration profile.
A PowerShell utility for capturing, comparing, and exporting Windows Defender firewall rules for Microsoft Intune deployment. Captures baseline rules, compares post-install changes, and exports to JSON for Intune or CSV formats with interactive menu and CLI modes.
Windows Media Creation CLI is a PowerShell-based tool that automates building Windows installation media on a USB drive. It supports Windows 11 (22H2-25H2) and Windows 10, with customizable architecture, language, region and edition, enabling fully automated media creation. It also supports OEM driver injection via AUTOUNATTEND or DISM, single or multi-driver packs, and can generate an installwimdrivers.csv catalog to track installed drivers.
Windows Recovery Partition Editor resizes the local Windows Recovery Partition to 984MB and injects CAB files to enable optional features and language support. It deploys via a PowerShell script, placing architecture-specific CABs under tools\amd64 or tools\arm64cpu and matching language packs, with an optional backup of OEM images. Detection uses the registry key HKLM:\SOFTWARE\YourCompanyNameHere\Client-Recovery with value 1.0.0.