ConfigurationTools
Configure and manage device settings and policies
Apple Device Policy Explorer
A comprehensive web tool for browsing and exploring Apple device management policies across iOS, macOS, tvOS, watchOS, and visionOS. Provides detailed documentation for MDM and DDM (Declarative Device Management) policies.
AppLocker Policy Creator
A web-based tool for creating and managing Windows AppLocker policies. Create application control rules through an intuitive interface and export them as valid AppLocker XML files for use with Windows Group Policy or Microsoft Intune.
Autopilot Branding
A PowerShell-based customization tool packaged as an Intune Win32 app for configuring Windows 10/11 devices during Autopilot deployment. Customizes start menu layout, background/theme, time zone, removes built-in apps, installs OneDrive, configures language packs, and manages Windows features.
BrowserConfigEditor
BrowserConfigEditor is a macOS GUI tool that creates and edits browser policy configurations for enterprise deployments. It supports multiple browsers (Chrome, Edge, Safari, Firefox, Brave, and other Chromium-based browsers) and exports policies in plist, JSON, Intune XML, or shell scripts for deployment. It includes features like visual policy configuration, import/export, search/filter, built-in documentation, and deployment-ready outputs for MDM and Intune.
Cloud Policy Preferences
Cloud Policy Preferences is a cloud-native Intune policy platform that restores Group Policy-like control: deploy registry, files, drives, printers, and more, with real-time monitoring and granular targeting. It offers RBAC, What-If analysis, auditing and reporting, automated validation, and Teams notifications, all secured by per-tenant TDEK, end-to-end encryption, and Entra ID authentication.
Deploy Windows 365
Professional-grade PowerShell script that automates deploying Windows 365 Cloud PC environments in Azure and Microsoft Entra ID. It creates or reuses security groups, applies user/admin settings policies, and provisions Cloud PCs regionally with intelligent Enterprise assignment preservation. It uses a lightweight Microsoft Graph authentication module and includes robust error handling, scalable naming conventions, and license-driven provisioning.
Edge Favorites Builder
Edge Favorites Builder is a web-based tool that creates and manages Microsoft Edge bookmarks configurations for enterprise deployment. It offers a visual drag-and-drop interface, supports nested folders, and provides real-time previews. It exports to Windows Intune JSON and macOS mobileconfig for deployment via Intune or other MDMs; it runs offline with zero dependencies and requires no backend, and it can import existing configurations for quick updates.
Envoy
A lightweight user environment manager for Intune-managed devices. Manages drive mappings, printer mappings, registry settings, file actions, application launcher, Start Menu and desktop shortcuts, with on-demand refresh and centralized JSON-based configuration.
Feature Update Controller
Feature Update Controller is a remediation package for Microsoft Intune that centralizes Windows feature upgrades with configurable setup, scripts, and custom actions. It generates and manages SetupConfig.ini, prestages Script Modules, and configures Custom Actions to tailor upgrade behavior, including post-install and rollback steps. The solution downloads and applies a manifest.json, stages scripts and actions, and supports updating or removing configurations on devices for a consistent upgrade experience.
FixMyADMX
FixMyADMX is a script-based tool that automatically repairs ADMX/ADML templates for Intune administrative templates. It replaces unsupported controls (comboBox) with textBox, injects explainText attributes for policies, and attempts to remove or report on Windows.admx references to improve import reliability. It builds on the approach used in Citrix ADMX cleanup and aims to streamline ADMX ingestion for Intune deployments.
InToolz
InToolz is a management tool for Microsoft Intune designed to simplify cross-tenant migrations and bulk configuration tasks. It enables tenant-to-tenant copy of Intune content, bulk assignment deployment and removal between groups, profiles, and applications, and mass updates to description fields. Note that the project is a work in progress, with several features planned for future releases.
Intune Baselines
Intune Baselines provides curated JSON Intune profiles that implement CIS, compliance, and security baselines across Windows, macOS, iOS/iPadOS, Android, and enterprise apps. Built from best practices, Zero Trust concepts, and official CIS benchmarks, these profiles are designed for rapid import into Intune (via Micke-K's IntuneManagement tool). Regularly updated, they support scalable Modern Workplace deployments and testing in diverse environments.
Intune Configuration Profile Builder
An AI-powered tool for IT administrators that generates exact Microsoft Intune configuration profiles from plain English descriptions.
Intune PPPC Utility
Intune PPPC Utility is a native macOS app for creating and editing PPPC profiles to deploy via Microsoft Intune as Settings Catalog configurations. It enforces a single permission model per entry (Allowed or Authorization), supports per-app entries and Apple Events, and can read code requirements via codesign. It can import mobileconfig payloads and live TCC data, and outputs JSON compatible with the Microsoft Graph API deviceManagement/configurationPolicies.
Intune Profile Converter
Intune Profile Converter is a native macOS app that transforms Apple .mobileconfig profiles into Microsoft Intune-compatible formats. It supports Settings Catalog JSON and Preference File XML, automatically strips CMS/PKCS#7 signatures, and can batch process multiple profiles. It also handles MCX managed preferences, provides a session log with per-file results, and includes a built-in Settings Catalog reference browser with auto-updates via Sparkle.
Intune Registry Builder
Intune Registry Builder is a browser-based tool to create, validate, and export Intune-ready PowerShell scripts for Windows registry changes. It supports Proactive Remediations and Win32 apps, allows direct deployment to Intune, and processes everything locally in the browser. No data or credentials are stored or sent to any server.
Intune Settings Catalog Viewer
This is a faster way to see what's in the Intune settings catalog, with an additional page to track changes made by Microsoft.
IntuneDiff
A powerful, free tool for comparing Microsoft Intune policies and analyzing configuration differences. Features real-time policy access via Microsoft Graph API, JSON import for offline comparison, device comparison against security baselines, settings search, and full Settings Catalog support.
IntuneFirewallMigration
IntuneFirewallMigration is a public-preview tool that migrates Group Policy and local firewall rules into Intune as Settings Catalog policies. It supports selecting specific firewall profiles (Domain, Private, Public) and importing only inbound or outbound rules, using Microsoft.Graph.Authentication with Invoke-MgGraphRequest. The script disables telemetry, requires Graph permissions (DeviceManagementConfiguration.ReadWrite.All), and works with PowerShell 5 or 7 to modernize firewall management in Intune.
Kiosk Overseer
A web-based tool for building Windows kiosk deployments by generating Assigned Access XML configurations. Supports Single-App, Multi-App, and Restricted User modes with customizable Start menu, taskbar, auto-launch, idle timeout, and breakout keys. Exports for Intune OMA-URI, PowerShell, or provisioning packages.
Microsoft Team Rooms Wallpaper package wrapper
A Microsoft Intune wrapper that enables deploying a custom wallpaper to Microsoft Teams Rooms devices via a PowerShell installer. It packages a wallpaper into an .INTUNEWIN package, supports install and uninstall commands, and uses registry-based detection to verify the deployed version. It also generates logs under the Intune Management Extension folder for troubleshooting, with a configurable company name for branding.
NameTune (Ultimate Intune Naming Tool)
NameTune is a purpose-built Intune companion that helps teams design, apply, and document consistent naming standards across real-world Microsoft Intune environments.
PowerShell ADMX wizard
PowerShell ADMX Wizard creates custom ADMX/ADML templates from a CSV of registry keys, enabling Windows policies via Intune. It generates GUID-based templates, adds registry entries (STRING, DWORD, BINARY), and logs progress. After creation, upload the ADM/ADML to Intune as Imported ADMX to apply through a configuration profile.
PPPC Builder for macOS
PPPC Builder for macOS is a lightweight web-based tool that generates macOS PPPC (.mobileconfig) profiles tailored for Microsoft Intune deployments. You can select an app (or upload its Info.plist), choose required privacy permissions (Screen Recording, Full Disk Access, Camera, Microphone, Accessibility), and download a ready-to-deploy .mobileconfig for Intune. No Jamf dependency; simple, fast, Intune-focused.
RuleForge
A PowerShell utility for capturing, comparing, and exporting Windows Defender firewall rules for Microsoft Intune deployment. Captures baseline rules, compares post-install changes, and exports to JSON for Intune or CSV formats with interactive menu and CLI modes.
TrustM365
TrustM365 is a free, self-hosted dashboard for Microsoft 365 administrators and MSSPs. It connects to multiple tenants via Graph, baselines exact resources and properties to monitor, detects drift with property-level diffs on every sync, and restores baseline values with one click. It provides branded reports, webhook alerts, and a full audit trail, plus auto-restore and multi-tenant views for MSSP workflows.
Windows Media Creation CLI
Windows Media Creation CLI is a PowerShell-based tool that automates building Windows installation media on a USB drive. It supports Windows 11 (22H2-25H2) and Windows 10, with customizable architecture, language, region and edition, enabling fully automated media creation. It also supports OEM driver injection via AUTOUNATTEND or DISM, single or multi-driver packs, and can generate an installwimdrivers.csv catalog to track installed drivers.
Windows Recovery Partition Editor
Windows Recovery Partition Editor resizes the local Windows Recovery Partition to 984MB and injects CAB files to enable optional features and language support. It deploys via a PowerShell script, placing architecture-specific CABs under tools\amd64 or tools\arm64cpu and matching language packs, with an optional backup of OEM images. Detection uses the registry key HKLM:\SOFTWARE\YourCompanyNameHere\Client-Recovery with value 1.0.0.
WinPEAP
WinPEAP is a WinPE-based workflow to transition devices to Entra Joined and auto-enroll them into Intune via Windows Autopilot. It uses OSDCloud to build a customized WinPE ISO, injects the 4kAutopilotHashUpload.ps1 script and oa3tool-based hardware hash capture, and uploads the Autopilot hash to Intune during WinPE. Automation spans OS deployment, driver injection, hash registration, and enrollment, with support for user-driven Autopilot profiles and VM testing considerations.