IntuneDeviceInventory
A PowerShell module with UI for extending Microsoft Intune device management. Adds custom properties to Intune devices, enables bulk operations including device sync and BitLocker key rotation, with both PowerShell module and standalone UI interfaces.
Security Analysis
37 files scanned on Jun 11, 2026
The IntuneDeviceInventory codebase largely aligns with expected Intune/Graph patterns, but there are notable concerns: (1) garbled/encoded module files that obscure content and raise integrity concerns, (2) use of client-secret based Graph authentication which can expose secrets if not stored securely, (3) collection of potentially sensitive device identifiers and tenant details that require governance, and (4) a few questionable error-handling practices. Immediate actions: verify and restore the binary-encoded module files from trusted sources, replace client-secret auth with more secure methods (managed identity/certificates), implement data minimization and encryption for inventory data, and standardize error handling in runbooks. No explicit remote code download/execution was detected, and there are no obvious hardcoded API keys present in the visible code, but ensure all secrets are externalized and signed.
You might also like
Device Offboarding Manager
A PowerShell-based GUI application for streamlined device lifecycle management across Microsoft cloud services. Enables bulk device offboarding from Intune, Autopilot, and Entra ID from a single interface. Features real-time dashboard analytics, stale device tracking, automatic BitLocker and FileVault key retrieval, CSV/TXT import for bulk operations, and pre-built playbooks for automated workflows.
Intune Hydration Kit
A PowerShell module that automates Microsoft Intune tenant setup by deploying 70+ security baselines, 43 dynamic groups, 24 device filters, compliance policies, app protection policies, and Conditional Access policies in a single command. Integrates OpenIntuneBaseline and supports multi-cloud environments.
OSD
A comprehensive PowerShell module for operating system deployment with 400+ functions for WinPE and Windows. Includes OSDCloud for cloud-based deployment, disk management, Windows image operations, driver management for Dell, HP, Lenovo, and Microsoft, BIOS/firmware updates, BitLocker management, and WinPE customization.
Entra ID Device Trust
Entra ID Device Trust enables binding Function Apps to Entra ID joined devices by validating requests originate from trusted devices via the device certificate enrolled during device registration. It combines client-side data gathering (signature hash, device CN, public key, thumbprint) with server-side validation, and can be embedded as a module in your Function App or installed as a dependency. The solution supports embedding EntraIDDeviceTrust.Client on clients and EntraIDDeviceTrust.FunctionApp in Function Apps for seamless, enhanced request security.
