Skip to content

markorr321/Intune-MAA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
Intune-MAA
Intune-MAA
 
 
docs
docs
 
 
Intune-MAA (2).gif
Intune-MAA (2).gif
 
 
Intune-MAA.gif
Intune-MAA.gif
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Intune-MAA

PowerShell Gallery PowerShell 7+

Manage Microsoft Intune Multi Admin Approval (MAA) requests with PowerShell. Provides a full-screen terminal UI for reviewing pending approval requests, viewing payload details, and approving or denying requests with justification. Just run Start-MAAApproval — works out of the box with no configuration, or bring your own app registration for full control.

Intune-MAA demo

Installation

Install-Module -Name Intune-MAA

Quick Start

Configure your app registration (one-time setup):

Configure-IntuneMAA

Launch the approval manager TUI:

Start-MAAApproval

Functions

Function Description
Start-MAAApproval Launch the interactive approval manager
Configure-IntuneMAA Interactively configure and save app registration credentials
Clear-IntuneMAA Remove saved app registration configuration
Approve-MAARequest Approve a request by ID
Cancel-MAARequest Deny/reject a request by ID
Get-PendingMAARequests Get all pending MAA requests

Requirements

  • PowerShell 7.0+
  • Microsoft.Graph.Authentication module (v2.0.0+)
  • One of: Az.Accounts module OR NuGet Microsoft.Identity.Client package (for MSAL browser auth)

Required Graph API Permissions (Delegated)

  • DeviceManagementConfiguration.ReadWrite.All
  • DeviceManagementRBAC.ReadWrite.All
  • DeviceManagementManagedDevices.ReadWrite.All
  • DeviceManagementApps.ReadWrite.All
  • DeviceManagementScripts.ReadWrite.All

Custom App Registration

If using a custom app registration:

  1. Platform: Mobile and desktop applications
  2. Redirect URI: http://localhost
  3. Allow public client flows: Yes
  4. Add the delegated API permissions listed above

Configuration

Use the built-in configuration command to save your app registration credentials:

Save your app registration credentials:

Configure-IntuneMAA

Remove saved configuration:

Clear-IntuneMAA

Or pass parameters directly each time:

Start-MAAApproval -ClientId "your-app-id" -TenantId "your-tenant-id"

On macOS, Configure-IntuneMAA will also offer to add the credentials to your PowerShell profile for persistence across sessions.

Payload Review

When viewing a request, you can open the payload directly in VS Code or Notepad for a detailed review. Scripts are decoded and opened as .ps1 files, and policies open as a formatted summary of settings and assignments.

Supported Resource Types

  • Apps (Win32, MSI, Store, Web)
  • Configuration profiles
  • Settings catalog policies
  • Compliance policies
  • Remediation scripts
  • Platform scripts
  • Group policies
  • Autopilot profiles
  • Update profiles (Feature, Quality, Driver)
  • Enrollment configurations
  • Approval policies
  • Device categories
  • Role definitions
  • Device actions (Wipe, Retire, Delete)

License

MIT

About

PowerShell module for managing Intune Multi Admin Approval (MAA) requests. Provides a terminal UI for reviewing, approving, and denying pending requests with full payload detail views. Supports all Intune resource types including apps, policies, scripts, and device actions. Features browser-based MSAL auth and custom app registration support.

www.powershellgallery.com/packages/Intune-MAA/1.0.0

Topics

intune

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages