- New runbook: Check Assignments Of Users
- New runbook: Check Assignments Of Groups
- New runbook: Check Assignments Of Devices
- Resize W365: Added mail customization
- Resize W365: Fixed Info box
- Reporovision W365: Added mail customization
- Add Devices Of Users To Group (Scheduled)
- Report Apple Mdm Cert Expiry
- List Application Creds Expiry - Supports App ID Filtering
- Allow "Enrolled Devices Report" to be scheduled
- Moved "Check Device Onboarding Exlusion" into to repo
- Bulk Delete Devices From Autopilot
- Check AAD Sync Status
- Report Pim Activations
- Update: Export All Autopilot Devices
- Office365 Support: Supprt for custom Azure Subscription ID
- Export Non Compliant Devices: Support for custom Azure Subscription ID
- Export All Intune Devices: Support for custom Azure Subscription ID
- Fixed: Failed to add/remove owners from groups.
- Set Room Mailbox Configuration: Only allow MailEnabled groups
- Fix: Teams Phone Runbooks: Update phone number validation to include extension format
- Fix: Convert to Shared Mailbox: Did not remove all groups
- Fix: Offboard User: Did not remove all groups
- Show LAPS PW: Fix LAPS password retrieval and display device name
- Updates to Teams Phone Runbooks
- Export all Intune Devices: Added more fields (CompanyName and JobTitle)
- New Runbook: Export all AutoPilot devices
- Wipe Device: Support MacOS Obliteration Modes
- Add/Remove Mail Address: Fix - Could not remove address
- All Phone Runbooks: Update module versions and add validation for user input
- Add Shread/Room/Equip. Mailbox: Add mailbox creation wait logic
- List Mailbox Permissions: Only list Trustees with a mailbox in this tenant.
- Reset MFA: Handle token becoming invalid after failed auth. method deletion
- (Un)Assign License: (fixed) Group prefix was case sensitive.
- Update User: (fixed) Fails if a group is not found.
- List Inactive Devices: Fixed: Failed if the primary owner has been deleted from AAD.
- Assign groups by template: Performance improvements
- Set User Photo: (fixed) Updated API Call
- New Runbook: List a device's LAPS credentials (i.e. local admin passwords)
- Avoid failed runs due to a known issue in Azure Automation / Avoid module dependency in param block
- Update to RJRBHelper v0.8.3 - Fix problems with newer Azure Automation Containers
- Teams Phone Runbooks: Bugfix (variables cleanup)
- New Runbook: Assign groups by template (user and group scope)
- New Runbook: Reset mobile device PIN
- Export Policy Report - Compatibility with Microsoft Graph PowerShell Module 2.x
- Updated Phone Runbooks
- Updated Phone Runbooks
- Updated Phone Runbooks
- Set Out-of-Office: Allow blocking calendar for the Out-of-Office period
- Export CloudPC Usage: Updated to reflect API changes.
- New Runbook: Submit Defender Threat Indicator / Hash
- New Runbook: Rename Device in Intune and Autopilot
- Assign Windows 365 - Support FrontLine Worker (Shared Use Service Plan) Cloud PCs
- Unassign Windows 365 - Support FrontLine Worker (Shared Use Service Plan) Cloud PCs
- Resize Windows 365 - Bugfix: Will not remove User Setting / Provisioning Policy
- Export Policy Report - Ignore Cyrillic characters (as PanDocs does not support them).
- Wipe Device: Support for Protected Wipe
- Convert to Shared Mailbox - Dis-/Enable User on conversion and fixed potential issue with missing steps
- Add equipment/room/shared mailbox: AAD user object is disabled by default.
- Require update of RealmJoin.RunbookHelper to 0.8.1 prevent potential token leakage.
- New Runbook: Add Viva Engage (Yammer) Community
- New Runbook: List/Export all non-compliant devices in Intune and corresponding compliance policies/settings
- Bugfix: List Admin Users: Some role assignments were not listed
- Change Exports to use ";" as delimiter and UTF8 file format for all runbooks
- Assign Win365: Support long deployment times
- Convert to shared mailbox: Skip removing on-prem synced groups
- New Runbook: Create an Application Registration
- List inactive users: Supports listing users that have never logged on.
- New runbook: List PIM groups without owners
- New Runbook: Create a report on a tenant's Intune and Conditional Access Policies
- Configure Room Mailboxes: Allows setting Capacity
- Reprovision and Resize available for Windows 365 management
- Added audit logging info to phone runbooks
- Teams Phone: Update all user/phone runbook. Update to Teams Module v5. Better error handling.
- Update User: Support User Templates, Group Management, PW Reset
- New Runbook: Export CloudPC Usage Statistics
- New Runbook: Remove Room/Shared/Booking Mailbox
- New Feature: Assign/Unassign Windows365 Cloud PCs
- New Feature: Manage MS Bookings
- New Runbook: set-booking-config: Enable Bookings (tenant-wide)
- New Runbook: Sync all Intune Devices
- Add Autopilot Device: Support assigning (optional) GroupTag
- Report SPO Shared Links: Support anon. links
- Import a device into Intune via corporate identifier.
- Add/remove user (from/to group): Support EXO based groups (Distribution Lists and Mail-enabled Sec. Groups)
- Add shared mailbox: Option to localize new mailboxes.
- Report SPO Shared Links: Support for private channels added
- New runbook: Report extern. shared links in all teams to the respective teams owners
- Bugfix - List Room Mailbox Config - Could not read config, if room UPN was not the same as primary eMail address
- Bugfix - Add/Remove eMail Address - Adding an address failed if mailbox has exactly one email address
- Isolate Device / Restrict Device Code exec.: Bug fixed, incorrect behavior if device is not yet available in DefenderATP service.
- Convert to shared mailbox:
- Assign EXO E2 License if needed when converting to shared mailbox
- Assign M365 Lic when converting back to user mailbox
- Nicer output (UPN vs ID)
- Remove groups when converting to shared mailbox
- All runbooks report their Caller in Verbose output.
- List Admin Users: Export Admin-to-Role Overview as CSV (optional)
- Add "Check-Autopilot-SerialNumbers" runbook
- Add "List Room Mailbox Configuration" runbook
- "List Admin Users" will list/validate MFA Methods for each admin
- Reset PW allows to not "force change on next logon"
- Add Shared Mailbox: Support Custom Domains
- merge Teams Voice Runbook into master branch
- List mailbox permissions: add support for mail enabled groups as trustee
- new runbook: List groups that have license assignment errors
- "Convert to shared mailbox" will now check for litigation holds, mbox size and archives and inform you if a license is needed.
- new runbook: Add/Remove AzureAD group member
- new runbook: Assign new AutoPilot GroupTag to a device
- Add-User: Will only provision a license of there still licenses available
- new runbook: Add/Remove Public Folder
- Add Shared Mailbox: Support for redirecting sent mail
- rewriting RBs to have max. one active "Customizing" block per Runbook
- offboard-user-*
- moved all teams phone/voice related runbooks to branch "feature-teamsvoice".
- rewriting RBs to have max. one active "Customizing" block per Runbook
- outphase-device
- better output and error handling in several runbooks
- offboard-user-*:
- Handle group ownership on offboarding (replace owner)
- new runbook: List a user's group ownerships
- list-inactive-devices:
- can read now alternatively query by last Intune sync
- can export to CSV
- new runbook: list app registrations that are vulnerable to CVE-2021-42306.
- list inactive app:
- Fix - List of apps was truncated
- Fix - Display AppId if DisplayName is not available
- new runbook: List expiring AzureAD / PIM role assignments
- new runbook: List/Add/Remove SmartScreen Exclusions (indicators) in MS Security Center
- new runbook: Export all Intune devices (to a storage account)
- Many runbooks: Improve output
- device wipe and device outphase: Show owner/user UPN for the device
- Add User: Supports adding users to Exchange Distr. Lists / mail enabled groups
- Offboard user permanently / temporarily: Added support for removing Exchange groups / distr. lists
- Multiple Runbooks: Use displaynames instead of UIDs in output were possible for better readability
- List expiring app credentials: Can limit output to creds about to expire.
- New Runbook: Report changes to Cond. Access Policies via eMail
- intended for scheduled execution (daily)
- needs Send eMail permissions
- New Runbook: List devices of members (users) in a group
- Can optionally collect the devices into an AAD group
- New Runbooks using MDE / Defender ATP
- Isolate Device
- Restrict Code Execution
- New Runbook: Convert user mailbox to shared mailbox
- Fixes to "Add/Remove Group Owner"
- add owners as members if needed
- delete owner was broken
-
New Runbook: Set Room Mailbox Configuration
Configure BookIn Policy, Auto-acceptance and other settings specific to room resources.
- Bugfix: Corrected reporting for SendOnBehalf Mailbox permissions in multiple runbooks
- Better usernames reporting in user/mail runbooks
- new runbook: Archive Team
- moved to licensing report v2
- report "SendAs" and "SendOnBehalf" in List Mailbox Permissions
- new runbook: List mailbox permissions
- user_security_reset-mfa: Include reset of OATH and FIDO2 methods
- Office 365 Lic. Reporting v2
- Merged with 'CloudEconimics' reports intended for PowerBI
- New Runbook: Set PAL / Azure Management Partner Link
- Split Wipe/Outphase Runbook into two to allow separate roles/defaults
- Support to create Distribution Groups as Roomlists
- Bugfix -
group\general\add-or-remove-ownercould break if multiple users have similar display names
- Official release of Runbook Library for RealmJoin and start of ongoing change tracking.
- User assignment in
org/general/add-autopilot-devicehidden by default as Microsoft is not supporting that feature anymore - When auto creating UPNs in
org/general/add-userGerman umlauts are automatically transcribed. - All runbooks that were using the AzureAD module have been ported to use MS Graph natively
- Enabling/Disabling devices in Graph is currently limited to Windows devices. (MS limitation)