IntuneHydrationKit
0.2.9
Hydrates Microsoft Intune tenants with best-practice baseline configurations including policies, compliance packs, enrollment profiles, dynamic groups, security baselines, and conditional access starter packs.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2025 Jorgeasaurus. All rights reserved.
Package Details
Author(s)
- Jorgeasaurus
Tags
Intune Microsoft365 Graph Baseline Compliance Security Autopilot MDM Endpoint MEM Azure EntraID ConditionalAccess DeviceManagement
Functions
Invoke-IntuneHydration Connect-IntuneHydration Test-IntunePrerequisites New-IntuneDynamicGroup New-IntuneStaticGroup Get-OpenIntuneBaseline Import-IntuneBaseline Import-IntuneCompliancePolicy Import-IntuneAppProtectionPolicy Import-IntuneNotificationTemplate Import-IntuneEnrollmentProfile Import-IntuneDeviceFilter Import-IntuneConditionalAccessPolicy Import-IntuneMobileApp Initialize-HydrationLogging Write-HydrationLog Import-HydrationSettings New-HydrationResult Get-ResultSummary Get-GraphErrorMessage Test-HydrationKitObject Get-ObfuscatedTenantId
PSEditions
Dependencies
-
- Microsoft.Graph.Authentication (>= 2.0.0)
Release Notes
## v0.2.9
- **Added:**
- 7 new Conditional Access policy templates (total now 21 policies)
- Block access to Office365 apps for users with insider risk
- Block all agent identities from accessing resources
- Block all agent users from accessing resources
- Block high risk agent identities from accessing resources
- Require multifactor authentication for risky sign-ins
- Require password change for high-risk users
- Secure account recovery with identity verification (Preview)
- Premium P2 license validation for Conditional Access policies requiring Entra ID P2
- Preview feature detection for Conditional Access policies requiring preview features
- Get-PremiumP2ServicePlans helper function for centralized P2 SKU list management
- **Changed:**
- README.md updated with correct Conditional Access count (21 policies) and link to Microsoft Learn documentation
- Enhanced Test-IntunePrerequisites with comprehensive E5/A5/EMS suite detection
- Fixed empty rows in hydration summary reports
- Fixed missing Type column values in Conditional Access import results
FileList
- IntuneHydrationKit.nuspec
- Templates\ConditionalAccess\Block all agent identities from accessing resources.json
- Templates\Enrollment\Windows-ESP-Profile.json
- Public\Initialize-HydrationLogging.ps1
- Templates\ConditionalAccess\Block all agent users from accessing resources.json
- Templates\Enrollment\Windows-Self-Deploy-Autopilot-Profile.json
- IntuneHydrationKit.psd1
- Public\Invoke-IntuneHydration.ps1
- Templates\ConditionalAccess\Block high risk agent identities from accessing resources.json
- Templates\Filters\Android-Filters.json
- IntuneHydrationKit.psm1
- Public\New-IntuneDynamicGroup.ps1
- Templates\ConditionalAccess\Block legacy authentication.json
- Templates\Filters\iOS-Filters.json
- Private\Copy-DeepObject.ps1
- Public\New-IntuneStaticGroup.ps1
- Templates\ConditionalAccess\No persistent browser session.json
- Templates\Filters\macOS-Filters.json
- Private\Get-GraphErrorMessage.ps1
- Public\Test-IntunePrerequisites.ps1
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device for admins.json
- Templates\Filters\Windows-Manufacturer-Filters.json
- Private\Get-HydrationTemplates.ps1
- Public\Write-HydrationLog.ps1
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device or multifactor authentication for all users.json
- Templates\Filters\Windows-VM-Filters.json
- Private\Get-ObfuscatedTenantId.ps1
- Templates\AppProtection\Android-App-Protection.json
- Templates\ConditionalAccess\Require MDM-enrolled and compliant device to access cloud apps for all users (Preview).json
- Templates\MobileApps\macOS\M365Apps.json
- Private\Get-PremiumP2ServicePlans.ps1
- Templates\AppProtection\iOS-App-Protection.json
- Templates\ConditionalAccess\Require multifactor authentication for admins.json
- Templates\MobileApps\macOS\MicrosoftEdge.json
- Private\Get-ResultSummary.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for all users.json
- Templates\MobileApps\Windows\M365\M365Apps.json
- Private\New-HydrationResult.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-iOS.json
- Templates\ConditionalAccess\Require multifactor authentication for Azure management.json
- Templates\MobileApps\Windows\Store\AdobeAcrobatReaderDC.json
- Private\Remove-ReadOnlyGraphProperties.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for guest access.json
- Templates\MobileApps\Windows\Store\CompanyPortal.json
- Private\Test-ConditionalAccessPolicyRequiresP2.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-iOS.json
- Templates\ConditionalAccess\Require multifactor authentication for Microsoft admin portals.json
- Templates\MobileApps\Windows\Store\MicrosoftCopilot.json
- Private\Test-ConditionalAccessPolicyRequiresPreview.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for risky sign-ins.json
- Templates\MobileApps\Windows\Store\MicrosoftTeams.json
- Private\Test-HydrationKitObject.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-iOS.json
- Templates\ConditionalAccess\Require password change for high-risk users.json
- Templates\MobileApps\Windows\Store\Notion.json
- Private\Test-WindowsDriverUpdateLicense.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Basic.json
- Templates\ConditionalAccess\Require phishing-resistant multifactor authentication for admins.json
- Templates\MobileApps\Windows\Store\PowerBIDesktop.json
- Public\Connect-IntuneHydration.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Strict.json
- Templates\ConditionalAccess\Secure account recovery with identity verification (Preview).json
- Templates\MobileApps\Windows\Store\PowerShell.json
- Public\Get-OpenIntuneBaseline.ps1
- Templates\Compliance\iOS-Compliance-Basic.json
- Templates\ConditionalAccess\Securing security info registration.json
- Templates\MobileApps\Windows\Store\Slack.json
- Public\Import-HydrationSettings.ps1
- Templates\Compliance\iOS-Compliance-Strict.json
- Templates\ConditionalAccess\Use application enforced restrictions for O365 apps.json
- Templates\MobileApps\Windows\Store\Spotify-MusicandPodcasts.json
- Public\Import-IntuneAppProtectionPolicy.ps1
- Templates\Compliance\Linux-Compliance-Basic.json
- Templates\DynamicGroups\Autopilot-Groups.json
- Templates\MobileApps\Windows\Store\VisualStudioCode.json
- Public\Import-IntuneBaseline.ps1
- Templates\Compliance\Linux-Compliance-Strict.json
- Templates\DynamicGroups\Manufacturer-Groups.json
- Templates\MobileApps\Windows\Store\VLC.json
- Public\Import-IntuneCompliancePolicy.ps1
- Templates\Compliance\macOS-Compliance-Basic.json
- Templates\DynamicGroups\OS-Groups.json
- Templates\MobileApps\Windows\Store\WhatsApp.json
- Public\Import-IntuneConditionalAccessPolicy.ps1
- Templates\Compliance\macOS-Compliance-Strict.json
- Templates\DynamicGroups\Ownership-Groups.json
- Templates\MobileApps\Windows\Store\WindowsApp.json
- Public\Import-IntuneDeviceFilter.ps1
- Templates\Compliance\Windows-Compliance-Policy.json
- Templates\DynamicGroups\User-Groups.json
- Templates\MobileApps\Windows\Store\WindowsTerminal.json
- Public\Import-IntuneEnrollmentProfile.ps1
- Templates\Compliance\Windows-Custom-Compliance.json
- Templates\DynamicGroups\VM-Groups.json
- Templates\Notifications\First-Warning.json
- Public\Import-IntuneMobileApp.ps1
- Templates\ConditionalAccess\Block access for unknown or unsupported device platform.json
- Templates\Enrollment\Windows-Autopilot-Profile.json
- Templates\StaticGroups\Static-Groups.json
- Public\Import-IntuneNotificationTemplate.ps1
- Templates\ConditionalAccess\Block access to Office365 apps for users with insider risk.json