IntuneHydrationKit
0.3.3
Hydrates Microsoft Intune tenants with best-practice baseline configurations including policies, compliance packs, enrollment profiles, dynamic groups, security baselines, and conditional access starter packs.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2025 Jorgeasaurus. All rights reserved.
Package Details
Author(s)
- Jorgeasaurus
Tags
Intune Microsoft365 Graph Baseline Compliance Security Autopilot MDM Endpoint MEM Azure EntraID ConditionalAccess DeviceManagement
Functions
Invoke-IntuneHydration Connect-IntuneHydration Test-IntunePrerequisites New-IntuneDynamicGroup New-IntuneStaticGroup Get-OpenIntuneBaseline Import-IntuneBaseline Import-IntuneCompliancePolicy Import-IntuneAppProtectionPolicy Import-IntuneNotificationTemplate Import-IntuneEnrollmentProfile Import-IntuneDeviceFilter Import-IntuneConditionalAccessPolicy Import-IntuneMobileApp Initialize-HydrationLogging Write-HydrationLog Import-HydrationSettings New-HydrationResult Get-ResultSummary Get-GraphErrorMessage Test-HydrationKitObject Get-ObfuscatedTenantId
PSEditions
Dependencies
-
- Microsoft.Graph.Authentication (>= 2.0.0)
Release Notes
## v0.3.3
- **Added:**
- Issue #15: License-based dynamic user groups (E3, E5, F3, Business Premium, Copilot, Power BI Pro, Visio, Project)
- Dynamic groups count increased from 43 to 51
- **Changed:**
- OpenIntuneBaseline now pulls from maintained fork to prevent unplanned breaking changes
- Issue #15: Simplified dynamic group membership rules (removed complex exclusion logic for better processing)
FileList
- IntuneHydrationKit.nuspec
- Templates\ConditionalAccess\Block all agent identities from accessing resources.json
- Templates\Enrollment\Windows-ESP-Profile.json
- Public\Initialize-HydrationLogging.ps1
- Templates\ConditionalAccess\Block all agent users from accessing resources.json
- Templates\Enrollment\Windows-Self-Deploy-Autopilot-Profile.json
- IntuneHydrationKit.psd1
- Public\Invoke-IntuneHydration.ps1
- Templates\ConditionalAccess\Block high risk agent identities from accessing resources.json
- Templates\Filters\Android-Filters.json
- IntuneHydrationKit.psm1
- Public\New-IntuneDynamicGroup.ps1
- Templates\ConditionalAccess\Block legacy authentication.json
- Templates\Filters\iOS-Filters.json
- Private\Copy-DeepObject.ps1
- Public\New-IntuneStaticGroup.ps1
- Templates\ConditionalAccess\No persistent browser session.json
- Templates\Filters\macOS-Filters.json
- Private\Get-GraphErrorMessage.ps1
- Public\Test-IntunePrerequisites.ps1
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device for admins.json
- Templates\Filters\Windows-Manufacturer-Filters.json
- Private\Get-HydrationTemplates.ps1
- Public\Write-HydrationLog.ps1
- Templates\ConditionalAccess\Require compliant or hybrid Azure AD joined device or multifactor authentication for all users.json
- Templates\Filters\Windows-VM-Filters.json
- Private\Get-ObfuscatedTenantId.ps1
- Templates\AppProtection\Android-App-Protection.json
- Templates\ConditionalAccess\Require MDM-enrolled and compliant device to access cloud apps for all users (Preview).json
- Templates\MobileApps\macOS\M365Apps.json
- Private\Get-PremiumP2ServicePlans.ps1
- Templates\AppProtection\iOS-App-Protection.json
- Templates\ConditionalAccess\Require multifactor authentication for admins.json
- Templates\MobileApps\macOS\MicrosoftEdge.json
- Private\Get-ResultSummary.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for all users.json
- Templates\MobileApps\Windows\M365\M365Apps.json
- Private\New-HydrationResult.ps1
- Templates\AppProtection\level-1-enterprise-basic-data-protection-iOS.json
- Templates\ConditionalAccess\Require multifactor authentication for Azure management.json
- Templates\MobileApps\Windows\Store\AdobeAcrobatReaderDC.json
- Private\Remove-ReadOnlyGraphProperties.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for guest access.json
- Templates\MobileApps\Windows\Store\CompanyPortal.json
- Private\Test-ConditionalAccessPolicyRequiresP2.ps1
- Templates\AppProtection\level-2-enterprise-enhanced-data-protection-iOS.json
- Templates\ConditionalAccess\Require multifactor authentication for Microsoft admin portals.json
- Templates\MobileApps\Windows\Store\MicrosoftCopilot.json
- Private\Test-ConditionalAccessPolicyRequiresPreview.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-Android.json
- Templates\ConditionalAccess\Require multifactor authentication for risky sign-ins.json
- Templates\MobileApps\Windows\Store\MicrosoftTeams.json
- Private\Test-HydrationKitObject.ps1
- Templates\AppProtection\level-3-enterprise-high-data-protection-iOS.json
- Templates\ConditionalAccess\Require password change for high-risk users.json
- Templates\MobileApps\Windows\Store\Notion.json
- Private\Test-WindowsDriverUpdateLicense.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Basic.json
- Templates\ConditionalAccess\Require phishing-resistant multifactor authentication for admins.json
- Templates\MobileApps\Windows\Store\PowerBIDesktop.json
- Public\Connect-IntuneHydration.ps1
- Templates\Compliance\Android-Compliance-FullyManaged-Strict.json
- Templates\ConditionalAccess\Secure account recovery with identity verification (Preview).json
- Templates\MobileApps\Windows\Store\PowerShell.json
- Public\Get-OpenIntuneBaseline.ps1
- Templates\Compliance\iOS-Compliance-Basic.json
- Templates\ConditionalAccess\Securing security info registration.json
- Templates\MobileApps\Windows\Store\Slack.json
- Public\Import-HydrationSettings.ps1
- Templates\Compliance\iOS-Compliance-Strict.json
- Templates\ConditionalAccess\Use application enforced restrictions for O365 apps.json
- Templates\MobileApps\Windows\Store\Spotify-MusicandPodcasts.json
- Public\Import-IntuneAppProtectionPolicy.ps1
- Templates\Compliance\Linux-Compliance-Basic.json
- Templates\DynamicGroups\Autopilot-Groups.json
- Templates\MobileApps\Windows\Store\VisualStudioCode.json
- Public\Import-IntuneBaseline.ps1
- Templates\Compliance\Linux-Compliance-Strict.json
- Templates\DynamicGroups\Manufacturer-Groups.json
- Templates\MobileApps\Windows\Store\VLC.json
- Public\Import-IntuneCompliancePolicy.ps1
- Templates\Compliance\macOS-Compliance-Basic.json
- Templates\DynamicGroups\OS-Groups.json
- Templates\MobileApps\Windows\Store\WhatsApp.json
- Public\Import-IntuneConditionalAccessPolicy.ps1
- Templates\Compliance\macOS-Compliance-Strict.json
- Templates\DynamicGroups\Ownership-Groups.json
- Templates\MobileApps\Windows\Store\WindowsApp.json
- Public\Import-IntuneDeviceFilter.ps1
- Templates\Compliance\Windows-Compliance-Policy.json
- Templates\DynamicGroups\User-Groups.json
- Templates\MobileApps\Windows\Store\WindowsTerminal.json
- Public\Import-IntuneEnrollmentProfile.ps1
- Templates\Compliance\Windows-Custom-Compliance.json
- Templates\DynamicGroups\VM-Groups.json
- Templates\Notifications\First-Warning.json
- Public\Import-IntuneMobileApp.ps1
- Templates\ConditionalAccess\Block access for unknown or unsupported device platform.json
- Templates\Enrollment\Windows-Autopilot-Profile.json
- Templates\StaticGroups\Static-Groups.json
- Public\Import-IntuneNotificationTemplate.ps1
- Templates\ConditionalAccess\Block access to Office365 apps for users with insider risk.json