powershell
Pwsh> git clone https://github.com/jorgeasaurus/Intune-Hydration-Kit.gitPwsh> cd Intune-Hydration-KitPwsh> Import-Module ./IntuneHydrationKit.psd1Pwsh> ./Invoke-IntuneHydration.ps1 -TenantId "your-tenant-id" -Interactive -Create -All70+
Security Baselines
12
Dynamic Groups
12
Device Filters
13
CA Policies
10
Compliance Policies
Features
OpenIntuneBaseline Integration
Auto-downloads latest community security baselines
Multi-Platform Support
Windows, macOS, iOS, Android, Linux
Idempotent Operations
Safe to run multiple times without side effects
WhatIf Preview
Dry-run before making any changes to your tenant
Safe Deletion
Only removes kit-created objects with -Delete flag
Detailed Reporting
Markdown and JSON output for documentation
What Gets Created
| Category | Count | Description |
|---|---|---|
| Dynamic Groups | 12 | OS, manufacturer, Autopilot targeting |
| Device Filters | 12 | Platform-based filters |
| Security Baselines | 70+ | OpenIntuneBaseline policies |
| Compliance Policies | 10 | Multi-platform compliance |
| App Protection | 4 | MAM policies for BYOD |
| Conditional Access | 13 | Starter pack (created disabled) |
Prerequisites
PowerShell 7+
Cross-platform PowerShell for modern scripting
Microsoft.Graph.Authentication
PowerShell module for Graph API authentication
Required Graph API Permissions
- •DeviceManagementConfiguration.ReadWrite.All
- •DeviceManagementServiceConfig.ReadWrite.All
- •DeviceManagementManagedDevices.ReadWrite.All
- •DeviceManagementScripts.ReadWrite.All
- •DeviceManagementApps.ReadWrite.All
- •Group.ReadWrite.All
- •Policy.Read.All
- •Policy.ReadWrite.ConditionalAccess
- •Application.Read.All
- •Directory.ReadWrite.All
- •LicenseAssignment.Read.All
- •Organization.Read.All