Ctrlk

Runbook Changelog

2026-06-03

  • Add Sync Shared Channel Owners (Scheduled) Runbook in Org/General

    • Ensures the members of a mapped security group are owners of selected Teams and of every shared channel those teams host (shared channels do not inherit ownership from their parent team)

    • Teams are targeted by exact display name; the team-name-to-owner-group mapping is maintained centrally via the SharedChannelOwners.Mapping org setting

    • Add-only (existing owners/members are never removed); WhatIfMode dry run

    • Optional email report (via Send-RjReportEmail) and/or storage download link, each with per-team and per-change CSV output (both default off)

  • Add Report Primary User Mismatch (Scheduled) Runbook in Org/Devices

    • Compares the primary user recorded in Intune against the primary user recorded in the RealmJoin customer API for Windows managed devices, flags any device where the primary user differs, and emails the differences with a CSV attachment on a scheduled basis.

2026-06-02

  • Bump Microsoft.Graph.Authentication module to >= 2.37.0 in all runbooks that use it

  • Add Report Windows Devices Without Autopilot Runbook in Org/Devices

    • Lists all Windows Entra device objects that have no associated Windows Autopilot object (matched via the Autopilot object's azureActiveDirectoryDeviceId)

  • Update Outphase Device Runbook in Device/General

    • Add optional Microsoft Defender for Endpoint exclusion: tags the device with a configurable exclusion tag (default ExcludeFromRemediation) to mark it as excluded from remediation (opt-in, default off)

    • Consolidates the previously separate Defender exclusion variant into this Runbook

    • Adds the WindowsDefenderATP permissions Machine.Read.All and Machine.ReadWrite.All

  • Update Outphase Devices Runbook in Org/Devices

    • Add the same optional Microsoft Defender for Endpoint exclusion tagging, applied to every device in the list (opt-in, default off)

    • Adds the WindowsDefenderATP permissions Machine.Read.All and Machine.ReadWrite.All

2026-06-01

  • Bump RealmJoin.RunbookHelper to >= 0.8.6 in every Runbook that uses the module

    • This module version ships an extensive update to the email-sending function around image embedding and Outlook Classic compatibility

  • Update Export Enterprise Application Users Runbook in Org/Applications

    • Remove inline Publish-RjRbFilesToStorageContainer helper function — now provided by RealmJoin.RunbookHelper >= 0.8.6

  • Update Office 365 License Report Runbook in Org/General

    • Remove inline Publish-RjRbFilesToStorageContainer helper function — now provided by RealmJoin.RunbookHelper >= 0.8.6

  • Update Check Device Onboarding Exclusion (Scheduled) Runbook in Org/General

    • Fix System.OutOfMemoryException on tenants with large Intune inventories: managed devices are now filtered server-side instead of pulling the full inventory into memory and filtering client-side

    • Migrate to native Microsoft Graph

2026-05-27

  • Update Reset MFA Runbook in User/Security

    • Add NotifyUser option: optionally sends a notification email to the target user when an administrator resets their MFA methods (default off/setting hidden)

    • Add EmailFrom, ServiceDeskDisplayName, ServiceDeskEmail, ServiceDeskPhone parameters for email configuration (sourced from RJReport tenant settings, all hidden by default)

    • Add LanguageOverride parameter to force DE or EN email language (default: auto-detect via usage location)

    • Add StatusQuo section to resolve user display name, primary email, and usage location

    • File renamed from reset-mfa.ps1 to reset-MFA.ps1 (capital letters)

  • Update Set or Remove Mobile Phone MFA Runbook in User/Security

    • Add NotifyUser option: optionally sends a notification email to the target user when an administrator adds or removes their mobile phone MFA method (default off/setting hidden)

    • Add EmailFrom, ServiceDeskDisplayName, ServiceDeskEmail, ServiceDeskPhone parameters for email configuration (sourced from RJReport tenant settings, all hidden by default)

    • Add LanguageOverride parameter to force DE or EN email language (default: auto-detect via usage location)

    • Email text distinguishes between add and remove actions

    • File renamed from set-or-remove-mobile-phone-mfa.ps1 to set-or-remove-mobile-phone-MFA.ps1 (capital letters)

2026-05-26

  • Update List MFA Methods Runbook in User/Security

    • Add support for overriding the language of the user notification email with a parameter

2026-05-20

  • Update Update User Runbook in User/Userinfo section

    • Add support for updating the user's manager

2026-05-15

  • Add Manage Archive Mailbox Runbook to User/Mail

    • Enables, disables, or retrieves the current status of the in-place archive mailbox for an Exchange Online user

    • When enabling, automatically reconnects a soft-deleted archive mailbox (within 30 days) instead of creating a new one

    • Disable action includes a note that the archive can be recovered within 30 days

2026-05-13

  • Update Report Apple MDM Cert Expiry (Scheduled) Runbook in Org/General

    • Fix VPP tokens being silently dropped from the report due to a faulty paged-result check

    • Fix DEP onboarding settings using the same faulty paged-result check

    • Only send the email report when at least one alert is detected (aligns with the License Threshold Report behavior)

2026-05-12

  • Add List MFA Methods Runbook in User/Security

    • Lists all Microsoft Entra ID MFA and authentication methods registered for a target user.

    • Optionally masks phone numbers (last 4 digits only), with an option to display them in full (default off/setting hidden).

    • Optionally sends a notification email to the user when an administrator retrieves their MFA methods (default off/setting hidden).

  • Improve PSScriptAnalyzer compatibility across several runbooks by resolving issues or suppressing false positive warnings:

    • Assign Groups By Template (Scheduled) Runbook in Org/General

      • PSReviewUnusedParameter for the GroupsTemplate parameter, which is used indirectly via RJ Portal Customization to populate the GroupsString parameter

    • Export Enterprise Application Users Runbook in Org/Applications

      • Remove unused parameter `rfcDate``

      • Restructure script with proper regions and parameter logging

    • Office 365 License Report Runbook in Org/General

      • Remove unused parameter rfcDate

      • Restructure script with proper regions and parameter logging

    • Create Endpoint Analytics Baseline (Scheduled) Runbook in Org/Devices

      • Replace empty try/catch blocks by directly using Disconnect-MgGraph with -ErrorAction SilentlyContinue

    • List Admin Users Runbook in Org/Security

      • Replace empty try/catch blocks

    • Export Policy Report Runbook in Org/General

      • Replace empty try/catch blocks

2026-05-07

  • Update Add Shared Mailbox Runbook in Org/Mail

    • Add parameter for time zone selection with predefined options and default value

2026-05-06

  • Update Invite External Guest Users Runbook in Org/General

    • Add parameter to handle sponsor assignment

    • Modify summary for manager and sponsor to show the UPN instead of the ID for better readability

    • Add support for customized email invitation message and invite redirection URL as parameters

2026-04-30

  • Update Office 365 License Report Runbook in Org/General

    • Add includeUserData parameter to optionally include real user data (UPNs) in Graph activity reports by temporarily disabling the Microsoft 365 report privacy setting

    • Add ReportSettings.ReadWrite.All permission to support toggling report privacy setting

    • Restructure script with proper regions, parameter logging and enhanced error handling

    • Update PowerShell module

  • Add Dedeup Device Names (Scheduled) Runbook to org/devices section

    • Renames the most recently enrolled duplicate using a configurable prefix and random digit suffix; syncs resolved names to Autopilot

    • OS filter parameter (All / Windows / macOS / Other); skips personal-owned devices and unsupported platforms with warnings

    • Checks for pending rename actions before queuing to avoid duplicate MDM commands

  • Update Export Enterprise Application Users Runbook in Org/Applications

    • Update the export function to the enhanced one used in the Office 365 License Report runbook

2026-04-29

  • Update Invite External Guest Users Runbook in Org/General

    • Add Parameter: Given name, Surname, Manager, UsageLocation, Company

    • Add DisplayName generation based on given name and surname if display name is not provided

2026-04-24

  • Update Export Policy Report Runbook in Org/General

    • Replace all $top=1000 Graph API calls with Get-GraphPagedResult to correctly handle pagination and prevent missing policies in large tenants

    • Add helper function and restructure script with proper regions

    • Add logging of the count of retrieved policies for each policy type

2026-04-21

  • Update Enroll Updatable Assets Runbook in Device/General

    • Add "All" option to UpdateCategory to sequentially enroll into Driver, Feature and Quality updates

    • Restructure script with proper regions and parameter logging

2026-04-13

  • Update Set Or Remove Mobile Phone MFA Runbook in User/Security

    • Switch from UPN-based ($UserName) to Object ID-based ($UserId) user identification to fix 404 errors for guest users

    • Add user resolution after connect to display UPN, display name and guest user status

    • Add display of current phone method state (phone number and SMS Sign-In state) before making changes

    • Restructure error handling for Graph API 409 Conflict / "phoneNumberNotUnique" errors: suppress error, wait, verify actual MFA assignment state, and report success with SMS Sign-In conflict note if MFA was assigned

    • Add embedded Find-PhoneNumberOwner function to search for the user holding a phone number when MFA assignment truly fails

  • Update Find SMS Auth Phone Number Runbook in Org/Security

    • Add dynamic progress interval based on total user count for batch processing output

    • Update "not found" output to indicate that soft-deleted user accounts may still hold the phone number reservation

  • Add Show FileVault Recovery Key Runbook to Device/Security

    • This runbook retrieves and displays the FileVault recovery key for a specified Mac device.

2026-04-09

  • Update Add Defender Indicator Runbook in Org/Security

    • Fix logic issue regarding the alert handling.

    • Optimized output of the runbook to provide clearer information about the created indicator and its status in Microsoft Defender.

  • Add Assign Groups By Template Runbook in Device/General

    • Adds a device to one or more Entra ID groups using either group object IDs or display names.

2026-04-07

  • Optimize PSScriptAnalyzer checkability across several runbooks by:

    • Suppress false positive PSScriptAnalyzer warnings across multiple runbooks

      • PSUseDeclaredVarsMoreThanAssignments for variables used inside ForEach-Object blocks or for output suppression

      • PSReviewUnusedParameter for parameters used indirectly via Get-Variable or RJ Portal Customization

      • PSAvoidUsingPlainTextForPassword for non-password type selector parameter

    • Fix PSUseApprovedVerbs naming issues in internal functions by replacing non-approved verbs with approved ones

    • Fix PSUseSingularNouns naming issues in internal functions through rename plural function names to singular

    • Affected runbooks:

      • Show LAPS Password - Device/Security

      • Enroll Updatable Assets - Device/General

      • Unenroll Updatable Assets - Device/General

      • Unenroll Updatable Assets (Scheduled) - Group/Devices

      • Add Application Registration - Org/Applications

      • Report Expiring Application Credentials (Scheduled) - Org/Applications

      • Update Application Registration - Org/Applications

      • Outphase Devices - Org/Devices

      • Add Devices Of Users To Group (Scheduled) - Org/General

      • Add Primary Users Of Devices To Group (Scheduled) - Org/General

      • Add Security Group - Org/General

      • Add Viva Engage Community - Org/General

      • Assign Groups By Template (Scheduled) - Org/General

      • Check Assignments Of Devices - Org/General

      • Check Assignments Of Users - Org/General

      • Export CloudPC Usage (Scheduled) - Org/General

      • Export Policy Report - Org/General

      • Office365 License Report - Org/General

      • Get Teams Phone Number Assignment - Org/Phone

      • Backup Conditional Access Policies - Org/Security

      • Assign Groups By Template - User/General

      • Disable Teams Phone - User/Phone

      • Get Teams User Info - User/Phone

      • Set Teams Permanent Call Forwarding - User/Phone

      • Update User - User/Userinfo

  • Remove an unused parameter in an internal function in Add Security Group Runbook in Org/General

  • Simplify internal Save-ToDataTable function in Export CloudPC Usage (Scheduled) Runbook by consolidating parameter sets into a single optional switch

  • Fix typo in Office 365 License Report Runbook in Org/General

  • Fix severity parameter not being passed to the API in Add Defender Indicator Runbook in Org/Security

  • Output optimization in Notify Changed CA Policies Runbook in Org/Security

  • Fix fromMailAddress parameter not being passed to the API in Resize Windows 365 Runbook in User/General

2026-04-01

  • Add Create Endpoint Analytics Baseline (Scheduled) Runbook to org/devices section

    • This runbook creates a new Endpoint Analytics Baseline in Microsoft Intune

    • Naming Schema can be adjusted in the runbook parameters, e.g. to include a timestamp for better tracking of baseline versions

2026-03-27

  • Add Auto Approve Driver Updates (Scheduled) Runbook to org/devices section

    • This runbook automatically approves pending driver updates in Intune based on specified criteria (e.g., device category, driver update class) on a scheduled basis.

  • Add Sync Apple Tokens Runbook to org/general section

    • This runbook synchronizes Apple MDM push notification tokens between Intune and Apple Push Notification Service (APNS) to ensure that devices receive timely updates and notifications.

  • Update Create Temporary Access Pass Runbook in user/security section

    • Add parameter validation for the duration of the temporary access pass to ensure it falls within acceptable limits

    • Add support for user notification via email when a temporary access pass is created

      • Could be enabled via Runbook Customization parameters

      • Based on usage location of the user, the email will be sent in German if the usage location is Germany, otherwise in English

  • Update Update Application Registration Runbook in org/applications section

    • Add output of the updated redirect URI list for better visibility of the changes made by the runbook

2026-03-24

  • Fix pagination function and replace with simplified Get-GraphPagedResult function in multiple runbooks:

    • Report Application Registration - Org/Applications

    • Report Expiring Application Credentials (Scheduled) - Org/Applications

    • Notify Users About Stale Devices (Scheduled) - Org/Devices

    • Report Devices Without Primary User - Org/Devices

    • Report Stale Devices (Scheduled) - Org/Devices

    • Report Users With More Than 5 Devices - Org/Devices

    • Add Primary Users Of Devices To Group (Scheduled) - Org/General

    • Report Apple MDM Cert Expiry (Scheduled) - Org/General

    • Report License Assignment (Scheduled) - Org/General

    • Find SMS Auth Phone Number - Org/Security

    • List Admin Users - Org/Security

    • Monitor Pending EPM Requests (Scheduled) - Org/Security

    • Report EPM Elevation Requests (Scheduled) - Org/Security

    • Set Or Remove Mobile Phone MFA - User/Security

2026-03-20

  • Add Find SMS Auth Phone Number Runbook to Org/Security

    • This runbook searches for which user has a specific phone number registered for SMS Sign-In or as a phone MFA method in Microsoft Entra ID. It helps administrators identify phone number ownership for troubleshooting "phoneNumberNotUnique" errors.

  • Update Set or Remove Mobile Phone MFA Runbook in User/Security

    • Add detection and reporting for "phoneNumberNotUnique" errors when a phone number is already reserved for SMS Sign-In by another user

    • Adapt to native GraphAPI Calls

2026-03-10

  • Add Set Primary User Runbook to device/general section

    • This runbook allows you to set or change the primary user of a device in Intune, which can be useful for ensuring accurate device management and reporting.

  • Add Add Primary Users Of Devices to Group (Scheduled) Runbook to group/general section

    • This runbook automatically adds the primary users of devices that meet specified criteria (e.g., platform, last activity date) to a designated group on a scheduled basis, helping to keep user groups up to date with device ownership.

2026-03-06

  • Add Check Device Compliance Runbook to Org/Devices

    • This runbook checks the compliance status of devices in Intune and can be used to identify the reason for this status.

  • Update Export Enterprise Application Users Runbook to Org/Applications

    • Add generalized function for the export to Azure Storage Account.

2026-02-25

  • Update documentation for Notify Users About Stale Devices (Scheduled) Runbook

    • Added detailed instructions for email configuration and custom mail template usage in the runbook documentation to enhance clarity and usability for users setting up email notifications.

    • Added Mail Template Language Selection section (EN, DE, Custom)

  • Add Show Bitlocker Recovery Key Runbook to Device/Security section

    • This runbook retrieves and displays the BitLocker recovery key for a specified device.

  • Update Assign OWA Mailbox Policy Runbook to User/Mail section

    • Added new OWA mailbox policies to the selection options, including "OwaMailboxPolicy-NoSignatures" for users who should not have email signatures in OWA, "BookingsCreators" for users who create Bookings appointments and need the corresponding add-in enabled and "GetCurrent" to assign the currently active policy for the user.

  • Update Check Assignments Of Users Runbook to Org/General section

    • Added support for processing multiple users in a single run by multi user picker.

    • Add required permissions for app assignment checks to the documentation.

  • Update Check Assignments Of Groups Runbook to Org/General section

    • Added support for processing multiple groups in a single run by multi group picker.

2026-02-24

  • Update Unenroll Updatable Assets to Unenroll Updatable Assets (Scheduled) (in group/general)

    • Add option to include user owned devices in the unenrollment process, which allows for a more comprehensive management of updatable assets by optionally targeting devices that are owned by users which are in membership of the specified group.

  • Update List Admin Users Runbook

    • Add output of PIM role assignment status (permanent vs eligible) and expiration date to the runbook output and CSV export.

2026-02-20

  • Add two new Endpoint Privilege Management (EPM) runbooks for org/security:

    • Monitor Pending EPM Requests (Scheduled): Monitoring for pending elevation requests requiring admin review. Sends email notifications only when pending requests exist, includes optional detailed CSV export.

    • Report EPM Elevation Requests (Scheduled): Reporting for EPM elevation requests with flexible filtering by status (Pending, Approved, Denied, Expired, Revoked, Completed) and time range.

  • Update Export All Intune Devices Runbook

    • Fix issue, regarding some properties if the device primary user data is missing or incomplete

    • Add filtering option to only include devices that are members of a specific group to avoid exporting all devices in large tenants and to focus on relevant devices.

      • With group picker for easier selection of the group

  • Complete overhaul of the comment-based help in all runbooks to improve clarity, consistency and detail of the documentation, including:

    • More detailed descriptions of the runbooks' functionality and parameters

    • Clearer instructions for required permissions and setup steps

    • Improved formatting for better readability

  • Removed Report Last Device Contact by Range Runbook, as the functionality is now covered by the updated Report Stale Devices (Scheduled) Runbook with enhanced filtering options.

  • Add Notify Users About Stale Devices (Scheduled) Runbook, which sends email notifications to users with stale devices based on last activity date and platform. This runbook complements the reporting functionality by proactively notifying users about their stale devices and providing guidance for remediation.

  • Update Report Stale Devices (Scheduled) Runbook, Include/Exclude User Groups

2026-02-04

  • Update documentation for permissions used by the Application Registration runbooks

    • Replaced the required app role assignment Application.ReadWrite.All with Application.ReadWrite.OwnedBy to improve security.

    • Removed Directory.ReadWrite.All, as it is not required for the operations performed by these runbooks.

2026-01-30

  • Update org/devices/outphase-devices Runbook

    • Added handling for serial numbers not found in Intune, but provided for outphasing regarding autopilot devices.

2026-01-27

  • Update RealmJoin.RunbookHelper to v0.8.5 in all runbooks

  • Remove redundant email functions following runbooks:

    • org/applications/report-expiring-application-credentials_scheduled

    • org/devices/report-devices-without-primary-user

    • org/devices/report-last-device-contact-by-range

    • org/devices/report-stale-devices_scheduled

    • org/devices/report-users-with-more-than-5-devices

    • org/general/report-apple-mdm-cert-expiry_scheduled

    • org/general/report-license-assignment_scheduled

2026-01-22

  • Update Show LAPS Password Runbook

    • Add check for empty credentials to prevent script failure when no LAPS password exists

  • Update List Admin Users Runbook

    • Add info, if PIM role assignments are permanent or eligible and their expiration date

    • Add switch to also enhance the csv export

2026-01-07

  • Fix error handling in list inactive enterprise applications runbook

  • Add parameter validation to rename device runbook

2026-01-06

  • Update Graph PowerShell Module to 2.34.0 in following runbooks:

    • device/general/remove-primary-user

    • group/general/list-all-members

    • org/applications/report-application-registration

    • org/applications/report-expiring-application-credentials_scheduled

    • org/devices/report-devices-without-primary-user

    • org/devices/report-last-device-contact-by-range

    • org/devices/report-stale-devices_scheduled

    • org/devices/report-users-with-more-than-5-devices

    • org/general/Invite-external-guest-users

    • org/general/add-security-group

    • org/general/export-policy-report

    • org/general/report-apple-mdm-cert-expiry_scheduled

    • org/general/report-license-assignment_scheduled

    • org/security/list-users-by-MFA-methods-count

2025-12-30

  • Add handling for skipping role and on-premises groups in offboarding scripts in following runbooks:

    • user/general/offboard-user-permanently

    • user/general/offboard-user-temporarily

    • user/mail/convert-to-shared-mailbox

2025-12-12

  • Fix nested group handling in Add Devices of Users to Group (scheduled) Runbook

2025-11-20

  • Add Report License Assignment Runbook (scheduled)

    • Thresholds for license availability reporting:

      • Minimum threshold: Alert when available licenses fall below this number

      • Maximum threshold: Alert when available licenses exceed this number

2025-11-13

  • Enhance CSS part in all reporting runbooks

  • Update PowerShell module version in all reporting runbooks

2025-11-10

  • New Add or Remove Tenant Allow/Block List Runbook

  • Update Teams PowerShell Module to 7.5.0 in all Teams Phone Runbooks

  • Separate Exchange Module definitions

2025-11-06

  • Update Set or Remove Mobile Phone MFA Runbook

    • Clarify phone number format in description and parameter help

2025-10-22

  • Update Add Shared Mailbox Runbook

    • Add functionality to add shared mailbox with same alias but different domain

  • Add List Group Memberships Runbook

2025-10-16

  • Update Report Apple MDM Cert Expiry (scheduled) Runbook

    • Update regarding new email functions

  • Update Report Devices Without Primary User Runbook

    • Update regarding new email functions

  • Update Report Users With More Than Five Devices Runbook

    • Update regarding new email functions

  • Update Report Last Device Contact By Range Runbook

    • Update regarding new email functions

  • Update List Stale Devices Runbook

    • Update regarding new email functions

  • Update general mail setup documentation

    • Improve clarity and detail on email configuration steps

  • Upgrade to List Application Credentials Expiry to Report Expiring Application Credentials (Scheduled) Runbook

2025-10-06

  • Update List Application Runbook

  • Add Resource Account License Check to Get Teams User Info and Set Teams Phone Runbooks

2025-09-26

  • Add runbook in Org/Applications

    • Updated/Added Versions add, update, delete and list application registrations

2025-08-27

  • Add AVD runbook

    • device/avd/restart-host

      • Restart the AVD Session Host.

    • device/avd/toggle-drain-mode

      • Sets Drainmode on true or false for a specific AVD Session Host.

    • user/avd/user-signout

      • Removes (Signs Out) a specific User from their AVD Session.

2025-07-21

  • Add runbook in Org/Devices:

    • "Delete stale devices (scheduled)"

      • Scheduled deletion of stale devices based on last activity date and platform.

      • Can be scheduled to run automatically and send a report via email.

    • "List stale devices (scheduled)"

      • Scheduled report of stale devices based on last activity date and platform.

      • Automatically sends a report via email.

    • "Sync device serial numbers to Entra ID (scheduled)"

      • Syncs serial numbers from Intune devices to Entra ID device extension attributes.

      • Helps maintain consistency between Intune and Entra ID device records.

2025-06-18

  • Add runbook in Org/General:

    • "Invite external guest users"

      • Invite external guest users to the tenant and optionally add them to a specified group.

    • "Remove primary user"

      • Remove the primary user from devices in Intune.

2025-06-16

  • Add runbook in Org/Devices:

    • "Report Last Device Contact by Range"

      • Get the devices based on the last device contact date and time, grouped by the specified ranges.

      • Also includes the filtering options for operating system.

    • "Report Users with more than five devices"

      • Get the users with more than five devices enrolled in Intune.

    • "Report devices without primary user"

      • Get the devices without a primary user assigned in Intune.

2025-05-02

  • Update RealmJoin.RunbookHelper to v0.8.4 in all runbooks

2025-04-22

  • Add documentation workflow and scripts to the repository

2025-03-05

  • Update User/Phone/Set Teams permanent call forwarding

    • Make sure, that unanswered calls settings would be disabled before setting the forwarding

2025-02-24

  • Update all phone related runbooks:

    • Teams PowerShell module updated to 6.8.0

    • Add Permissions in .Notes section

    • Remove outdated service user (credential) based connection

    • Update version number

2025-02-19

  • New Runbook: Org/Phone/Get Teams Phone Number Assignment - Get the phone number assignment of the specified phone number and output the user if assigned

2025-02-13

  • Update Runbook org/devices/ "outphase-devices" - add support for serialnumbers

2025-02-12

  • Fix: add-devices-of-users-to-group_scheduled - add AndroidForWork condition

2025-02-11

  • New Runbook: Group/General/List all members - list members of a specified EntraID group, including members from nested groups

2025-01-24

  • Check UpdateAbleAssets (device and group): Adapted to new graph response, general rework

  • Minor fixes (like typos) to multiple runbooks

2025-01-15

  • Update Runbook: get-teams-user-info

    • Version 1.0.1

    • Changes:

      • Add support for group based policy assignment

      • Suppress warning for getting Call Queues

      • Enhance output for policies (TeamsVoiceApplicationsPolicy,CurrentTeamsSharedCallingRoutingPolicy)

      • Add current UsageLocation (important for Teams Dial Plan)

      • Update Teams PowerShell module version to 6.7.0

      • Add regions in the script

      • Remove old credential based connect from the Teams PowerShell Module

2024-12-05

  • Add version info to all runbooks

2024-11-19

  • Fix: Add devices of users to group: Filters for iOS/iPadOS updated

2024-11-27

  • New Runbook: Multi-Device Outphasing

2024-11-14

  • New Runbook: Add/remove a nested group to/from a group.

2024-11-11

  • New Runbook: List all Administrative Template Policies

2024-11-08

  • Updated runbook "Enroll updatableAssets" and moved to device

2024-11-07

  • Fix: Autopilot Bulk Delete: Not all devices found.

2024-11-05

  • New Runbook: Get BitLocker recovery key

2024-10-31

  • Check/Unenroll-UpdateAbleAssets: Added option to unenroll from all categories. Several improvements in output and error handling. Bug fixes.

2024-10-30

  • Check/Unenroll-UpdateAbleAssets: Relocated to groups and devices.

  • Unenroll-UpdateAbleAssets: Fix issue with JSON encoding.

2024-10-28

  • Get Teams User Info: Voicemail and CallQueue status added. Extended license check - is the application active in the license?

  • All user/phone runbooks: Update MicrosoftTeams module

2024-10-21

  • Add Security Group: Allowed characters for security groups added, Update of the required PowerShell module (newer version)

2024-10-14

  • Fix: Show LAPS Password fails - MS Graph API change

2024-10-01

  • New Runbook: Add Security Group

2024-10-07

  • New Runbook: Add Microsoft Store App Logos

2024-10-12

  • Fix: Export Policy Reports: Fixed issue where empty descriptions in settings would break the export.

2024-08-27

  • New Runbook: Bulk retire devices from Intune

  • New Runbook: Check Updatable Assets

2024-07-09

  • New runbook: Check Assignments Of Users

  • New runbook: Check Assignments Of Groups

  • New runbook: Check Assignments Of Devices

  • Resize W365: Added mail customization

  • Resize W365: Fixed Info box

  • Reporovision W365: Added mail customization

2024-06-20

  • Add Devices Of Users To Group (Scheduled)

  • Report Apple Mdm Cert Expiry

  • List Application Creds Expiry - Supports App ID Filtering

  • Allow "Enrolled Devices Report" to be scheduled

2024-06-19

  • Moved "Check Device Onboarding Exlusion" into to repo

  • Bulk Delete Devices From Autopilot

  • Check AAD Sync Status

  • Report Pim Activations

  • Update: Export All Autopilot Devices

2024-06-12

  • Office365 Support: Supprt for custom Azure Subscription ID

  • Export Non Compliant Devices: Support for custom Azure Subscription ID

  • Export All Intune Devices: Support for custom Azure Subscription ID

2024-06-04

  • Fixed: Failed to add/remove owners from groups.

2024-04-05

  • Set Room Mailbox Configuration: Only allow MailEnabled groups

2024-03-06

  • Fix: Teams Phone Runbooks: Update phone number validation to include extension format

2024-03-01

  • Fix: Convert to Shared Mailbox: Did not remove all groups

  • Fix: Offboard User: Did not remove all groups

2024-02-29

  • Show LAPS PW: Fix LAPS password retrieval and display device name

2024-02-28

  • Updates to Teams Phone Runbooks

2024-02-20

  • Export all Intune Devices: Added more fields (CompanyName and JobTitle)

2024-01-15

  • New Runbook: Export all AutoPilot devices

2024-01-12

  • Wipe Device: Support MacOS Obliteration Modes

2023-12-07

  • Add/Remove Mail Address: Fix - Could not remove address

2023-12-05

  • All Phone Runbooks: Update module versions and add validation for user input

2023-11-24

  • Add Shread/Room/Equip. Mailbox: Add mailbox creation wait logic

2023-11-14

  • List Mailbox Permissions: Only list Trustees with a mailbox in this tenant.

  • Reset MFA: Handle token becoming invalid after failed auth. method deletion

2023-11-13

  • (Un)Assign License: (fixed) Group prefix was case sensitive.

  • Update User: (fixed) Fails if a group is not found.

2023-10-26

  • List Inactive Devices: Fixed: Failed if the primary owner has been deleted from AAD.

  • Assign groups by template: Performance improvements

2023-10-20

  • Set User Photo: (fixed) Updated API Call

2023-10-17

  • New Runbook: List a device's LAPS credentials (i.e. local admin passwords)

2023-09-28

  • Avoid failed runs due to a known issue in Azure Automation / Avoid module dependency in param block

2023-09-18

  • Update to RJRBHelper v0.8.3 - Fix problems with newer Azure Automation Containers

2023-09-07

  • Teams Phone Runbooks: Bugfix (variables cleanup)

2023-08-18

  • New Runbook: Assign groups by template (user and group scope)

  • New Runbook: Reset mobile device PIN

2023-08-11

  • Export Policy Report - Compatibility with Microsoft Graph PowerShell Module 2.x

  • Updated Phone Runbooks

2023-08-04

  • Updated Phone Runbooks

2023-08-02

  • Updated Phone Runbooks

2023-07-20

  • Set Out-of-Office: Allow blocking calendar for the Out-of-Office period

2023-07-19

  • Export CloudPC Usage: Updated to reflect API changes.

2023-07-13

  • New Runbook: Submit Defender Threat Indicator / Hash

2023-07-11

  • New Runbook: Rename Device in Intune and Autopilot

2023-06-28

  • Assign Windows 365 - Support FrontLine Worker (Shared Use Service Plan) Cloud PCs

  • Unassign Windows 365 - Support FrontLine Worker (Shared Use Service Plan) Cloud PCs

2023-06-26

  • Resize Windows 365 - Bugfix: Will not remove User Setting / Provisioning Policy

2023-06-21

  • Export Policy Report - Ignore Cyrillic characters (as PanDocs does not support them).

2023-06-20

  • Wipe Device: Support for Protected Wipe

2023-06-19

  • Convert to Shared Mailbox - Dis-/Enable User on conversion and fixed potential issue with missing steps

2023-06-16

  • Add equipment/room/shared mailbox: AAD user object is disabled by default.

2023-06-15

  • Require update of RealmJoin.RunbookHelper to 0.8.1 prevent potential token leakage.

  • New Runbook: Add Viva Engage (Yammer) Community

2023-05-26

  • New Runbook: List/Export all non-compliant devices in Intune and corresponding compliance policies/settings

  • Bugfix: List Admin Users: Some role assignments were not listed

  • Change Exports to use ";" as delimiter and UTF8 file format for all runbooks

2023-05-11

  • Assign Win365: Support long deployment times

  • Convert to shared mailbox: Skip removing on-prem synced groups

2023-04-25

  • New Runbook: Create an Application Registration

2023-03-29

  • List inactive users: Supports listing users that have never logged on.

  • New runbook: List PIM groups without owners

2023-03-28

  • New Runbook: Create a report on a tenant's Intune and Conditional Access Policies

2023-03-23

  • Configure Room Mailboxes: Allows setting Capacity

  • Reprovision and Resize available for Windows 365 management

2023-03-15

  • Added audit logging info to phone runbooks

2023-03-07

  • Teams Phone: Update all user/phone runbook. Update to Teams Module v5. Better error handling.

2023-02-14

  • Update User: Support User Templates, Group Management, PW Reset

2023-02-07

  • New Runbook: Export CloudPC Usage Statistics

2023-02-01

  • New Runbook: Remove Room/Shared/Booking Mailbox

2023-01-31

  • New Feature: Assign/Unassign Windows365 Cloud PCs

2023-01-30

  • New Feature: Manage MS Bookings

  • New Runbook: set-booking-config: Enable Bookings (tenant-wide)

2023-01-13

  • New Runbook: Sync all Intune Devices

2022-12-22

  • Add Autopilot Device: Support assigning (optional) GroupTag

2022-12-02

  • Report SPO Shared Links: Support anon. links

2022-12-01

  • Import a device into Intune via corporate identifier.

  • Add/remove user (from/to group): Support EXO based groups (Distribution Lists and Mail-enabled Sec. Groups)

2022-11-30

  • Add shared mailbox: Option to localize new mailboxes.

2022-11-29

  • Report SPO Shared Links: Support for private channels added

2022-11-28

  • New runbook: Report extern. shared links in all teams to the respective teams owners

2022-11-25

  • Bugfix - List Room Mailbox Config - Could not read config, if room UPN was not the same as primary eMail address

  • Bugfix - Add/Remove eMail Address - Adding an address failed if mailbox has exactly one email address

2022-10-27

  • Isolate Device / Restrict Device Code exec.: Bug fixed, incorrect behavior if device is not yet available in DefenderATP service.

2022-10-20

  • Convert to shared mailbox:

    • Assign EXO E2 License if needed when converting to shared mailbox

    • Assign M365 Lic when converting back to user mailbox

    • Nicer output (UPN vs ID)

    • Remove groups when converting to shared mailbox

2022-10-04

  • All runbooks report their Caller in Verbose output.

1.1.0 (2022-09-19)

2022-09-19

  • List Admin Users: Export Admin-to-Role Overview as CSV (optional)

2022-09-15

  • Add "Check-Autopilot-SerialNumbers" runbook

2022-09-13

  • Add "List Room Mailbox Configuration" runbook

  • "List Admin Users" will list/validate MFA Methods for each admin

  • Reset PW allows to not "force change on next logon"

2022-09-7

  • Add Shared Mailbox: Support Custom Domains

2022-08-02

  • merge Teams Voice Runbook into master branch

  • List mailbox permissions: add support for mail enabled groups as trustee

2022-07-22

  • new runbook: List groups that have license assignment errors

  • "Convert to shared mailbox" will now check for litigation holds, mbox size and archives and inform you if a license is needed.

2022-07-05

  • new runbook: Add/Remove AzureAD group member

2022-06-20

  • new runbook: Assign new AutoPilot GroupTag to a device

2022-06-14

  • Add-User: Will only provision a license of there still licenses available

  • new runbook: Add/Remove Public Folder

  • Add Shared Mailbox: Support for redirecting sent mail

2022-06-08

  • rewriting RBs to have max. one active "Customizing" block per Runbook

    • offboard-user-*

2022-06-03

  • moved all teams phone/voice related runbooks to branch "feature-teamsvoice".

2022-06-01

  • rewriting RBs to have max. one active "Customizing" block per Runbook

    • outphase-device

  • better output and error handling in several runbooks

2022-05-30

  • offboard-user-*:

    • Handle group ownership on offboarding (replace owner)

  • new runbook: List a user's group ownerships

2022-05-25

  • list-inactive-devices:

    • can read now alternatively query by last Intune sync

    • can export to CSV

  • new runbook: list app registrations that are vulnerable to CVE-2021-42306.

2022-05-24

  • list inactive app:

    • Fix - List of apps was truncated

    • Fix - Display AppId if DisplayName is not available

2022-05-20

  • new runbook: List expiring AzureAD / PIM role assignments

2022-05-19

  • new runbook: List/Add/Remove SmartScreen Exclusions (indicators) in MS Security Center

2022-05-16

  • new runbook: Export all Intune devices (to a storage account)

  • Many runbooks: Improve output

  • device wipe and device outphase: Show owner/user UPN for the device

2022-05-12

  • Add User: Supports adding users to Exchange Distr. Lists / mail enabled groups

2022-05-11

  • Offboard user permanently / temporarily: Added support for removing Exchange groups / distr. lists

  • Multiple Runbooks: Use displaynames instead of UIDs in output were possible for better readability

2022-05-06

  • List expiring app credentials: Can limit output to creds about to expire.

  • New Runbook: Report changes to Cond. Access Policies via eMail

    • intended for scheduled execution (daily)

    • needs Send eMail permissions

  • New Runbook: List devices of members (users) in a group

    • Can optionally collect the devices into an AAD group

2022-05-05

  • New Runbooks using MDE / Defender ATP

    • Isolate Device

    • Restrict Code Execution

2022-04-28

  • New Runbook: Convert user mailbox to shared mailbox

  • Fixes to "Add/Remove Group Owner"

    • add owners as members if needed

    • delete owner was broken

2022-04-21

  • New Runbook: Set Room Mailbox Configuration

    Configure BookIn Policy, Auto-acceptance and other settings specific to room resources.

2022-04-20

  • Bugfix: Corrected reporting for SendOnBehalf Mailbox permissions in multiple runbooks

  • Better usernames reporting in user/mail runbooks

2022-04-12

  • new runbook: Archive Team

2022-04-11

  • moved to licensing report v2

  • report "SendAs" and "SendOnBehalf" in List Mailbox Permissions

2022-03-30

  • new runbook: List mailbox permissions

2022-03-23

  • user_security_reset-mfa: Include reset of OATH and FIDO2 methods

1.0.1 (2022-03-10)

  • Office 365 Lic. Reporting v2

    • Merged with 'CloudEconimics' reports intended for PowerBI

2022-02-16

  • New Runbook: Set PAL / Azure Management Partner Link

2022-02-14

  • Split Wipe/Outphase Runbook into two to allow separate roles/defaults

2022-02-09

  • Support to create Distribution Groups as Roomlists

2022-02-02

  • Bugfix - group\general\add-or-remove-owner could break if multiple users have similar display names

1.0.0 (2022-02-01)

  • Official release of Runbook Library for RealmJoin and start of ongoing change tracking.

  • User assignment in org/general/add-autopilot-device hidden by default as Microsoft is not supporting that feature anymore

  • When auto creating UPNs in org/general/add-user German umlauts are automatically transcribed.

  • All runbooks that were using the AzureAD module have been ported to use MS Graph natively

  • Enabling/Disabling devices in Graph is currently limited to Windows devices. (MS limitation)

Last updated

Was this helpful?