Intune & Entra ID Management Tool

A comprehensive Windows desktop GUI application for managing Microsoft Intune devices and Entra ID groups

Download Now Learn More
v1.0 Windows 10/11 | PowerShell 7+
IntuneStuff Interface

Powerful Features

🖥️

Device Management

Powerful device cleanup operations with enterprise-grade safety controls. Perform delete, retire, and wipe actions on non-compliant Intune-managed devices while protecting your critical infrastructure.

  • Advanced Filtering: Filter by compliance state, OS type, owner type, and last sync age
  • 30-Day Safety Guard: Automatically prevents deletion of devices synced within the last 30 days
  • Dry-Run Preview: See exactly what will happen before executing any destructive action
  • Hybrid Protection: Automatically excludes hybrid-joined devices from removal operations
  • Three Actions: Delete (remove from Intune), Retire (remove company data), or Wipe (factory reset)
  • Bulk Operations: Process multiple devices efficiently with real-time progress tracking
📁

Group Management

Streamline Entra ID group cleanup and organization with intelligent search capabilities and bulk operations. Perfect for maintaining a clean tenant after migrations or reorganizations.

  • Find Empty Groups: Instantly locate all groups with zero members to clean up unused groups
  • Pattern Matching: Three search modes - Regex (advanced patterns), Contains (partial match), and Starts With (prefix match)
  • Bulk Rename: Rename multiple groups at once with search/replace functionality and live preview
  • 30-Day Recovery: Deleted groups remain in Entra ID recycle bin for 30 days, allowing easy restoration if needed
  • Group Details: View member count, group types, and sync status at a glance
  • Safe Deletion: Remove multiple groups simultaneously with confirmation dialogs
📊

Real-time Logging

Professional terminal-style log viewer provides complete transparency into every operation. See exactly what the tool is doing with color-coded, auto-updating logs showing all Microsoft Graph API calls and responses.

  • Live Updates: Watch operations progress in real-time with auto-scrolling terminal output
  • Color-Coded Output: Cyan for info, Yellow for API calls, Green for success, Red for errors, Gray for summaries
  • Full API Transparency: Every Graph API call is logged with exact cmdlet names and parameters
  • Device ID Mapping: Shows both Intune Device ID and Entra Object ID for complete traceability
  • Operation Summaries: Detailed success/failure counts after each bulk operation
  • Export Capability: Export device and group lists to CSV for reporting and documentation
🔒

Security & Safety

Enterprise-grade safety mechanisms prevent accidental data loss. Multiple confirmation layers and intelligent safeguards ensure you maintain full control over destructive operations.

  • Case-Sensitive Confirmations: Must type exact confirmation text (case-sensitive) to proceed with deletions
  • 3-Attempt Retry Logic: Three chances to enter correct confirmation before operation cancels
  • Mandatory Dry-Run: Preview-only mode is always enabled by default for device operations
  • Hybrid-Joined Protection: Hybrid Azure AD joined devices are automatically excluded and never removed
  • Entra ID Integration: Uses Microsoft Graph with proper permissions - no direct database access
  • Error Handling: Comprehensive try-catch blocks with detailed error messages for troubleshooting

See It In Action

Get a preview of the IntuneStuff Management Tool interface

IntuneStuff Initialization Progress

Initialization Progress

Automatic module installation and dependency verification

Device Management Tab

Device Management

Filter non-compliant devices with advanced compliance filters

Group Management Tab

Group Management

Find empty groups with pattern matching and bulk operations

Download IntuneStuff

📥 IntuneStuff v1.0

Main PowerShell script with GUI

Download Script (.ps1)

Size: ~70 KB | Last updated: October 2025

🎨 IntuneStuff Logo

Branding logo (optional - use your own!)

Download Logo (.png)

You can replace this with your own company logo for branding

💡 Branding Tip: Replace IntuneStuffLogo.png with your own company logo! Just save your logo with the same filename and place it in the same folder as the script.

Quick Start Guide

1

System Requirements

  • Windows 10/11 or Windows Server 2016+
  • PowerShell 7+
  • .NET Framework 4.7.2+
2

Download Files

Download the PowerShell script and optionally download the logo (or use your own):

  • IntuneEntraManagementTool.ps1 (required)
  • IntuneStuffLogo.png or your company logo (optional)

Both files should be in the same folder.

3

Install Visual Studio Code (Recommended)

⚠️ Important: For the best experience, we recommend using Visual Studio Code instead of native PowerShell. VSCode provides better error messages, integrated terminal, and debugging capabilities.

📥 Download VS Code (Free)

After installing VSCode, install the PowerShell extension from the Extensions marketplace.

4

Set Execution Policy

Open PowerShell 7 (or VSCode terminal) as Administrator and run:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
5

Run the Tool

Using VSCode (Recommended):

  1. Open the folder containing IntuneEntraManagementTool.ps1 in VSCode
  2. Right-click the file and select "Run with PowerShell"
  3. Or press F5 to run with debugging enabled

Using Native PowerShell:

Right-click on IntuneEntraManagementTool.ps1 and select "Run with PowerShell"

💡 The tool will automatically install required modules on first run (3-5 minutes).

📦 Modules & Dependencies

Complete transparency on what gets installed automatically when you run IntuneStuff for the first time:

Microsoft.Graph.Authentication

Handles secure authentication to Microsoft Graph API and manages tenant connections

  • Provides the Connect-MgGraph cmdlet
  • Manages authentication tokens and sessions
  • Supports interactive login, device code flow, and embedded web view

Source: PowerShell Gallery

Microsoft.Graph.DeviceManagement

Enables reading and managing Intune-managed devices through Microsoft Graph

  • Provides the Get-MgDeviceManagementManagedDevice cmdlet
  • Retrieves device details, compliance status, and sync timestamps
  • Filters devices by operating system, owner type, and compliance state

Source: PowerShell Gallery

Microsoft.Graph.DeviceManagement.Actions

Provides privileged device management operations like delete, retire, and wipe

  • Provides Remove-MgDeviceManagementManagedDevice cmdlet
  • Enables Invoke-MgRetireDeviceManagementManagedDevice cmdlet
  • Enables Invoke-MgWipeDeviceManagementManagedDevice cmdlet

Source: PowerShell Gallery

Microsoft.Graph.Identity.DirectoryManagement

Manages Entra ID groups and directory objects

  • Provides Get-MgGroup and Remove-MgGroup cmdlets
  • Enables Update-MgGroup for group renaming operations
  • Retrieves group membership counts and properties

Source: PowerShell Gallery

🔧 Installation Process

When does installation happen?

The first time you run IntuneStuff, it checks if these modules are already installed on your system. If they're missing, it automatically installs them from the official PowerShell Gallery.

Installation Location:

Modules are installed to your user profile using -Scope CurrentUser, so Administrator privileges are not required for module installation.

Time Required:

First run: 3-5 minutes to download and install all modules
Subsequent runs: Instant (modules are already installed)

Can I pre-install them myself?

Yes! If you prefer to install the modules manually before running the tool, open PowerShell and run:

Install-Module Microsoft.Graph.Authentication, Microsoft.Graph.DeviceManagement, Microsoft.Graph.DeviceManagement.Actions, Microsoft.Graph.Identity.DirectoryManagement -Scope CurrentUser

🔒 Security Note: All modules are official Microsoft packages downloaded from the trusted PowerShell Gallery repository. IntuneStuff does not install any third-party or custom modules.

Required Permissions

IntuneStuff uses Microsoft Graph API. On first connection, you'll be prompted to grant these permissions:

Device Management

  • DeviceManagementManagedDevices.ReadWrite.All
  • DeviceManagementManagedDevices.PrivilegedOperations.All

Entra ID Devices

  • Device.ReadWrite.All

Group Management

  • Group.ReadWrite.All
  • GroupMember.Read.All

✅ Simply click "Accept" in the consent dialog when prompted. This is a one-time setup per tenant.

Share Your Feedback