Intunecd

Fixes
- Audit data was not included for Applications and Management Intents as the path was incorrect when running `git add`.

Improvements
- Improvements to verbose output when `git commit` fails during audit processing.

New Features
- Added a new argument `--token` which lets you pass an authentication token during run time. This allows for use of other authentications methods such as Workload Identity federation in Azure DevOps pipelines.
Improvements
- To ensure seamless updates and creation of configurations, dependent elements such as scope tags, filters, and notification templates are now created beforehand.
- Compliance policy creation and updates now include a verification step to ensure the existence of notification templates by matching their names.
- Backup of a compliance policy now includes the name of the notification template used, enhancing the processing in update scenarios.
- Message template `isDefault` value is now updated if they do not match.
- Logging output has been updated to be consistent between update and backup runs as well as to provide more useful information.
- Assignments is no longer updated on configurations being created if the `--update-assignment` argument is not used.
- The accuracy of the diff output has been improved to ensure all changes are correctly reflected in the diff summary.
- When using `--split` during documentation, index.md no longer includes known files such as README, index and prod-as-built. Additionally, the index file now sorts the list alphabetically.
Other Updates
Codebase Refactoring
In this release, IntuneCD has undergone a significant refactoring of the codebase to adopt a class inheritance structure. This architectural change was implemented to enhance the maintainability, scalability, and extensibility.

Why the Refactoring Was Necessary:

Previously, the codebase utilized a more procedural approach, which led to code duplication, difficulty in making changes, and a lack of consistency across modules. As the complexity of IntuneCD grew, it became clear that a more structured and modular approach was needed to facilitate ongoing development and maintenance.

Benefits of the Refactoring:

- **Improved Code Organization:** Organizing functionality into classes and leveraging inheritance enhances codebase logic and readability.
- **Enhanced Readability and Understandability:** Code reuse and encapsulation promote concise and readable code.
- **Scalability and Extensibility:** IntuneCD is better prepared for future feature additions and changes.

Impact on Users:
No significant impact is expected on current setups, except for additional commits during backup.

Next Steps:

Impact of these refactoring changes will be monitored and feedback gathered from users to further refine and optimize IntuneCD.

**Full Changelog**: https://github.com/almenscorner/IntuneCD/compare/v2.2.0...v2.3.0

New Features
- Added a new argument `--token` which lets you pass an authentication token during run time.
Improvements
- To ensure seamless updates and creation of configurations, dependent elements such as scope tags, filters, and notification templates are now created beforehand.
- Compliance policy creation and updates now include a verification step to ensure the existence of notification templates by matching their names.
- Backup of a compliance policy now includes the name of the notification template used, enhancing the processing in update scenarios.
- Message template `isDefault` value is now updated if they do not match.
Other Updates
- The codebase has undergone a significant refactoring to adopt a class inheritance structure. Backup and update modules now share a base class, leading to more maintainable code and a standardized template for future configuration additions.
- The accuracy of the diff output has been improved to ensure all changes are correctly reflected in the diff summary.

New Features
- A new argument for retrieving audit data and creating commits based on the user UPN and action has been added. By just including `--audit` when running a backup, IntuneCD will check the Intune audit log for who made the change, set the UPN as the git user and commit the change in that users name. Additionally, if you want to get audit data further back than the default 24h, an env key can be set to the number of days you'd like to grab, `AUDIT_DAYS_BACK`.
Payloads that supports audit checks are:
- Apple Push Notification
- App Configuration
- Apple Enrolment Profiles
- Autopilot profiles
- Applications
- App Protection
- Filters
- Compliance policies
- Settings Catalog
- Custom Attributes
- Device Categories
- Device Management Settings
- Enrolment Configurations
- Custom ADMX template profiles
- Managed Google Play
- Management Intents
- Partner Device Management
- Configuration Profiles
- Notification templates
- Powershell Scripts
- Proactive Remediation
- Remote Assistance Partner
- Roles
- Scope Tags
- Shell Scripts
- VPP tokens
- Windows Driver Updates
- Windows Feature Updates
- Windows Quality Updates

- Example commit message:
<img width="755" alt="icd_audit" src="https://github.com/almenscorner/IntuneCD/assets/78877636/26a96ec2-906d-4508-a9dd-45f627df1f3f">

- Scope Tags is now backed up with the name instead of ID and compared using the name when updating minimising the risk of conflicts between tenants.

- Backup, update and remove custom compliance scripts for Linux and Windows
- Backup, update and remove compliance polices for Linux

Fixes
- Updates of Conditional Access and Roles failed in some cases due to keys that should be removed before performing an update.
- Creating Scope Tags failed due to incorrect response code configured.

Other updates
- Updated unit tests for better coverage.

Notes
Be aware that this update will cause commits in your repo as the scope tags on payloads will change from the ID to the name instead.

If you are planning to use `--audit` and do not want that the last user from the audit log is committing changed to documentation and other files not included in the audit run, make sure to configure your git user and email _after_ IntuneCD has run the backup. Also remove `--global` from the `git config` to make sure it's set locally for the repo.

**Full Changelog**: https://github.com/almenscorner/IntuneCD/compare/v2.1.2...v2.2.0

Beta 1
New features
- A new argument for retrieving audit data and creating commits based on the user UPN and action has been added. By just including `--audit`, IntuneCD will check the Intune audit log for who made the change, set the UPN as the git user and commit the change in that users name. Payloads that supports audit checks are:
- Apple Push Notification
- App Configuration
- Apple Enrolment Profiles
- Autopilot profiles
- Applications
- App Protection
- Filters
- Compliance policies
- Settings Catalog
- Custom Attributes
- Device Categories
- Device Management Settings
- Enrolment Configurations
- Custom ADMX template profiles
- Managed Google Play
- Management Intents
- Partner Device Management
- Configuration Profiles
- Notification templates
- Powershell Scripts
- Proactive Remediation
- Remote Assistance Partner
- Roles
- Scope Tags
- Shell Scripts
- VPP tokens
- Windows Driver Updates
- Windows Feature Updates
- Windows Quality Updates

Example of a commit message made by IntuneCD in the users name: `Updated by admincontoso.com on 2024-02-24T14:22:15.197621Z, change type: Patch, result: Success`

<img width="1669" alt="Screenshot_2024-02-23_at_14_23_212" src="https://github.com/almenscorner/IntuneCD/assets/78877636/c227300e-f34a-44ea-a90e-b6a0d3e982f7">

Beta 2
Fixes
- Configure git user email and set scope to repository

Beta 3
New Features
- Scope Tags is now backed up with the name instead of ID and compared using the name when updating minimising the risk of conflicts between tenants.

Other updates
- Audit data is now fetched in bulk for each payload type instead of per config improving run speed.

Beta 4
New Features
- Configure how long back to check for audit data by configuring the ENV variable `AUDIT_DAYS_BACK` to an int the number of days you'd like to get. Default is 24h.

Fixes
- Scope tags are now backed up for Applications and Filters.

Other updates
- Commit messages for `--audit` has been cleaned up a bit and includes line breaks.

Beta 5
Fixes
- Scope tags were not processed when creating a policy.
- Scope tag for notification template was incorrectly set to None.

Beta 6
Fixes
- Include scope tags on ESP updates.
- Remove additional keys before updating Conditional Access and Roles which otherwise caused the update to fail.

Other updates
- Audit Resource Type is now included in the commit message.

Beta 7
New Features
- Backup, update and remove custom compliance scripts
- Backup, update and remove Linux compliance policies and custom compliance scripts

Enhancements
- IntuneCD bumped to 2.3.3