Intunecd

New Features
- A new argument for retrieving audit data and creating commits based on the user UPN and action has been added. By just including `--audit` when running a backup, IntuneCD will check the Intune audit log for who made the change, set the UPN as the git user and commit the change in that users name. Additionally, if you want to get audit data further back than the default 24h, an env key can be set to the number of days you'd like to grab, `AUDIT_DAYS_BACK`.
Payloads that supports audit checks are:
- Apple Push Notification
- App Configuration
- Apple Enrolment Profiles
- Autopilot profiles
- Applications
- App Protection
- Filters
- Compliance policies
- Settings Catalog
- Custom Attributes
- Device Categories
- Device Management Settings
- Enrolment Configurations
- Custom ADMX template profiles
- Managed Google Play
- Management Intents
- Partner Device Management
- Configuration Profiles
- Notification templates
- Powershell Scripts
- Proactive Remediation
- Remote Assistance Partner
- Roles
- Scope Tags
- Shell Scripts
- VPP tokens
- Windows Driver Updates
- Windows Feature Updates
- Windows Quality Updates

- Example commit message:
<img width="755" alt="icd_audit" src="https://github.com/almenscorner/IntuneCD/assets/78877636/26a96ec2-906d-4508-a9dd-45f627df1f3f">

- Scope Tags is now backed up with the name instead of ID and compared using the name when updating minimising the risk of conflicts between tenants.

- Backup, update and remove custom compliance scripts for Linux and Windows
- Backup, update and remove compliance polices for Linux

Fixes
- Updates of Conditional Access and Roles failed in some cases due to keys that should be removed before performing an update.
- Creating Scope Tags failed due to incorrect response code configured.

Other updates
- Updated unit tests for better coverage.

Notes
Be aware that this update will cause commits in your repo as the scope tags on payloads will change from the ID to the name instead.

If you are planning to use `--audit` and do not want that the last user from the audit log is committing changed to documentation and other files not included in the audit run, make sure to configure your git user and email _after_ IntuneCD has run the backup. Also remove `--global` from the `git config` to make sure it's set locally for the repo.

**Full Changelog**: https://github.com/almenscorner/IntuneCD/compare/v2.1.2...v2.2.0

Beta 1
New features
- A new argument for retrieving audit data and creating commits based on the user UPN and action has been added. By just including `--audit`, IntuneCD will check the Intune audit log for who made the change, set the UPN as the git user and commit the change in that users name. Payloads that supports audit checks are:
- Apple Push Notification
- App Configuration
- Apple Enrolment Profiles
- Autopilot profiles
- Applications
- App Protection
- Filters
- Compliance policies
- Settings Catalog
- Custom Attributes
- Device Categories
- Device Management Settings
- Enrolment Configurations
- Custom ADMX template profiles
- Managed Google Play
- Management Intents
- Partner Device Management
- Configuration Profiles
- Notification templates
- Powershell Scripts
- Proactive Remediation
- Remote Assistance Partner
- Roles
- Scope Tags
- Shell Scripts
- VPP tokens
- Windows Driver Updates
- Windows Feature Updates
- Windows Quality Updates

Example of a commit message made by IntuneCD in the users name: `Updated by admincontoso.com on 2024-02-24T14:22:15.197621Z, change type: Patch, result: Success`

<img width="1669" alt="Screenshot_2024-02-23_at_14_23_212" src="https://github.com/almenscorner/IntuneCD/assets/78877636/c227300e-f34a-44ea-a90e-b6a0d3e982f7">

Beta 2
Fixes
- Configure git user email and set scope to repository

Beta 3
New Features
- Scope Tags is now backed up with the name instead of ID and compared using the name when updating minimising the risk of conflicts between tenants.

Other updates
- Audit data is now fetched in bulk for each payload type instead of per config improving run speed.

Beta 4
New Features
- Configure how long back to check for audit data by configuring the ENV variable `AUDIT_DAYS_BACK` to an int the number of days you'd like to get. Default is 24h.

Fixes
- Scope tags are now backed up for Applications and Filters.

Other updates
- Commit messages for `--audit` has been cleaned up a bit and includes line breaks.

Beta 5
Fixes
- Scope tags were not processed when creating a policy.
- Scope tag for notification template was incorrectly set to None.

Beta 6
Fixes
- Include scope tags on ESP updates.
- Remove additional keys before updating Conditional Access and Roles which otherwise caused the update to fail.

Other updates
- Audit Resource Type is now included in the commit message.

Beta 7
New Features
- Backup, update and remove custom compliance scripts
- Backup, update and remove Linux compliance policies and custom compliance scripts

Added
- A new environment variable, `DOCUMENTATION_MAX_LENGTH`, has been added to configure the max string length in the documentation which can improve the time it takes to generate the HTML
Updates
- IntuneCD has been bumped to 2.3.6
- Time out settings for backup has been changed to allow for larger environments to complete backup and documentation

**Full Changelog**: https://github.com/almenscorner/intunecd-monitor/compare/v2.1.2...v2.1.3

Enhancements
- IntuneCD bumped to 2.3.3

New features
- Exclusion of Compliance Partner heartbeat: `-e CompliancePartnerHeartbeat`.
Other updates
- Additional tweaks to batch request retries, max retry count is increased to 10 and an exponential backoff has been implemented. If `Retry-After` is included in the headers, the wait time will be multiplied on each iteration until the `max_wait_time` is reached which is 60 seconds.

New features
- New argument for `IntuneCD-startbackup` and `IntuneCD-startupdate`, added `-v` to allow for verbose logging. For now, only the `batch_request` function is using it.
Fixes
- Non encrypted OMAs on custom Windows profiles were not included in the backup when running without `--ignore-omasettings`.
- Additional retries has been added to the batching (5 maximum), additionally, if a `Retry-After` is not included in the headers a 20 second wait is used bu default to lower the risk of being throttled again.