Skip to content

Releases: robgrame/Intune.DiskGuardian

IntuneDiskGuardian v2.0.0

26 Mar 17:07
@robgrame robgrame
v2.0.0
3eec161

Choose a tag to compare

View all tags
IntuneDiskGuardian v2.0.0 Latest
Latest

🚀 IntuneDiskGuardian v2.0.0 — Proactive Remediations

⚠️ Breaking Change

The solution now uses Intune Proactive Remediations (Device Health Scripts) instead of Custom Compliance Policies. This gives you:

  • Full control over execution frequency — configure the schedule in Intune (hourly, daily, etc.)
  • Queryable detection output — the Worker Service reads the actual JSON output from devices via Graph API
  • Optional auto-remediation — an included script cleans temp files, Windows Update cache, and Recycle Bin
  • Fewer permissions required — no longer needs DeviceManagementManagedDevices.Read.All

📦 Download Packages

Package Contents
IntuneDiskGuardian-WorkerService .NET 10 Worker Service (framework-dependent)
IntuneDiskGuardian-PowerShell PowerShell sync script + Scheduled Task installer
IntuneDiskGuardian-RemediationScripts Detection + Remediation scripts for Intune
IntuneDiskGuardian-LogicApp Azure Logic App Bicep/ARM templates

🔄 Migration from v1.x

  1. Deploy the Proactive Remediation in Intune using the new RemediationScripts/
  2. Note the Health Script ID from the Intune portal or Graph API
  3. Add HealthScriptId and ThresholdGB to your configuration
  4. You can remove the old Custom Compliance Policy from Intune
  5. Update Register-App.ps1 permissions (DeviceManagementManagedDevices.Read.All no longer needed)

🔐 Required Permissions (reduced)

  • DeviceManagementConfiguration.Read.All
  • GroupMember.ReadWrite.All
  • Device.Read.All

Full Changelog

  • Replaced Custom Compliance Policy with Proactive Remediations
  • New: Detect-LowDiskSpace.ps1 (exit code 0/1 + JSON output)
  • New: Remediate-LowDiskSpace.ps1 (cleans temp files, optional)
  • DeviceSyncService queries deviceHealthScripts/{id}/deviceRunStates
  • Parses preRemediationDetectionScriptOutput JSON for threshold comparison
  • New config options: HealthScriptId, ThresholdGB
  • Bidirectional sync retained from v1.2.0
Assets 6
Loading

IntuneDiskGuardian v1.2.0

25 Mar 08:32
@robgrame robgrame
v1.2.0
90eabf8

Choose a tag to compare

View all tags
IntuneDiskGuardian v1.2.0

🔄 IntuneDiskGuardian v1.2.0 — Bidirectional Group Sync

What's New

Bidirectional sync — the automation now keeps the Entra ID group perfectly aligned with the actual compliance state:

  • Non-compliant devices are added to the group (as before)
  • 🔄 Devices that become compliant are automatically removed from the group

This applies to both the .NET Worker Service and the PowerShell script.

📦 Download Packages

Package Contents
IntuneDiskGuardian-WorkerService .NET 10 Worker Service (framework-dependent)
IntuneDiskGuardian-PowerShell PowerShell automation scripts + Scheduled Task installer
IntuneDiskGuardian-CompliancePolicy Intune Custom Compliance detection script + JSON rules
IntuneDiskGuardian-LogicApp Azure Logic App Bicep/ARM templates + Graph permissions script

⚠️ Breaking Changes

None. Drop-in replacement for v1.0.0 — same configuration, same permissions.

Full Changelog

  • Bidirectional sync in \DeviceSyncService.cs\ (.NET) and \Sync-NonCompliantDevices.ps1\ (PowerShell)
  • New \TryRemoveDeviceFromGroupAsync\ method with 404 race-condition handling
  • Updated README with bidirectional sync documentation
Loading

IntuneDiskGuardian v1.0.0

25 Mar 08:08
@robgrame robgrame
v1.0.0
d6f1133

Choose a tag to compare

View all tags
IntuneDiskGuardian v1.0.0

🚀 IntuneDiskGuardian v1.0.0 — Initial Release

Automated solution for Microsoft Intune that detects Windows devices with low disk space, marks them as non-compliant, and adds them to an Entra ID security group.

📦 Download Packages

Package Contents
IntuneDiskGuardian-WorkerService .NET 10 Worker Service (framework-dependent, requires .NET 10 runtime)
IntuneDiskGuardian-PowerShell PowerShell automation scripts + Scheduled Task installer
IntuneDiskGuardian-CompliancePolicy Intune Custom Compliance detection script + JSON rules
IntuneDiskGuardian-LogicApp Azure Logic App Bicep/ARM templates + Graph permissions script

✨ Features

  • Intune Custom Compliance Policy — flags devices with < 25 GB free disk space as non-compliant
  • .NET 10 Worker Service — long-running background service with configurable sync interval
  • PowerShell Scheduled Task — lightweight alternative for on-prem environments
  • Azure Logic App (Bicep) — fully serverless option
  • App Registration script — one-click setup with least-privilege Graph permissions
  • Pagination support — handles large device fleets
  • Duplicate detection — skips devices already in the target group

🔐 Required Permissions

  • DeviceManagementManagedDevices.Read.All
  • DeviceManagementConfiguration.Read.All
  • GroupMember.ReadWrite.All
  • Device.Read.All

📋 Prerequisites

  • .NET 10 Runtime (for Worker Service) or PowerShell 5.1+ (for scripts)
  • Microsoft Graph PowerShell SDK (for app registration)
  • Azure subscription (for Logic App option only)

See README for full deployment instructions.

Loading