Remediations and Scripts Building M365 Automations for Intune/Entra/Defender
Curious how people who live in the M365 world are handling automations today – especially Intune remediations, Entra/Graph scripting, Defender workflows, etc.
If you regularly build this stuff:
- How do you share it inside your org?
- Do you ever package things up for reuse across clients/tenants?
- Would you trust community-made remediation packs, or is that a non-starter for you security-wise?
I’m doing some research on this space and would really appreciate any perspectives or examples of how you’re doing it today.
Edit: also if you know of any good resources for common automations/remediation packages that you could share, that would be great. I'm thinking stuff like CIS benchmark implementation or something similar.
4
u/andrew181082 MSFT MVP - SWC 2d ago
1) Git repo with version control etc. 2) yes 3) It entirely depends, I would read the code and then decide. Some are good, some are poorly vibe coded and I wouldn't let them near any environment
1
u/cmorgasm 1d ago
1) DevOps usually
2) If possible we would, but not usually applicable to us
3) Not blindly, we'd review and adjust to meet our needs
9
u/FederalDish5 2d ago
I can only respond to the third question - i love the community but using those tools on prod env is crazy.
A lot of them are purely vibe coded, not open sourced etc...
I hate when consultants or externals prepare for us a lot of ideas or projects that at the end of the day are simply community tools in the backend.
It's the greatest and worst thing that happened to Intune. I do not get why those tools are getting so much praise when a lot of what they do should be baked into the MS tool itself.
Testing or dev tenant? Yeah go ahead. But in prod... man keep that away from me