Leveraging CIPP templates with Configuration as Code for Microsoft Intune

Saturday, Feb 22, 2025 | 2 minute read

Linus Salomonsson

Are you looking for a better way to manage Intune across multiple tenants?

THE DESPAIR

Maintaining Intune for multi-tenant environments with a baseline standard, is a pain point I do not enjoy. Having to update the same configuration across 50+ tenants and making changes manually is incredibly time-consuming and inefficient.

At the time, we were using CIPP for our Microsoft 365 Management, so we utilized their ability to create a template from a policy. However, deploying this template to each tenant was still somewhat time-consuming. I wanted to automate this process to remove inefficiencies and in August 2024, CIPP released an update that allowed us to use a tenant as a template library, and that sparked an idea…

THE IDEA

My idea and thought process was the following: since we were already deploying Intune configurations with a PowerShell script I had created, I wanted to use those same principles to create a workflow where newly added or updated configurations would be pushed to our template tenant. I started looking into Configuration as Code for Intune and decided to set up a CI/CD pipeline with Azure DevOps.

THE FINAL RESULT

In the end, after the CI/CD pipeline was set up and tested, we could now seamlessly use our template tenant in CIPP. In CIPP, we are using the standards deployment to push our templates to the tenants. This allows us to have a Desired State Configuration for all our customers that use Intune.

The flow looks like the following:

  • Push change to template tenant
  • CIPP copies the policies every 4 hours
  • CIPP runs our standards every 3 hours
  • Policy is applied to tenant

This deployment has saved us many hours and it ensures us that we have consistent configurations across all our clients.

I have posted the configuration-as-code script alongside example files for intune policies and the configuration file for the CI/CD pipeline. You can find it on my Github .

I would like to thank Kelvin, the contributors and the team at CIPP for creating this awesome tool. If you’re an MSP, you should try it out! It’s open source and free!

Previous page Why Are You Running... Manual RDS Certificate Renewals? Automate It!
Next page Entra Private Access - Automatic Network Detection

© 2025 daeio

🌱 Powered by Hugo with theme Dream.

Welcome to my personal archive of scripts, solutions, and learning notes. Feel free to explore and use these resources at your own risk, as I am not responsible for any data loss.

whoami

Hi, my name is Linus Salomonsson.

Currently I am working as a Solutions Architect for Future IT Partner and my main focus is helping customers with their journey to the cloud.

You can contact me using the social links to the right.