intune-drift-sentrylisted

Detect and explain Microsoft Intune configuration drift between two exported snapshots, classify each change by risk, and generate a rollback plan that restores the baseline. Use to give Intune the "undo button" it lacks, to review what changed since a known-good export, or in a config-as-code pipeline on every change. Read-only and offline.
aharwelik/intune-drift-sentry · ★ 0 · Code & Development · score 70

Install: claude install-skill aharwelik/intune-drift-sentry

# Intune Drift Sentry Use this skill to compare an Intune baseline snapshot against the current state, explain the drift in policy terms, and produce a concrete rollback plan. This is the missing "undo button": the Intune audit log records that a profile changed, but not the previous value or how to put it back. Diffing two exports does. ## When to use - After an incident or an unexpected behavior change, to see what drifted from the last known-good baseline. - In a configuration-as-code pipeline: commit a baseline export, then diff each new export against it on every change. - Before accepting a set of admin-center edits, to understand and bound them. ## Inputs `$ARGUMENTS` should be two paths: the baseline snapshot, then the current snapshot. Both use the export schema in the README. If only one is available, ask the user for the other; do not fabricate a baseline. ## Workflow 1. Run the diff and show the evidence: ```bash python -m driftsentry diff <baseline.json> <current.json> --rollback ``` 2. Walk the user through the drift, highest severity first. Call out every change tagged `[security]` and every assignment widened to allDevices or allUsers; these are the changes most likely to matter. 3. Present the generated rollback plan as the proposed remediation. Each change has exactly one reverse step. 4. If the user wants a certifiable change record, emit a proof-carrying-ops receipt and verify it: ```bash python -m driftsentry diff <ba