Very good: clever innovative idea, well laid-out and associated code quality appears very good.

Hi Ondrej, Thanks for you published work, I've found it very useful so far. I've chosen to use MSAL.PS to acquire a header, alongside a self-signed certificate, rather than the hard-coded secret. Regardless of that: many people have environments large enough that their token will expire. Can you suggest a simple method of handling token refresh when calling your functions to avoid such scenarios? Many thanks, Stevie For those interested in using MSAL.PS and certs instead of New-IntuneAuthHeader: generate a self-signed certificate key-pair on your computer add its public key to the App Reg you created as documented by Ondrej install the MSAL.PS module use Get-MsalToken to acquire a token # store your thumbprint $thumbprint = <your certificate's thumbprint> # this is visible in your registered app's Credentials and Secrets section once it has been added # store the path to your private key based on the thumbprint $path = "Cert:\CurrentUser\My\" + $thumbprint # set a hashtable for the connection parameters $connectionDetails = @{ 'TenantId' = <your tenant Id> 'ClientId' = <your app's client ID> 'ClientCertificate' = Get-Item -Path $path } $token = Get-MsalToken @connectionDetails # create an auth header from that token $header = @{ 'Authorization' = $token.CreateAuthorizationHeader() } you can now use the above $header when calling either of Ondrej's awesome functions.