This tool was initially created to learn some C# programming and to better understand the Microsoft Graph API.

...Now fellow workplace engineers have a tool supporting them with powerful automation for various Enterprise Mobility + Security features.

Managing Intune (MEM) and Conditional Access configuration requires a lot of clicking around in the portal. While the author of this tool is daydreaming about of "EM+S" as code the Modern Workplace Concierge automates most of this tasks and provides functionality to import and export configurations. Even across different tenants. So replicating, upating, rolling-back or even migrating you configuration to a new tenant becomes fairly easy.

The Modern Workplace Concierge is open source and proudly presented by Nicola Suter. Made in Switzerland .

View this project on GitHub Report an issue or request a feature Nicola's techblog


The Modern Workplace Concierge needs the following delegated Microsoft Graph permissions:

  • Application.Read.All
  • DeviceManagementApps.ReadWrite.All
  • DeviceManagementConfiguration.ReadWrite.All
  • DeviceManagementRBAC.ReadWrite.All
  • DeviceManagementServiceConfig.ReadWrite.All
  • Group.ReadWrite.All
  • Policy.Read.All
  • Policy.ReadWrite.ConditionalAccess
  • RoleManagement.Read.Directory
  • User.Read
  • User.ReadBasic.All
Microsoft Graph permissions reference

Instance Details

App Configuration

  • TokenEndpoint:
  • Application ID: bfd9b32c-ff73-4e18-a643-78468914e321
  • Redirect URI:
  • Graph Endpoint:
  • Instance: Self-hosted

Azure DevOps CI