tontontools.

Release Notes

Duplicate Device Management — Changelog

Version history for Duplicate Device Management. Entries follow the Keep a Changelog convention with four groups: Added, Changed, Fixed, Security.

v1.0.0

Released January 2026released

Initial public release of Duplicate Device Management. The product is sold in the Pro tier of the TontonTools suite. A 14-day free trial is available without a credit card.

Added

  • Detection of duplicate device registrations in Microsoft Entra ID and Microsoft Intune. Devices sharing the same name (case-insensitive) are grouped together and presented for cleanup.
  • Automatic KEEP / DELETE recommendation per duplicate group: the most recently active device in each group is suggested as KEEP, the older duplicates are suggested as DELETE. Activity is judged from the Entra ID approximateLastSignInDateTime and the Intune lastSyncDateTime, whichever is more recent per device.
  • KEEP-protection prompt: attempting to delete the device flagged as KEEP triggers an explicit confirmation dialog explaining that the operator is overriding the algorithm. This guard prevents accidental deletion of the active device in a group.
  • Group-toggle feature on KEEP rows: clicking the checkbox on a KEEP row selects or deselects the entire duplicate group at once — useful for bulk decisions on groups where the operator wants to keep all rows for manual review.
  • Per-group recommendation reason: each row carries a short text explaining why it was classified KEEP or DELETE (more recent sync, only active member, etc.). The reason is visible in the result grid and in the device details dialog.
  • Multi-criteria filtering on top of the duplicate detection: OS family, compliance status, ownership, trust type, join type. Filtering does not alter the duplicate groups — it narrows the visible set within each group.
  • Bulk safe-delete with explicit irreversible confirmation. Skip-on-failure behavior with aggregated success/failure counts per group and overall.
  • Device details dialog with a coloured banner reflecting the recommendation (green for KEEP, red for DELETE), the recommendation reason, and full identity / status / dates / all-properties tabs.
  • CSV export of the filtered result grid for audit trail or external analysis.
  • Microsoft Graph authentication via the unified TontonTools credentials dialog: Client Secret, Certificate (JWT client assertion), or Interactive with PKCE.
  • CMTrace-compatible activity log written to C:\TEMP\DuplicateDeviceMgmt.log.
  • DPAPI-encrypted credential storage shared across the suite at %AppData%\TontonTools\credentials.dat.
  • Read-only fallback mode in license grace period: destructive operations disabled, diagnostic surfaces remain available.

Security

  • No agent installed on managed endpoints — the product only communicates with Microsoft Graph (graph.microsoft.com).
  • No telemetry, no cloud backend, no third-party analytics.
  • TLS 1.2 enforced on every Graph and license API request.
  • PKCE used in Interactive auth mode with a loopback redirect URI on a randomly selected free port — no client secret stored in this mode.

Related documentation