tontontools.

Release Notes

Obsolete Device Management — Changelog

Version history for Obsolete Device Management. Entries follow the Keep a Changelog convention with four groups: Added, Changed, Fixed, Security.

v1.0.0

Released January 2026released

Initial public release of Obsolete Device Management. The product is sold in the Enterprise tier of the TontonTools suite. A 14-day free trial is available without a credit card.

Added

  • Cloud-directory cleanup for stale devices in Microsoft Entra ID and Microsoft Intune. Scan, audit, filter, and remove devices that have not signed in or synced for a configurable inactivity threshold.
  • Configurable inactivity threshold expressed in days, applied to the Intune lastSyncDateTime and the Entra ID approximateLastSignInDateTime properties. The threshold is set per scan and is not persisted between sessions.
  • Multi-criteria filtering on top of the inactivity scan: OS family (Windows, macOS, iOS, Android, Linux), compliance status, ownership (corporate vs personal), trust type and join type for Entra ID devices.
  • Bulk safe-delete with explicit confirmation: select multiple devices in the result grid, click Delete Selected, confirm the irreversible operation in a separate dialog. Skip-on-failure behavior with aggregated success/failure counts.
  • Device details dialog accessible via double-click on any row: four tabs covering Identity, Status (compliance + management + ownership), Dates (last sign-in, last sync, days inactive with colour coding), and All Properties (formatted text dump suitable for copy-paste into a ticket).
  • CSV export of the filtered result grid for review, audit trail, or further analysis in Excel.
  • Microsoft Graph authentication via the unified TontonTools credentials dialog: Client Secret, Certificate (JWT client assertion, recommended for production), or Interactive with PKCE.
  • CMTrace-compatible activity log written to C:\TEMP\ObsoleteDeviceManagement.log with timestamp, executing Windows user, severity, and verbatim Graph response per entry.
  • DPAPI-encrypted credential storage (CurrentUser scope) at %AppData%\TontonTools\credentials.dat — shared across all TontonTools products on the same Windows user profile.
  • Read-only fallback mode when the license enters its 7-day grace period: destructive operations are disabled, diagnostic and read-only surfaces remain available.

Security

  • No agent installed on managed endpoints — the product only communicates with the administrator workstation and Microsoft Graph (graph.microsoft.com).
  • No telemetry, no cloud backend, no third-party analytics. The only outbound connection to TontonTools infrastructure is the periodic license validation request.
  • TLS 1.2 enforced on every Graph and license API request.
  • PKCE (RFC 7636) used in Interactive auth mode with a loopback redirect URI on a randomly selected free port — no client secret stored in this mode.

Related documentation