Documentation
Installation, configuration and usage guides for TontonTools products. Built for IT teams running SCCM/MECM, Microsoft Intune, Entra ID and Active Directory.
Reference & security
Security & Data Handling
Local-first design, no agent, no server, DPAPI-encrypted credentials. Read this first if you are evaluating TontonTools.
Read documentation →
Licensing
Trial, Subscription, and One-shot models. Machine and tenant binding, offline grace, read-only fallback, and the customer portal.
Read documentation →
Microsoft Graph Permissions
Exact permissions required by each product, App Registration setup, and verification steps.
Read documentation →
SCCM Permissions
Required SCCM permissions for every TontonTools product that touches Configuration Manager. WMI namespace and connection model, built-in role quick-start, least-privilege custom role per tool (DDE, AUC, ADC, CDS, GPDEU, GPUED, SIM).
Read documentation →
Active Directory Permissions
Active Directory permissions for the three tools that touch AD: DDE (direct LDAP), GPDEU and GPUED (Get-ADUser via RSAT). Includes a pedagogical section on why the other seven tools never need AD permissions directly.
Read documentation →
Products by tier
Enterprise
Delete Device Everywhere
Flagship product: remove a device from AD, SCCM, Intune and Entra ID in a single audited operation with rollback snapshots.
Read documentation →
Obsolete Device Management
Find, audit, and remove stale devices from Microsoft Entra ID and Microsoft Intune. Filterable scans by inactivity, OS, compliance, ownership.
Read documentation →
Pro
Duplicate Device Management
Detect and clean duplicate device registrations in Microsoft Entra ID and Microsoft Intune. Automatic KEEP / DELETE recommendation per group, with KEEP-protection prompt.
Read documentation →
Orphan Device Cleaner
Find devices in Entra ID and Intune that belong to no user, to a disabled account, or to an account that no longer exists. Four categories, cross-checked against the live user directory.
Read documentation →
Get Primary Device And Email From User
For a list of usernames, find the primary devices in SCCM and the email addresses in AD. Three input methods, bulk email copy, CSV export.
Read documentation →
Get Primary User And Email From Device
For a list of device names, find the primary users in SCCM and their email addresses in AD. Three input methods, bulk email copy, CSV export.
Read documentation →
Essentials
Add User To Collection
Bulk add users to an SCCM user collection: direct member rules from a file or paste list, include and exclude collection rules, with idempotence and circular-reference safety.
Read documentation →
Add Device To Collection
Bulk add devices to an SCCM device collection: direct member rules from a file or paste list, include and exclude collection rules, with idempotence and circular-reference safety.
Read documentation →
Create Device In SCCM
Pre-stage devices in SCCM before they exist physically. Create records by Computer Name plus SMBIOS GUID or MAC/Serial, with automatic addition to a target collection. Designed for OSD task sequence pre-staging.
Read documentation →
More product guides are published with each release. Need help with a specific scenario? Contact support.