chore: add compliance policies

CompliancePolicy.ps1

@@ -0,0 +1,25 @@
+# Connect to Microsoft Graph
+Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All", "Group.ReadWrite.All", "Directory.ReadWrite.All" -NoWelcome
+
+$policies = Get-ChildItem ./policies/compliance
+
+ForEach ($policie in $policies) {
+    $PolicieName = $policie.name
+    
+    $JsonData = Get-Content -Path ./policies/compliance/$PolicieName -Raw
+    $JsonDataUpdated = $JsonData -replace '\$tenantId', $tenantId
+    $PolicyObject = $JsonDataUpdated  | ConvertFrom-Json
+
+    try {
+        $uri = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies"  # Using the beta version
+        $response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10)
+        Write-Host "✅ $PolicieName - successfully imported!"
+        #$response
+    } catch {
+        Write-Error "❌ An error occurred while importing the policy: $_"
+    }
+}
+
+
+# Disconnect from Graph
+$null = Disconnect-Graph -ErrorAction SilentlyContinue

policies/compliance/Win - Compliance - U - Defender for Endpoint.json

@@ -0,0 +1,43 @@
+{
+    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
+    "displayName": "Win - Compliance - U - Defender for Endpoint",
+    "description": null,
+    "passwordRequired": false,
+    "passwordBlockSimple": false,
+    "passwordRequiredToUnlockFromIdle": false,
+    "passwordRequiredType": "deviceDefault",
+    "requireHealthyDeviceReport": false,
+    "earlyLaunchAntiMalwareDriverEnabled": false,
+    "bitLockerEnabled": false,
+    "secureBootEnabled": false,
+    "codeIntegrityEnabled": false,
+    "memoryIntegrityEnabled": false,
+    "kernelDmaProtectionEnabled": false,
+    "virtualizationBasedSecurityEnabled": false,
+    "firmwareProtectionEnabled": false,
+    "storageRequireEncryption": false,
+    "activeFirewallRequired": false,
+    "defenderEnabled": true,
+    "signatureOutOfDate": true,
+    "rtpEnabled": true,
+    "antivirusRequired": false,
+    "antiSpywareRequired": false,
+    "deviceThreatProtectionEnabled": false,
+    "deviceThreatProtectionRequiredSecurityLevel": "unavailable",
+    "configurationManagerComplianceRequired": false,
+    "tpmRequired": false,
+    "validOperatingSystemBuildRanges": [],
+    
+    // Scheduled Actions (MUST be included in the initial policy creation)
+    "scheduledActionsForRule": [
+        {
+            "ruleName": null,
+            "scheduledActionConfigurations": [
+                {
+                    "actionType": "block",
+                    "gracePeriodHours": 6
+                }
+            ]
+        }
+    ]
+}

policies/compliance/Win - Compliance - U - Device Security.json

@@ -0,0 +1,43 @@
+{
+    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
+    "displayName": "Win - Compliance - U - Device Security",
+    "description": null,
+    "passwordRequired": false,
+    "passwordBlockSimple": false,
+    "passwordRequiredToUnlockFromIdle": false,
+    "passwordRequiredType": "deviceDefault",
+    "requireHealthyDeviceReport": false,
+    "earlyLaunchAntiMalwareDriverEnabled": false,
+    "bitLockerEnabled": false,
+    "secureBootEnabled": false,
+    "codeIntegrityEnabled": false,
+    "memoryIntegrityEnabled": false,
+    "kernelDmaProtectionEnabled": false,
+    "virtualizationBasedSecurityEnabled": false,
+    "firmwareProtectionEnabled": false,
+    "storageRequireEncryption": false,
+    "activeFirewallRequired": true,
+    "defenderEnabled": false,
+    "signatureOutOfDate": false,
+    "rtpEnabled": false,
+    "antivirusRequired": true,
+    "antiSpywareRequired": true,
+    "deviceThreatProtectionEnabled": false,
+    "deviceThreatProtectionRequiredSecurityLevel": "unavailable",
+    "configurationManagerComplianceRequired": false,
+    "tpmRequired": true,
+    "validOperatingSystemBuildRanges": [],
+    
+    // Scheduled Actions (MUST be included in the initial policy creation)
+    "scheduledActionsForRule": [
+        {
+            "ruleName": null,
+            "scheduledActionConfigurations": [
+                {
+                    "actionType": "block",
+                    "gracePeriodHours": 6
+                }
+            ]
+        }
+    ]
+}

policies/compliance/Win - Compliance - U - Password.json

@@ -0,0 +1,46 @@
+{
+    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
+    "displayName": "Win - Compliance - U - Password",
+    "description": null,
+    "passwordRequired": true,
+    "passwordBlockSimple": true,
+    "passwordRequiredToUnlockFromIdle": false,
+    "passwordRequiredType": "numeric",
+    "passwordMinimumLength": 8,
+    "passwordExpirationDays": null,
+    "passwordPreviousPasswordBlockCount": null,
+    "passwordMinimumCharacterSetCount": null,
+    "passwordMinutesOfInactivityBeforeLock": 15,
+    "requireHealthyDeviceReport": false,
+    "earlyLaunchAntiMalwareDriverEnabled": false,
+    "bitLockerEnabled": false,
+    "secureBootEnabled": false,
+    "codeIntegrityEnabled": false,
+    "memoryIntegrityEnabled": false,
+    "kernelDmaProtectionEnabled": false,
+    "virtualizationBasedSecurityEnabled": false,
+    "firmwareProtectionEnabled": false,
+    "storageRequireEncryption": false,
+    "activeFirewallRequired": false,
+    "defenderEnabled": false,
+    "signatureOutOfDate": false,
+    "rtpEnabled": false,
+    "antivirusRequired": false,
+    "antiSpywareRequired": false,
+    "deviceThreatProtectionEnabled": false,
+    "deviceThreatProtectionRequiredSecurityLevel": "unavailable",
+    "configurationManagerComplianceRequired": false,
+    "tpmRequired": false,
+    "validOperatingSystemBuildRanges": [],
+    "scheduledActionsForRule": [
+        {
+            "ruleName": "PasswordRequired",
+            "scheduledActionConfigurations": [
+                {
+                    "actionType": "block",
+                    "gracePeriodHours": 0
+                }
+            ]
+        }
+    ]
+}