mmckinnon/IntunePolicies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add section to build windows update rings

Browse Source
This commit is contained in:
Matthew McKinnon
2025-03-12 23:46:21 +10:00
parent 39b6a1272d
commit 4cd0393a38
2 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ImportPolicies.ps1
View File

@ -50,11 +50,14 @@ $groupBody = @{
membershipRuleProcessingState = "On"
}
$group = $groupBody.displayname
# Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
$null = Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
Write-Host "✅ Successfully created group $group"
# Define the dynamic membership rule
$dynamicRule = '(device.deviceOSVersion -startsWith "10") and (device.deviceOSType -eq "Windows")'
@ -70,12 +73,40 @@ $groupBody = @{
membershipRuleProcessingState = "On"
}
$group = $groupBody.displayname
# Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
$null = Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
Write-Host "✅ Successfully created group $group"
# Create Windows Update Ring Policies
# Create a baseline policy using web interface
# Extract the JSON Data to build paramters
# - Get-MgDeviceManagementDeviceConfiguration | Select-Object displayName, id, @{Name="JSON"; Expression={ $_ | ConvertTo-Json -Depth 10 }}
# Get the ID of the policy you created and get the JSON structure
# - Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId "<YOUR_POLICY_ID>" | ConvertTo-Json -Depth 10
# Define the update ring configuration with Microsoft product updates enabled
$params = @{
"@odata.type"= "#microsoft.graph.windowsUpdateForBusinessConfiguration"
"displayName"= "Windows 11 Update Ring"
"description"= "Update ring for Windows 11 devices"
"automaticUpdateMode"= "autoInstallAndRebootAtMaintenanceTime"
"qualityUpdatesDeferralPeriodInDays"= 7
"featureUpdatesDeferralPeriodInDays"= 30
"allowMicrosoftUpdate"= $true # Enables updates for Microsoft products
}
$ring = $params.displayName
# Create the update ring policy in Intune
$null = New-MgDeviceManagementDeviceConfiguration -BodyParameter $params
Write-Host "✅ Successfully created group $ring"
$null = Disconnect-Graph -ErrorAction SilentlyContinue