mmckinnon/IntunePolicies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add section to build windows update rings

Browse Source
This commit is contained in:
Matthew McKinnon
2025-03-12 23:46:21 +10:00
parent 39b6a1272d
commit 4cd0393a38
2 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ImportPolicies.ps1
View File

@ -50,11 +50,14 @@ $groupBody = @{
membershipRuleProcessingState = "On" membershipRuleProcessingState = "On"
} }
$group = $groupBody.displayname
# Convert the body to JSON # Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10 $groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest # Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json" $null = Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
Write-Host "✅ Successfully created group $group"
# Define the dynamic membership rule # Define the dynamic membership rule
$dynamicRule = '(device.deviceOSVersion -startsWith "10") and (device.deviceOSType -eq "Windows")' $dynamicRule = '(device.deviceOSVersion -startsWith "10") and (device.deviceOSType -eq "Windows")'
@ -70,12 +73,40 @@ $groupBody = @{
membershipRuleProcessingState = "On" membershipRuleProcessingState = "On"
} }
$group = $groupBody.displayname
# Convert the body to JSON # Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10 $groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest # Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json" $null = Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
Write-Host "✅ Successfully created group $group"
# Create Windows Update Ring Policies
# Create a baseline policy using web interface
# Extract the JSON Data to build paramters
# - Get-MgDeviceManagementDeviceConfiguration | Select-Object displayName, id, @{Name="JSON"; Expression={ $_ | ConvertTo-Json -Depth 10 }}
# Get the ID of the policy you created and get the JSON structure
# - Get-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId "<YOUR_POLICY_ID>" | ConvertTo-Json -Depth 10
# Define the update ring configuration with Microsoft product updates enabled
$params = @{
"@odata.type"= "#microsoft.graph.windowsUpdateForBusinessConfiguration"
"displayName"= "Windows 11 Update Ring"
"description"= "Update ring for Windows 11 devices"
"automaticUpdateMode"= "autoInstallAndRebootAtMaintenanceTime"
"qualityUpdatesDeferralPeriodInDays"= 7
"featureUpdatesDeferralPeriodInDays"= 30
"allowMicrosoftUpdate"= $true # Enables updates for Microsoft products
}
$ring = $params.displayName
# Create the update ring policy in Intune
$null = New-MgDeviceManagementDeviceConfiguration -BodyParameter $params
Write-Host "✅ Successfully created group $ring"
$null = Disconnect-Graph -ErrorAction SilentlyContinue $null = Disconnect-Graph -ErrorAction SilentlyContinue

2
policies/LAPS.json
View File

@ -1,6 +1,6 @@
{ {
"name": "Windows LAPS", "name": "Windows LAPS",
"description": "created by ourcloudnetwork.com", "description": "",
"platforms": "windows10", "platforms": "windows10",
"technologies": "mdm", "technologies": "mdm",
"roleScopeTagIds": [ "roleScopeTagIds": [