diff --git a/FormatPolicies.ps1 b/FormatPolicies.ps1 index 9432885..ca449bd 100644 --- a/FormatPolicies.ps1 +++ b/FormatPolicies.ps1 @@ -17,7 +17,7 @@ $JsonObject = $JsonData | ConvertFrom-Json $FormattedJson = $JsonObject | ConvertTo-Json -Depth 10 # Write the formatted JSON string to the output file -Set-Content -Path $output -Value $FormattedJson +Set-Content -Path $export -Value $FormattedJson remove-item $jsonfile -Force -Verbose diff --git a/ImportPolicies.ps1 b/ImportPolicies.ps1 index 80545aa..4972de7 100644 --- a/ImportPolicies.ps1 +++ b/ImportPolicies.ps1 @@ -1,5 +1,5 @@ # Connect to Microsoft Graph -Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All" -NoWelcome +Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All", "Group.ReadWrite.All", "Directory.ReadWrite.All" -NoWelcome # Get Tenant ID $tenant = Get-MgOrganization @@ -16,7 +16,7 @@ ForEach ($policie in $policies) { try { $uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" # Using the beta version - $response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10) + # $response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10) Write-Host "✅ $PolicieName - successfully imported!" #$response } catch { @@ -25,4 +25,25 @@ ForEach ($policie in $policies) { } -$null = Disconnect-Graph -ErrorAction SilentlyContinue +# Define the dynamic membership rule +$dynamicRule = '(device.deviceOSType -eq "Windows") and (device.accountEnabled -eq true) and (device.managementType -eq "MDM")' + + +# Create the security group with dynamic membership +$groupBody = @{ + displayName = "Intune - All Windows Workstations Dynamic Membership" + mailEnabled = $false + mailNickname = "IntuneWindowsDevices" + securityEnabled = $true + groupTypes = @("DynamicMembership") + membershipRule = $dynamicRule + membershipRuleProcessingState = "On" +} + +# Convert the body to JSON +$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10 + +# Create the group using Invoke-MgGraphRequest +Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json" + +$null = Disconnect-Graph -ErrorAction SilentlyContinue \ No newline at end of file diff --git a/policies/defender.json b/policies/defender.json new file mode 100644 index 0000000..371a743 --- /dev/null +++ b/policies/defender.json @@ -0,0 +1,375 @@ +{ + "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/configurationPolicies/$entity", + "createdDateTime": "2025-03-06T02:21:32.5455032Z", + "creationSource": null, + "description": "", + "lastModifiedDateTime": "2025-03-06T02:23:54.9051226Z", + "name": "Defender", + "platforms": "windows10", + "priorityMetaData": null, + "roleScopeTagIds": [ + "0" + ], + "settingCount": 27, + "technologies": "mdm", + "id": "4e18b8a5-9bee-4272-b585-b876a43d6a8b", + "templateReference": { + "templateId": "", + "templateFamily": "none", + "templateDisplayName": null, + "templateDisplayVersion": null + }, + "settings": [ + { + "id": "0", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowarchivescanning", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowarchivescanning_1", + "children": [] + } + } + }, + { + "id": "1", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowbehaviormonitoring", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowbehaviormonitoring_1", + "children": [] + } + } + }, + { + "id": "2", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowcloudprotection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowcloudprotection_1", + "children": [] + } + } + }, + { + "id": "3", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowemailscanning", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowemailscanning_1", + "children": [] + } + } + }, + { + "id": "4", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowfullscanonmappednetworkdrives", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowfullscanonmappednetworkdrives_0", + "children": [] + } + } + }, + { + "id": "5", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowfullscanremovabledrivescanning", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowfullscanremovabledrivescanning_1", + "children": [] + } + } + }, + { + "id": "6", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowrealtimemonitoring", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowrealtimemonitoring_1", + "children": [] + } + } + }, + { + "id": "7", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowscanningnetworkfiles", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowscanningnetworkfiles_1", + "children": [] + } + } + }, + { + "id": "8", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowioavprotection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowioavprotection_1", + "children": [] + } + } + }, + { + "id": "9", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowscriptscanning", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowscriptscanning_1", + "children": [] + } + } + }, + { + "id": "10", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_allowuseruiaccess", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_allowuseruiaccess_1", + "children": [] + } + } + }, + { + "id": "11", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_avgcpuloadfactor", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 50 + } + } + }, + { + "id": "12", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_checkforsignaturesbeforerunningscan", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_checkforsignaturesbeforerunningscan_1", + "children": [] + } + } + }, + { + "id": "13", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_cloudblocklevel", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_cloudblocklevel_2", + "children": [] + } + } + }, + { + "id": "14", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_cloudextendedtimeout", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 50 + } + } + }, + { + "id": "15", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_daystoretaincleanedmalware", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 30 + } + } + }, + { + "id": "16", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_disablecatchupfullscan", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_disablecatchupfullscan_0", + "children": [] + } + } + }, + { + "id": "17", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_disablecatchupquickscan", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_disablecatchupquickscan_0", + "children": [] + } + } + }, + { + "id": "18", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_enablelowcpupriority", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_enablelowcpupriority_1", + "children": [] + } + } + }, + { + "id": "19", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_enablenetworkprotection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_enablenetworkprotection_0", + "children": [] + } + } + }, + { + "id": "20", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_puaprotection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_puaprotection_1", + "children": [] + } + } + }, + { + "id": "21", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_realtimescandirection", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_realtimescandirection_0", + "children": [] + } + } + }, + { + "id": "22", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_scanparameter", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_scanparameter_1", + "children": [] + } + } + }, + { + "id": "23", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_schedulequickscantime", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 720 + } + } + }, + { + "id": "24", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_schedulescanday", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_schedulescanday_6", + "children": [] + } + } + }, + { + "id": "25", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_signatureupdateinterval", + "settingInstanceTemplateReference": null, + "simpleSettingValue": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationIntegerSettingValue", + "settingValueTemplateReference": null, + "value": 4 + } + } + }, + { + "id": "26", + "settingInstance": { + "@odata.type": "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance", + "settingDefinitionId": "device_vendor_msft_policy_config_defender_submitsamplesconsent", + "settingInstanceTemplateReference": null, + "choiceSettingValue": { + "settingValueTemplateReference": null, + "value": "device_vendor_msft_policy_config_defender_submitsamplesconsent_1", + "children": [] + } + } + } + ] +}