# Check if the Microsoft Graph PowerShell SDK is installed if (-not (Get-Module -ListAvailable -Name Microsoft.Graph)) { Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force } # Check if the Microsoft Graph PowerShell SDK is installed if (-not (Get-Module -ListAvailable -Name Microsoft.Graph.Beta)) { Install-Module -Name Microsoft.Graph.Beta -Scope CurrentUser -Force } # Connect to Microsoft Graph Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All", "Group.ReadWrite.All", "Directory.ReadWrite.All" -NoWelcome # Get Tenant ID $tenant = Get-MgOrganization $tenantId = $tenant.Id $policies = Get-ChildItem ./policies ForEach ($policie in $policies) { $PolicieName = $policie.name $JsonData = Get-Content -Path ./policies/$PolicieName -Raw $JsonDataUpdated = $JsonData -replace '\$tenantId', $tenantId $PolicyObject = $JsonDataUpdated | ConvertFrom-Json try { $uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" # Using the beta version # $response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10) Write-Host "✅ $PolicieName - successfully imported!" #$response } catch { Write-Error "❌ An error occurred while importing the policy: $_" } } # Define the dynamic membership rule $dynamicRule = '(device.deviceOSType -eq "Windows") and (device.accountEnabled -eq true) and (device.managementType -eq "MDM")' # Create the security group with dynamic membership $groupBody = @{ displayName = "Intune - All Windows Workstations Dynamic Membership" mailEnabled = $false mailNickname = "IntuneWindowsDevices" securityEnabled = $true groupTypes = @("DynamicMembership") membershipRule = $dynamicRule membershipRuleProcessingState = "On" } # Convert the body to JSON $groupBodyJson = $groupBody | ConvertTo-Json -Depth 10 # Create the group using Invoke-MgGraphRequest Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json" $null = Disconnect-Graph -ErrorAction SilentlyContinue