mmckinnon/IntunePolicies
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39b6a1272d0916950d5525134ae667b0a7bee907
IntunePolicies/ImportPolicies.ps1

81 lines
2.9 KiB
PowerShell
Raw Blame History

# Check if the Microsoft Graph PowerShell SDK is installed
if (-not (Get-Module -ListAvailable -Name Microsoft.Graph)) {
Install-Module -Name Microsoft.Graph -Scope CurrentUser -Force
}
# Check if the Microsoft Graph PowerShell SDK is installed
if (-not (Get-Module -ListAvailable -Name Microsoft.Graph.Beta)) {
Install-Module -Name Microsoft.Graph.Beta -Scope CurrentUser -Force
}
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "DeviceManagementConfiguration.ReadWrite.All", "Organization.Read.All", "Group.ReadWrite.All", "Directory.ReadWrite.All" -NoWelcome
# Get Tenant ID
$tenant = Get-MgOrganization
$tenantId = $tenant.Id
$policies = Get-ChildItem ./policies
ForEach ($policie in $policies) {
$PolicieName = $policie.name
$JsonData = Get-Content -Path ./policies/$PolicieName -Raw
$JsonDataUpdated = $JsonData -replace '\$tenantId', $tenantId
$PolicyObject = $JsonDataUpdated | ConvertFrom-Json
try {
$uri = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies" # Using the beta version
$response = Invoke-MgGraphRequest -Method POST -Uri $uri -Body ($PolicyObject | ConvertTo-Json -Depth 10)
Write-Host "$PolicieName - successfully imported!"
#$response
} catch {
Write-Error "❌ An error occurred while importing the policy: $_"
}
}
# Define the dynamic membership rule
$dynamicRule = '(device.deviceOSType -eq "Windows") and (device.accountEnabled -eq true) and (device.managementType -eq "MDM")'
# Create the security group with dynamic membership
$groupBody = @{
displayName = "Intune - All Windows Workstations MDM"
mailEnabled = $false
mailNickname = "IntuneWindowsDevices"
securityEnabled = $true
groupTypes = @("DynamicMembership")
membershipRule = $dynamicRule
membershipRuleProcessingState = "On"
}
# Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
# Define the dynamic membership rule
$dynamicRule = '(device.deviceOSVersion -startsWith "10") and (device.deviceOSType -eq "Windows")'
# Create the security group with dynamic membership
$groupBody = @{
displayName = "Intune - All Windows Computers"
mailEnabled = $false
mailNickname = "IntuneWindowsDevices"
securityEnabled = $true
groupTypes = @("DynamicMembership")
membershipRule = $dynamicRule
membershipRuleProcessingState = "On"
}
# Convert the body to JSON
$groupBodyJson = $groupBody | ConvertTo-Json -Depth 10
# Create the group using Invoke-MgGraphRequest
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/groups" -Body $groupBodyJson -ContentType "application/json"
$null = Disconnect-Graph -ErrorAction SilentlyContinue
Reference in New Issue View Git Blame Copy Permalink