AsBuiltReport.Microsoft.Intune

0.1.0

Src/Private/Get-AbrIntuneSections.ps1

                                #region --- Section Orchestrators ---

function Get-AbrIntuneComplianceSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.DeviceCompliance -lt 1) { return }

    Section -Style Heading1 'Device Compliance' {

        Paragraph "The following section provides a summary of Device Compliance policy configuration for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Device Compliance sub-section.'

        Get-AbrIntuneDeviceCompliance -TenantId $TenantId

    }

}

function Get-AbrIntuneConfigurationSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.ConfigurationProfiles -lt 1) { return }

    Section -Style Heading1 'Configuration' {

        Paragraph "The following section provides a summary of Device Configuration for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Configuration Profiles sub-section.'

        Get-AbrIntuneConfigurationProfiles -TenantId $TenantId

    }

}

function Get-AbrIntuneAppManagementSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.AppManagement -lt 1 -and $InfoLevel.AppConfigPolicies -lt 1) { return }

    Section -Style Heading1 'App Management' {

        Paragraph "The following section provides a summary of App Management (MAM/MDM) configuration for tenant $TenantId."

        BlankLine

        if ($InfoLevel.AppManagement -ge 1) {

            Write-Host '    - Working on App Management sub-section.'

            Get-AbrIntuneAppManagement -TenantId $TenantId

        }

        if ($InfoLevel.AppConfigPolicies -ge 1) {

            Write-Host '    - Working on App Configuration Policies sub-section.'

            Get-AbrIntuneAppConfigPolicies -TenantId $TenantId

        }

    }

}

function Get-AbrIntuneEnrollmentSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.EnrollmentRestrictions -lt 1) { return }

    Section -Style Heading1 'Enrollment' {

        Paragraph "The following section provides a summary of Device Enrollment configuration for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Enrollment Restrictions sub-section.'

        Get-AbrIntuneEnrollmentRestrictions -TenantId $TenantId

    }

}

function Get-AbrIntuneSecuritySection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    $anyEnabled = ($InfoLevel.SecurityBaselines -ge 1 -or $InfoLevel.EndpointSecurity -ge 1)

    if (-not $anyEnabled) { return }

    Section -Style Heading1 'Security' {

        Paragraph "The following section provides a summary of Endpoint Security configuration for tenant $TenantId."

        BlankLine

        if ($InfoLevel.SecurityBaselines -ge 1) {

            Write-Host '    - Working on Security Baselines sub-section.'

            Get-AbrIntuneSecurityBaselines -TenantId $TenantId

        }

        if ($InfoLevel.EndpointSecurity -ge 1) {

            Write-Host '    - Working on Endpoint Security sub-section.'

            Get-AbrIntuneEndpointSecurity -TenantId $TenantId

        }

    }

}

function Get-AbrIntuneScriptsSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.Scripts -lt 1) { return }

    # Licence gate: Scripts require Intune Plan 1

    # Proactive Remediations require Intune Plan 2 / Suite

    # If neither licence is detected, skip the section entirely (debug log only)

    $hasScripts      = ($script:TenantHasIntuneP1 -ne $false)

    $hasRemediations = ($script:TenantHasIntuneP2 -ne $false)

    if (-not $hasScripts -and -not $hasRemediations) {

        Write-Host '  - Skipping Scripts & Remediations section (Intune Plan 1 / Plan 2 not detected).' -ForegroundColor Yellow

        Write-AbrDebugLog 'Scripts & Remediations section skipped -- no Intune P1/P2 licence' 'WARN' 'SECTION'

        return

    }

    Section -Style Heading1 'Scripts & Remediations' {

        Paragraph "The following section provides a summary of Scripts and Proactive Remediations configured for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Scripts sub-section.'

        Get-AbrIntuneScripts -TenantId $TenantId

    }

}

function Get-AbrIntuneCloudPCSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.CloudPC -lt 1) { return }

    Section -Style Heading1 'Windows 365 / Cloud PC' {

        Paragraph "The following section provides a summary of Windows 365 Cloud PC configuration for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Cloud PC sub-section.'

        Get-AbrIntuneCloudPC -TenantId $TenantId

    }

}

function Get-AbrIntuneDevicesSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.Devices -lt 1) { return }

    Section -Style Heading1 'Managed Devices' {

        Paragraph "The following section provides a summary of managed devices enrolled in Intune for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Managed Devices sub-section.'

        Get-AbrIntuneDevices -TenantId $TenantId

    }

}

function Get-AbrIntuneFailedAssignmentsSection {

    [CmdletBinding()]

    param ([Parameter(Mandatory)][string]$TenantId)

    if ($InfoLevel.FailedAssignments -lt 1) { return }

    Section -Style Heading1 'Failed Assignments' {

        Paragraph "The following section documents Intune policies with deployment failures for tenant $TenantId."

        BlankLine

        Write-Host '    - Working on Failed Assignments sub-section.'

        Get-AbrIntuneFailedAssignments -TenantId $TenantId

    }

}

#endregion