1.0.3/ENS.ps1
|
function Export-EndpointSecurityProfiles { param( [Parameter(Mandatory = $True)] $PolicyID, [ValidateSet('Object','File')] [Parameter(Mandatory = $True)] $Type, [Parameter(DontShow = $true)] [string] $MsGraphVersion = "beta", [Parameter(DontShow = $true)] [string] $MsGraphHost = "graph.microsoft.com", [Parameter(DontShow = $true)] $GraphURI = "https://$MSGraphHost/$MsGraphVersion" ) DynamicParam { #If the Import Param is used, Create the File Param switch ($Type) { File { $FileAttribute = New-Object System.Management.Automation.ParameterAttribute $FileAttribute.Mandatory = $true #create an attributecollection object for the attribute we just created. $attributeCollection = new-object System.Collections.ObjectModel.Collection[System.Attribute] #add custom FileAttribute attribute $attributeCollection.Add($FileAttribute) #add our paramater specifying the attribute collection $ExportLocation = New-Object System.Management.Automation.RuntimeDefinedParameter('ExportLocation', [string], $attributeCollection) #expose the name of our parameter $paramDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary $paramDictionary.Add('ExportLocation', $ExportLocation) return $paramDictionary } } } begin { IF ($PSBoundParameters.ExportLocation){ $ExportLocation = $PSBoundParameters.ExportLocation } IF (-Not ($BGUAccessToken)) { Throw "You must first obtain an access token by running Get-BGUAccessToken, please obtain a token and retry this action" } elseif ($BGUAccessToken.ExpiresOn.LocalDateTime -LT $(Get-Date)) { Throw "You're access token expired $($BGUAccessToken.ExpiresOn.LocalDateTime), you must obtain a new access token by running Get-BGUAccessToken." } $GraphHeader = @{Authorization = "Bearer $($BGUAccessToken.AccessToken)"} } Process { $GraphDeviceIntentParams = @{ METHOD = "GET" URI = "$GraphURI/deviceManagement/Intents/$($PolicyID)" HEADERS = $GraphHeader } $IntentPolicy = Invoke-RestMethod @GraphDeviceIntentParams if($IntentPolicy){ $GraphTemplateCategoriesParams = @{ METHOD = "GET" URI = "$GraphURI/deviceManagement/templates/$($IntentPolicy.templateId)/categories" HEADERS = $GraphHeader } $IntentPolicy_Template_Categories = Invoke-RestMethod @GraphTemplateCategoriesParams $All_IntentPolicy_Template_Categories = @() $All_IntentPolicy_Template_Categories += $IntentPolicy_Template_Categories while ($IntentPolicy_Template_Categories.'@odata.nextLink') { $GraphRequest_NextLink = @{ Method = "GET" URI = $IntentPolicy_Template_Categories.'@odata.nextLink' Headers = $GraphHeader ContentType = "application/JSON" } $IntentPolicy_Template_Categories = Invoke-RestMethod @GraphRequest_NextLink -ErrorAction Stop $All_IntentPolicy_Template_Categories += $IntentPolicy_Template_Categories } $IntentPolicy_Settings = @() FOREACH ($Category in $All_IntentPolicy_Template_Categories.value) { $GraphIntentSettingParams = @{ METHOD = "GET" URI = "$GraphURI/deviceManagement/intents/$($IntentPolicy.Id)/categories/$($Category.id)/settings" HEADERS = $GraphHeader } $IntentPolicy_Settings += Invoke-RestMethod @GraphIntentSettingParams $All_IntentPolicy_Settings = @() $All_IntentPolicy_Settings += $IntentPolicy_Settings while($IntentPolicy_Settings.'@odata.nextLink') { $GraphRequest_NextLink = @{ Method = "GET" URI = $IntentPolicy_Settings.'@odata.nextLink' Headers = $GraphHeader ContentType = "application/JSON" } $IntentPolicy_Settings = Invoke-RestMethod @GraphRequest_NextLink -ErrorAction Stop $All_IntentPolicy_Settings += $IntentPolicy_Settings } } $export_obj = @{ "displayName" = $IntentPolicy.displayName "templateID" = $IntentPolicy.templateId "description" = $IntentPolicy.description "settingsDelta" = $All_IntentPolicy_Settings.value "roleScopeTagIds" = $IntentPolicy.roleScopeTagIds } switch ($Type) { Object { $export_obj } File { # Export The Base Admin Template ConvertTo-Json $export_obj -Depth 10 | Out-File "$ExportLocation\$(($export_obj.displayName)).json" -Force } } } } } Export-EndpointSecurityProfiles -PolicyID "f781960d-34a6-4954-aae7-05b068a672ef" -Type File -ExportLocation .\ |