IntuneAssignmentChecker.psm1
|
#Requires -Version 7.0 #Requires -Modules Microsoft.Graph.Authentication # Module-scoped variables (set by Connect-IntuneAssignmentChecker) $script:GraphEndpoint = $null $script:GraphEnvironment = $null $script:CurrentTenantId = $null $script:CurrentTenantName = $null $script:CurrentUserUPN = $null $script:TemplateIdToFamilyCache = $null $script:ScopeTagLookup = $null $script:IntentTemplateSubtypeToFamily = @{ 'antivirus' = 'endpointSecurityAntivirus' 'diskEncryption' = 'endpointSecurityDiskEncryption' 'firewall' = 'endpointSecurityFirewall' 'endpointDetectionAndResponse' = 'endpointSecurityEndpointDetectionAndResponse' 'attackSurfaceReduction' = 'endpointSecurityAttackSurfaceReduction' 'accountProtection' = 'endpointSecurityAccountProtection' } # Required Microsoft Graph permissions (shared by Connect-IntuneAssignmentChecker and Switch-Tenant) $script:RequiredPermissions = @( @{ Permission = "User.Read.All"; Reason = "Required to read user profile information and check group memberships" } @{ Permission = "Group.Read.All"; Reason = "Needed to read group information and memberships" } @{ Permission = "DeviceManagementConfiguration.Read.All"; Reason = "Allows reading Intune device configuration policies and their assignments" } @{ Permission = "DeviceManagementApps.Read.All"; Reason = "Necessary to read mobile app management policies and app configurations" } @{ Permission = "DeviceManagementManagedDevices.Read.All"; Reason = "Required to read managed device information and compliance policies" } @{ Permission = "Device.Read.All"; Reason = "Needed to read device information from Entra ID" } @{ Permission = "DeviceManagementScripts.Read.All"; Reason = "Needed to read device management and health scripts" } @{ Permission = "CloudPC.Read.All"; Reason = "Required to read Windows 365 Cloud PC provisioning policies and settings (optional if W365 not licensed)" } @{ Permission = "DeviceManagementRBAC.Read.All"; Reason = "Required to read role scope tags for scope tag display and filtering" } ) # Dot-source all private functions $Private = @(Get-ChildItem -Path "$PSScriptRoot/Private/*.ps1" -ErrorAction SilentlyContinue) foreach ($file in $Private) { try { . $file.FullName } catch { Write-Error "Failed to load $($file.FullName): $_" } } # Dot-source all public functions $Public = @(Get-ChildItem -Path "$PSScriptRoot/Public/*.ps1" -ErrorAction SilentlyContinue) foreach ($file in $Public) { try { . $file.FullName } catch { Write-Error "Failed to load $($file.FullName): $_" } } # Create alias for interactive mode New-Alias -Name 'IntuneAssignmentChecker' -Value 'Invoke-IntuneAssignmentChecker' -Force # Export public functions and alias Export-ModuleMember -Function $Public.BaseName -Alias 'IntuneAssignmentChecker' |