Public/Add-App/Add-AppMobileAppAssignment.ps1
|
Function Add-AppMobileAppAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string]$Id, [parameter(Mandatory = $false)] [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Available', 'Required')] [string]$InstallIntent, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [parameter(Mandatory = $false)] [ValidateSet('Users', 'Devices')] [string]$All, [parameter(Mandatory = $true)] [ValidateSet('Replace', 'Add')] [string]$Action ) $graphApiVersion = 'beta' $Resource = "deviceAppManagement/mobileApps/$Id/assign" try { $TargetGroups = @() If ($Action -eq 'Add') { # Checking if there are Assignments already configured $Assignments = (Get-ApplicationAssignment -Id $Id).assignments if (@($Assignments).count -ge 1) { foreach ($Assignment in $Assignments) { If (($null -ne $TargetGroupId) -and ($TargetGroupId -eq $Assignment.target.groupId)) { Write-Output 'The App is already assigned to the Group' } ElseIf (($All -eq 'Devices') -and ($Assignment.target.'@odata.type' -eq '#microsoft.graph.allDevicesAssignmentTarget')) { Write-Output 'The App is already assigned to the All Devices Group' } ElseIf (($All -eq 'Users') -and ($Assignment.target.'@odata.type' -eq '#microsoft.graph.allLicensedUsersAssignmentTarget')) { Write-Output 'The App is already assigned to the All Users Group' } Else { $TargetGroup = New-Object -TypeName psobject if (($Assignment.target).'@odata.type' -eq '#microsoft.graph.groupAssignmentTarget') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $Assignment.target.groupId } elseif (($Assignment.target).'@odata.type' -eq '#microsoft.graph.allLicensedUsersAssignmentTarget') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } elseif (($Assignment.target).'@odata.type' -eq '#microsoft.graph.allDevicesAssignmentTarget') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } if ($Assignment.target.deviceAndAppManagementAssignmentFilterType -ne 'none') { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $Assignment.target.deviceAndAppManagementAssignmentFilterId $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $Assignment.target.deviceAndAppManagementAssignmentFilterType } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.mobileAppAssignment' $Target | Add-Member -MemberType NoteProperty -Name 'intent' -Value $Assignment.intent $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target } } } } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.mobileAppAssignment' $Target | Add-Member -MemberType NoteProperty -Name 'intent' -Value $InstallIntent $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if ($FilterMode) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'mobileAppAssignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } |