MEMShell.psm1
|
#Region '.\Private\Export-JSONData.ps1' 0 Function Export-JSONData() { <# .SYNOPSIS This function is used to export JSON data returned from Graph .DESCRIPTION This function is used to export JSON data returned from Graph .EXAMPLE Export-JSONData -JSON $JSON Export the JSON inputted on the function .NOTES NAME: Export-JSONData #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] $JSON, [parameter(Mandatory = $true)] [string]$ExportPath ) try { if (!(Test-Path $ExportPath)) { Write-Error "$ExportPath doesn't exist, can't export JSON Data" Break } else { $JSON = ConvertTo-Json $JSON -Depth 5 $JSON_Convert = $JSON | ConvertFrom-Json $displayName = $JSON_Convert.displayName # Updating display name to follow file naming conventions - https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx $DisplayName = $DisplayName -replace '\<|\>|:|"|/|\\|\||\?|\*', '_' $FileName_JSON = "$DisplayName" + '_' + $(Get-Date -f dd-MM-yyyy-H-mm-ss) + '.json' $JSON | Set-Content -LiteralPath "$ExportPath\$FileName_JSON" Write-Information "JSON created in $ExportPath\$FileName_JSON..." } } catch { $_.Exception } } #EndRegion '.\Private\Export-JSONData.ps1' 47 #Region '.\Private\Get-AuthTokenMSAL.ps1' 0 Function Get-AuthTokenMSAL { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$User ) $userUpn = New-Object 'System.Net.Mail.MailAddress' -ArgumentList $User if ($userUpn.Host -like '*onmicrosoft.com*') { $tenant = Read-Host -Prompt 'Please specify your Tenant name i.e. company.com' } else { $tenant = $userUpn.Host } Write-Information 'Checking for MSAL.PS module...' $MSALModule = Get-Module -Name 'MSAL.PS' -ListAvailable if ($null -eq $MSALModule) { Write-Information 'MSAL.PS Powershell module not installed...' Write-Information "Install by running 'Install-Module MSAL.PS -Scope CurrentUser' from an elevated PowerShell prompt" Write-Error "Script can't continue..." break } if ($MSALModule.count -gt 1) { $Latest_Version = ($MSALModule | Select-Object version | Sort-Object)[-1] $MSALModule = $MSALModule | Where-Object { $_.version -eq $Latest_Version.version } if ($MSALModule.count -gt 1) { $MSALModule = $MSALModule | Select-Object -Unique } } $ClientId = 'd1ddf0e4-d672-4dae-b554-9d5bdfd93547' $RedirectUri = 'urn:ietf:wg:oauth:2.0:oob' $Authority = "https://login.microsoftonline.com/$Tenant" try { Import-Module $MSALModule.Name if ($PSVersionTable.PSVersion.Major -ne 7) { $authResult = Get-MsalToken -ClientId $ClientId -Interactive -RedirectUri $RedirectUri -Authority $Authority } else { $authResult = Get-MsalToken -ClientId $ClientId -Interactive -RedirectUri $RedirectUri -Authority $Authority -DeviceCode } if ($authResult.AccessToken) { $authHeader = @{ 'Content-Type' = 'application/json' 'Authorization' = 'Bearer ' + $authResult.AccessToken 'ExpiresOn' = $authResult.ExpiresOn } return [OutputType('System.Collections.Hashtable')]$authHeader } else { Write-Information 'Authorization Access Token is null, please re-run authentication...' break } } catch { Write-Error $_.Exception.Message Write-Error $_.Exception.ItemName break } } #EndRegion '.\Private\Get-AuthTokenMSAL.ps1' 83 #Region '.\Private\Invoke-MEMRestMethod.ps1' 0 Function Invoke-MEMRestMethod() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [uri]$Uri, [parameter(Mandatory = $true)] [ValidateSet('Delete', 'Get', 'Patch', 'Post', 'Put')] [string]$Method, [string]$Body, [string]$ContentType = 'application/json' ) if ($global:authToken) { # Setting DateTime to Universal time to work in all timezones $DateTime = (Get-Date).ToUniversalTime() # If the authToken exists checking when it expires $TokenExpires = ($authToken.ExpiresOn.datetime - $DateTime).Minutes if ($TokenExpires -le 0) { Write-Output "Authentication Token expired $TokenExpires minutes ago" # Defining User Principal Name if not present if ($null -eq $global:User -or $global:User -eq '') { $global:User = Read-Host -Prompt 'Please specify your user principal name for Azure Authentication' } $global:authToken = Get-AuthTokenMSAL -User $global:User } } # Authentication doesn't exist, calling Get-AuthToken function else { if ($null -eq $global:User -or $global:User -eq '') { $global:User = Read-Host -Prompt 'Please specify your user principal name for Azure Authentication' } # Getting the authorization token $global:authToken = Get-AuthTokenMSAL -User $global:User } $global:authToken['ConsistencyLevel'] = 'eventual' $Headers = $global:authToken $Method = 'Get' if ($Method -eq 'Get') { $ValueOnly = 'True' $params = @{ Uri = $uri Method = $Method Headers = $Headers } } elseif ($Method -eq 'Post') { $params = @{ Uri = $uri Method = $Method Headers = $Headers ContentType = $ContentType Body = $Body } } elseif ($Method -eq 'Patch') { $params = @{ Uri = $uri Method = $Method Headers = $Headers ContentType = $ContentType Body = $Body } } elseif ($Method -eq 'Delete') { $params = @{ Uri = $uri Method = $Method Headers = $Headers } } Try { $Result = Invoke-RestMethod @params if ($ValueOnly) { return $Result.Value } else { return $Result } } Catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Private\Invoke-MEMRestMethod.ps1' 109 #Region '.\Private\Test-AppBundleId.ps1' 0 Function Test-AppBundleId() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$bundleId ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps?`$filter=(microsoft.graph.managedApp/appAvailability eq null or microsoft.graph.managedApp/appAvailability eq 'lineOfBusiness' or isAssigned eq true) and (isof('microsoft.graph.iosLobApp') or isof('microsoft.graph.iosStoreApp') or isof('microsoft.graph.iosVppApp') or isof('microsoft.graph.managedIOSStoreApp') or isof('microsoft.graph.managedIOSLobApp'))" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" $mobileApps = Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get } catch { $exs = $Error.ErrorDetails $ex = $exs[0] Write-Output "Response content:`n$ex" Write-Error "Request to $Uri failed with HTTP Status $($ex.Message)" break } Write-Output $bundleId | Out-Null $app = $mobileApps.value | Where-Object { $_.bundleId -eq $bundleId } If ($app) { return $app.id } Else { return [OutputType('System.Boolean')]$false } } #EndRegion '.\Private\Test-AppBundleId.ps1' 44 #Region '.\Private\Test-AppPackageId.ps1' 0 Function Test-AppPackageId() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$packageId ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps?`$filter=(isof('microsoft.graph.androidForWorkApp') or microsoft.graph.androidManagedStoreApp/supportsOemConfig eq false)" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" $mobileApps = Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get } catch { $exs = $Error.ErrorDetails $ex = $exs[0] Write-Output "Response content:`n$ex" Write-Error "Request to $Uri failed with HTTP Status $($ex.Message)" break } Write-Output $packageId | Out-Null $app = $mobileApps.value | Where-Object { $_.packageId -eq $packageId } If ($app) { return $app.id } Else { return [OutputType('System.Boolean')]$false } } #EndRegion '.\Private\Test-AppPackageId.ps1' 45 #Region '.\Private\Test-MEMJSON.ps1' 0 Function Test-MEMJSON() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] $JSON ) try { $TestJSON = ConvertFrom-Json $JSON -ErrorAction Stop $TestJSON | Out-Null $validJson = $true } catch { $validJson = $false $_.Exception } if (!$validJson) { Write-Output "Provided JSON isn't in valid JSON format" break } } #EndRegion '.\Private\Test-MEMJSON.ps1' 36 #Region '.\Private\Write-MEMLog.ps1' 0 Function Write-MEMLog { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] Param( [parameter(Mandatory = $true)] [String]$Path, [parameter(Mandatory = $true)] [String]$Message, [parameter(Mandatory = $true)] [String]$Component, [Parameter(Mandatory = $true)] [ValidateSet('Info', 'Warning', 'Error')] [String]$Type ) switch ($Type) { 'Info' { [int]$Type = 1 } 'Warning' { [int]$Type = 2 } 'Error' { [int]$Type = 3 } } # Create a log entry $Content = "<![LOG[$Message]LOG]!>" + ` "<time=`"$(Get-Date -Format 'HH:mm:ss.ffffff')`" " + ` "date=`"$(Get-Date -Format 'M-d-yyyy')`" " + ` "component=`"$Component`" " + ` "context=`"$([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)`" " + ` "type=`"$Type`" " + ` "thread=`"$([Threading.Thread]::CurrentThread.ManagedThreadId)`" " + ` "file=`"`">" # Write the line to the log file Add-Content -Path $Path -Value $Content } #EndRegion '.\Private\Write-MEMLog.ps1' 50 #Region '.\Public\Add-App\Add-AppCategory.ps1' 0 Function Add-AppCategory() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$Name ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/mobileAppCategories' try { $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.mobileAppCategory' $Output | Add-Member -MemberType NoteProperty 'displayName' -Value $Name $JSON = $Output | ConvertTo-Json -Depth 3 Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-App\Add-AppCategory.ps1' 42 #Region '.\Public\Add-App\Add-AppConfigPolicyDeviceAssignment.ps1' 0 Function Add-AppConfigPolicyDeviceAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'beta' $Resource = "deviceAppManagement/mobileAppConfigurations/$Id/microsoft.graph.managedDeviceMobileAppConfiguration/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups = $Target # Creating JSON object to pass to Graph $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 Test-MEMJSON -Json $JSON # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-App\Add-AppConfigPolicyDeviceAssignment.ps1' 87 #Region '.\Public\Add-App\Add-AppMobileAppAssignment.ps1' 0 Function Add-AppMobileAppAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string]$Id, [parameter(Mandatory = $false)] [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Available', 'Required')] [string]$InstallIntent, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [parameter(Mandatory = $false)] [ValidateSet('Users', 'Devices')] [string]$All, [parameter(Mandatory = $true)] [ValidateSet('Replace', 'Add')] [string]$Action ) $graphApiVersion = 'beta' $Resource = "deviceAppManagement/mobileApps/$Id/assign" try { $TargetGroups = @() If ($Action -eq 'Add') { # Checking if there are Assignments already configured $Assignments = (Get-ApplicationAssignment -Id $Id).assignments if (@($Assignments).count -ge 1) { foreach ($Assignment in $Assignments) { If (($null -ne $TargetGroupId) -and ($TargetGroupId -eq $Assignment.target.groupId)) { Write-Output 'The App is already assigned to the Group' } ElseIf (($All -eq 'Devices') -and ($Assignment.target.'@odata.type' -eq '#microsoft.graph.allDevicesAssignmentTarget')) { Write-Output 'The App is already assigned to the All Devices Group' } ElseIf (($All -eq 'Users') -and ($Assignment.target.'@odata.type' -eq '#microsoft.graph.allLicensedUsersAssignmentTarget')) { Write-Output 'The App is already assigned to the All Users Group' } Else { $TargetGroup = New-Object -TypeName psobject if (($Assignment.target).'@odata.type' -eq '#microsoft.graph.groupAssignmentTarget') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $Assignment.target.groupId } elseif (($Assignment.target).'@odata.type' -eq '#microsoft.graph.allLicensedUsersAssignmentTarget') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } elseif (($Assignment.target).'@odata.type' -eq '#microsoft.graph.allDevicesAssignmentTarget') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } if ($Assignment.target.deviceAndAppManagementAssignmentFilterType -ne 'none') { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $Assignment.target.deviceAndAppManagementAssignmentFilterId $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $Assignment.target.deviceAndAppManagementAssignmentFilterType } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.mobileAppAssignment' $Target | Add-Member -MemberType NoteProperty -Name 'intent' -Value $Assignment.intent $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target } } } } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.mobileAppAssignment' $Target | Add-Member -MemberType NoteProperty -Name 'intent' -Value $InstallIntent $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if ($FilterMode) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'mobileAppAssignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-App\Add-AppMobileAppAssignment.ps1' 135 #Region '.\Public\Add-App\Add-AppMobileAppCategory.ps1' 0 Function Add-AppMobileAppCategory() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] [string]$CategoryId ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps/$Id/categories/`$ref" try { $value = "https://graph.microsoft.com/$graphApiVersion/deviceAppManagement/mobileAppCategories/$CategoryId" $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name '@odata.id' -Value $value $JSON = $Output | ConvertTo-Json -Depth 3 Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-App\Add-AppMobileAppCategory.ps1' 45 #Region '.\Public\Add-App\Add-AppProtectionPolicyAssignment.ps1' 0 Function Add-AppProtectionPolicyAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [Parameter(Mandatory = $true)] [ValidateSet('Android', 'iOS')] [string]$OS, [ValidateSet('Include', 'Exclude')] [string]$AssignmentType ) $graphApiVersion = 'Beta' try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value "$TargetGroupId" } else { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups = $Target # Creating JSON object to pass to Graph $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 Test-MEMJSON -Json $JSON if ($OS -eq 'Android') { $uri = "https://graph.microsoft.com/$graphApiVersion/deviceAppManagement/androidManagedAppProtections('$ID')/assign" } elseif ($OS -eq 'iOS') { $uri = "https://graph.microsoft.com/$graphApiVersion/deviceAppManagement/iosManagedAppProtections('$ID')/assign" } Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-App\Add-AppProtectionPolicyAssignment.ps1' 79 #Region '.\Public\Add-Device\Add-DeviceCompliancePolicyAssignment.ps1' 0 Function Add-DeviceCompliancePolicyAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'v1.0' $Resource = "deviceManagement/deviceCompliancePolicies/$Id/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups = $Target # Creating JSON object to pass to Graph $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Device\Add-DeviceCompliancePolicyAssignment.ps1' 88 #Region '.\Public\Add-Device\Add-DeviceConfigProfileAssignment.ps1' 0 Function Add-DeviceConfigProfileAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/deviceConfigurations/$Id/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Device\Add-DeviceConfigProfileAssignment.ps1' 88 #Region '.\Public\Add-Device\Add-DeviceEndpointSecProfileAssignment.ps1' 0 Function Add-DeviceEndpointSecurityAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/intents/$Id/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value "$TargetGroupId" } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups = $Target $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Device\Add-DeviceEndpointSecProfileAssignment.ps1' 87 #Region '.\Public\Add-Device\Add-DeviceSettingsCatalogAssignment.ps1' 0 Function Add-DeviceSettingsCatalogAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/configurationPolicies/$Id/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups = $Target $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Device\Add-DeviceSettingsCatalogAssignment.ps1' 87 #Region '.\Public\Add-Enrolment\Add-EnrolmentADEProfileAssignment.ps1' 0 Function Add-EnrolmentADEProfileAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] Param( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] [string]$ProfileID, [Parameter(Mandatory = $true)] [string]$DeviceSerials ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/depOnboardingSettings/$Id/enrollmentProfiles('$ProfileID')/updateDeviceProfileAssignment" $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'deviceIds' -Value $DeviceSerials $JSON = $Output | ConvertTo-Json -Depth 3 try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Enrolment\Add-EnrolmentADEProfileAssignment.ps1' 46 #Region '.\Public\Add-Enrolment\Add-EnrolmentAutopilotProfileAssignment.ps1' 0 Function Add-EnrolmentAutopilotProfileAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [parameter(Mandatory = $true)] [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/windowsAutopilotDeploymentProfiles/$Id/assignments" try { $TargetGroup = New-Object -TypeName psobject if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $JSON = $Target | ConvertTo-Json -Depth 3 $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Enrolment\Add-EnrolmentAutopilotProfileAssignment.ps1' 60 #Region '.\Public\Add-Enrolment\Add-EnrolmentESPAssignment.ps1' 0 Function Add-EnrolmentESPAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/deviceEnrollmentConfigurations/$Id/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'enrollmentConfigurationAssignments' -Value @($Target) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Enrolment\Add-EnrolmentESPAssignment.ps1' 86 #Region '.\Public\Add-Enrolment\Add-EnrolmentRestrictionAssignment.ps1' 0 Function Add-EnrolmentRestrictionAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id, [string]$TargetGroupId, [parameter(Mandatory = $true)] [ValidateSet('Include', 'Exclude')] [string]$AssignmentType, [string]$FilterID, [ValidateSet('Include', 'Exclude')] [string]$FilterMode, [ValidateSet('Users', 'Devices')] [string]$All ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/deviceEnrollmentConfigurations/$Id/assign" try { $TargetGroup = New-Object -TypeName psobject if ($TargetGroupId) { if ($AssignmentType -eq 'Exclude') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif ($AssignmentType -eq 'Include') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $TargetGroupId } else { if ($All -eq 'Users') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allLicensedUsersAssignmentTarget' } ElseIf ($All -eq 'Devices') { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.allDevicesAssignmentTarget' } } if (($FilterMode -eq 'Include') -or ($FilterMode -eq 'Exclude')) { $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterId' -Value $FilterID $TargetGroup | Add-Member -MemberType NoteProperty -Name 'deviceAndAppManagementAssignmentFilterType' -Value $FilterMode } $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup # Creating JSON object to pass to Graph $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'enrollmentConfigurationAssignments' -Value @($Target) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Add-Enrolment\Add-EnrolmentRestrictionAssignment.ps1' 86 #Region '.\Public\Get-App\Get-AppCategory.ps1' 0 Function Get-AppCategory() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/mobileAppCategories' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppCategory.ps1' 31 #Region '.\Public\Get-App\Get-AppConfigPolicyApp.ps1' 0 Function Get-AppConfigPolicyApp() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/targetedManagedAppConfigurations?`$expand=apps" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppConfigPolicyApp.ps1' 31 #Region '.\Public\Get-App\Get-AppConfigPolicyDevice.ps1' 0 Function Get-AppConfigPolicyDevice() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/mobileAppConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppConfigPolicyDevice.ps1' 31 #Region '.\Public\Get-App\Get-AppMobileApp.ps1' 0 Function Get-AppMobileApp() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/mobileApps' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppMobileApp.ps1' 31 #Region '.\Public\Get-App\Get-AppMobileAppAssignment.ps1' 0 Function Get-AppMobileAppAssignment() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] $Id ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps/$Id/?`$expand=categories,assignments" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppMobileAppAssignment.ps1' 37 #Region '.\Public\Get-App\Get-AppMobileAppCategory.ps1' 0 Function Get-AppMobileAppCategory() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] $Id ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps/$Id/categories" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppMobileAppCategory.ps1' 36 #Region '.\Public\Get-App\Get-AppProtectionPolicy.ps1' 0 Function Get-AppProtectionPolicy() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/managedAppPolicies' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get | Where-Object { ($_.'@odata.type').contains('ManagedAppProtection') -or ($_.'@odata.type').contains('InformationProtectionPolicy') } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-App\Get-AppProtectionPolicy.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceAutopilot.ps1' 0 Function Get-DeviceAutopilot() { <# .SYNOPSIS This function is used to get autopilot devices via the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any autopilot devices .EXAMPLE Get-AutopilotDevices Returns any autopilot devices .NOTES NAME: Get-AutopilotDevices #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/windowsAutopilotDeviceIdentities' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceAutopilot.ps1' 30 #Region '.\Public\Get-Device\Get-DeviceCompliancePolicy.ps1' 0 Function Get-DeviceCompliancePolicy() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceCompliancePolicies' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceCompliancePolicy.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceCompliancePolicyScript.ps1' 0 Function Get-DeviceCompliancePolicyScript() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceComplianceScripts' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceCompliancePolicyScript.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceConfigProfile.ps1' 0 Function Get-DeviceConfigProfile() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'beta' $Resource = 'deviceManagement/deviceConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceConfigProfile.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceConfigProfileAssignment.ps1' 0 Function Get-DeviceConfigProfileAssignment() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] $Id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$Id/Assignments/" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceConfigProfileAssignment.ps1' 37 #Region '.\Public\Get-Device\Get-DeviceEndpointSecProfile.ps1' 0 Function Get-DeviceEndpointSecProfile() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/intents' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceEndpointSecProfile.ps1' 32 #Region '.\Public\Get-Device\Get-DeviceEndpointSecTemplate.ps1' 0 Function Get-DeviceEndpointSecTemplate() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = "deviceManagement/templates?`$filter=(isof(%27microsoft.graph.securityBaselineTemplate%27))" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceEndpointSecTemplate.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceEnrolmentRestriction.ps1' 0 Function Get-DeviceEnrollRestriction() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceEnrollmentConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceEnrolmentRestriction.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceFilter.ps1' 0 Function Get-DeviceFilter() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'beta' $Resource = 'deviceManagement/assignmentFilters' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceFilter.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceManagedDevice.ps1' 0 Function Get-DeviceManagedDevice() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [switch]$IncludeEAS, [switch]$ExcludeMDM ) $graphApiVersion = 'beta' $Resource = 'deviceManagement/managedDevices' try { $Count_Params = 0 if ($IncludeEAS.IsPresent) { $Count_Params++ } if ($ExcludeMDM.IsPresent) { $Count_Params++ } if ($Count_Params -gt 1) { Write-Warning 'Multiple parameters set, specify a single parameter -IncludeEAS, -ExcludeMDM or no parameter against the function' break } elseif ($IncludeEAS) { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource" } elseif ($ExcludeMDM) { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource`?`$filter=managementAgent eq 'eas'" } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource`?`$filter=managementAgent eq 'mdm' and managementAgent eq 'easmdm'" } Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceManagedDevice.ps1' 53 #Region '.\Public\Get-Device\Get-DeviceNotificationMessage.ps1' 0 Function Get-DeviceNotificationMessage() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param( [parameter(Mandatory = $true)] $Id ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/notificationMessageTemplates/$Id/localizedNotificationMessages" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceNotificationMessage.ps1' 35 #Region '.\Public\Get-Device\Get-DeviceNotificationTemplate.ps1' 0 Function Get-DeviceNotificationTemplate() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/notificationMessageTemplates' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceNotificationTemplate.ps1' 31 #Region '.\Public\Get-Device\Get-DeviceScript.ps1' 0 Function Get-DeviceScript() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] $Id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceManagementScripts' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$Id" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceScript.ps1' 38 #Region '.\Public\Get-Device\Get-DeviceScriptAssignment.ps1' 0 Function Get-DeviceScriptAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] $Id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceManagementScripts' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$Id/Assignments/" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceScriptAssignment.ps1' 37 #Region '.\Public\Get-Device\Get-DeviceSettingsCatalog.ps1' 0 Function Get-DeviceSettingsCatalog() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [parameter(Mandatory = $false)] [ValidateSet('windows10', 'macOS')] [ValidateNotNullOrEmpty()] [string]$Platform ) $graphApiVersion = 'beta' if ($Platform) { $Resource = "deviceManagement/configurationPolicies?`$filter=platforms has '$Platform' and technologies has 'mdm'" } else { $Resource = "deviceManagement/configurationPolicies?`$filter=technologies has 'mdm'" } try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceSettingsCatalog.ps1' 44 #Region '.\Public\Get-Device\Get-DeviceUpdatePolicy.ps1' 0 Function Get-DeviceUpdatePolicy() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [switch]$Windows10, [switch]$iOS, [switch]$macOS ) $graphApiVersion = 'Beta' try { $Count_Params = 0 if ($iOS.IsPresent) { $Count_Params++ } if ($Windows10.IsPresent) { $Count_Params++ } if ($macOS.IsPresent) { $Count_Params++ } if ($Count_Params -gt 1) { Write-Error 'Multiple parameters set, specify a single parameter -iOS or -Windows10 or -macOS against the function' break } elseif ($Count_Params -eq 0) { Write-Error 'Parameter -iOS or -Windows10 or -macOS required against the function...' break } elseif ($Windows10) { $Resource = "deviceManagement/deviceConfigurations?`$filter=isof('microsoft.graph.windowsUpdateForBusinessConfiguration')&`$expand=groupAssignments" } elseif ($iOS) { $Resource = "deviceManagement/deviceConfigurations?`$filter=isof('microsoft.graph.iosUpdateConfiguration')&`$expand=groupAssignments" } elseif ($macOS) { $Resource = "deviceManagement/deviceConfigurations?`$filter=isof('microsoft.graph.macOSSoftwareUpdateConfiguration')&`$expand=groupAssignments" } $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Device\Get-DeviceUpdatePolicy.ps1' 59 #Region '.\Public\Get-Enrolment\Get-EnrolmentADEProfile.ps1' 0 Function Get-EnrolmentADEProfile() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] Param( [Parameter(Mandatory = $true)] [string]$Id ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/depOnboardingSettings/$Id/enrollmentProfiles" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Enrolment\Get-EnrolmentADEProfile.ps1' 36 #Region '.\Public\Get-Enrolment\Get-EnrolmentADEToken.ps1' 0 Function Get-EnrolmentADEToken() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/depOnboardingSettings' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Enrolment\Get-EnrolmentADEToken.ps1' 30 #Region '.\Public\Get-Enrolment\Get-EnrolmentAPProfile.ps1' 0 Function Get-EnrolmentAPProfile() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/windowsAutopilotDeploymentProfiles' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Enrolment\Get-EnrolmentAPProfile.ps1' 31 #Region '.\Public\Get-Enrolment\Get-EnrolmentAPProfileAssignment.ps1' 0 Function Get-EnrolmentAPProfileAssignment() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$Id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/windowsAutopilotDeploymentProfiles' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$Id/Assignments/" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Enrolment\Get-EnrolmentAPProfileAssignment.ps1' 37 #Region '.\Public\Get-Enrolment\Get-EnrolmentESP.ps1' 0 Function Get-EnrolmentESP() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceEnrollmentConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Enrolment\Get-EnrolmentESP.ps1' 31 #Region '.\Public\Get-Enrolment\Get-EnrolmentESPAssignment.ps1' 0 Function Get-EnrolmentESPAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceEnrollmentConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$Id/Assignments/" Invoke-MEMRestMethod -Uri $uri -Method Get } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Enrolment\Get-EnrolmentESPAssignment.ps1' 37 #Region '.\Public\Get-Group\Get-MEMGroup.ps1' 0 Function Get-MEMGroup() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$GroupName ) $graphApiVersion = 'beta' $Resource = 'groups' try { $authToken['ConsistencyLevel'] = 'eventual' $searchterm = 'search="displayName:' + $GroupName + '"' $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource`?$searchterm" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Group\Get-MEMGroup.ps1' 39 #Region '.\Public\Get-Group\Get-MEMGroupMember.ps1' 0 Function Get-MEMGroupMember() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding()] param ( [parameter(Mandatory = $true)] [string]$Id ) # Defining Variables $graphApiVersion = 'beta' $Resource = 'groups' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$id/members" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Get-Group\Get-MEMGroupMember.ps1' 39 #Region '.\Public\Invoke-App\Invoke-AppAppleVPPAppSync.ps1' 0 Function Invoke-AppAppleVPPAppSync() { <# .SYNOPSIS Sync Intune tenant to Apple DEP service .DESCRIPTION Intune automatically syncs with the Apple DEP service once every 24hrs. This function synchronises your Intune tenant with the Apple DEP service. .EXAMPLE Sync-AppleDEP .NOTES NAME: Sync-AppleDEP #> [cmdletbinding()] Param( [parameter(Mandatory = $true)] [string]$Id ) $graphApiVersion = 'beta' $Resource = "deviceManagement/depOnboardingSettings/$id/syncWithAppleDeviceEnrollmentProgram" try { $Uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" Invoke-MEMRestMethod -Uri $uri -Method Post } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Invoke-App\Invoke-AppAppleVPPAppSync.ps1' 37 #Region '.\Public\Invoke-App\Invoke-AppGooglePlayAppSync.ps1' 0 Function Invoke-AppGooglePlayAppSync() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding()] $graphApiVersion = 'Beta' $Resource = '/deviceManagement/androidManagedStoreAccountEnterpriseSettings/syncApps' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-MEMRestMethod -Uri $uri -Method Post } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Invoke-App\Invoke-AppGooglePlayAppSync.ps1' 32 #Region '.\Public\New-App\New-AppConfigPolicyApp.ps1' 0 Function New-AppConfigPolicyApp() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/targetedManagedAppConfigurations' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-App\New-AppConfigPolicyApp.ps1' 39 #Region '.\Public\New-App\New-AppConfigPolicyDevice.ps1' 0 Function New-AppConfigPolicyDevice() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/mobileAppConfigurations' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-App\New-AppConfigPolicyDevice.ps1' 39 #Region '.\Public\New-App\New-AppManagedGooglePlayApp.ps1' 0 Function New-AppManagedGooglePlayApp() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [Parameter(Mandatory = $true)] [string]$Id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/androidManagedStoreAccountEnterpriseSettings/approveApps' try { $Id = 'app:' + $Id $Packages = New-Object -TypeName psobject $Packages | Add-Member -MemberType NoteProperty -Name 'approveAllPermissions' -Value 'true' $Packages | Add-Member -MemberType NoteProperty -Name 'packageIds' -Value @($Id) $JSON = $Packages | ConvertTo-Json -Depth 3 $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-App\New-AppManagedGooglePlayApp.ps1' 44 #Region '.\Public\New-App\New-AppProtectionPolicy.ps1' 0 Function New-AppProtectionPolicy() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/managedAppPolicies' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-App\New-AppProtectionPolicy.ps1' 39 #Region '.\Public\New-Device\New-DeviceCompliancePolicy.ps1' 0 Function New-DeviceCompliancePolicy() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceCompliancePolicies' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceCompliancePolicy.ps1' 39 #Region '.\Public\New-Device\New-DeviceConfigProfile.ps1' 0 Function New-DeviceConfigProfile() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceConfigurations' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceConfigProfile.ps1' 39 #Region '.\Public\New-Device\New-DeviceEndpointSecProfile.ps1' 0 Function New-DeviceEndpointSecProfile() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] [string]$Id, [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/templates/$Id/createInstance" try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceEndpointSecProfile.ps1' 41 #Region '.\Public\New-Device\New-DeviceFilter.ps1' 0 Function New-DeviceFilter() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'beta' $Resource = 'deviceManagement/assignmentFilters' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceFilter.ps1' 39 #Region '.\Public\New-Device\New-DeviceNotificationMessage.ps1' 0 Function New-DeviceNotificationMessageNew-DeviceNotificationMessage() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] [string]$Id, [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/notificationMessageTemplates/$Id/localizedNotificationMessages" try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceNotificationMessage.ps1' 41 #Region '.\Public\New-Device\New-DeviceNotificationTemplate.ps1' 0 Function New-DeviceNotificationTemplate() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'v1.0' $Resource = 'deviceManagement/notificationMessageTemplates' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceNotificationTemplate.ps1' 39 #Region '.\Public\New-Device\New-DeviceScript.ps1' 0 Function New-DeviceManagementScript() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] Param ( # Path or URL to Powershell-script to add to Intune [Parameter(Mandatory = $true)] [string]$File, # PowerShell description in Intune [Parameter(Mandatory = $false)] [string]$Description ) if (!(Test-Path $File)) { Write-Output "$File could not be located." break } $FileName = Get-Item $File | Select-Object -ExpandProperty Name $DisplayName = $FileName.Split('.')[0] $B64File = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("$File")); $JSON = @" { "@odata.type": "#microsoft.graph.deviceManagementScript", "displayName": "$DisplayName", "description": "$Description", "runSchedule": { "@odata.type": "microsoft.graph.runSchedule" }, "scriptContent": "$B64File", "runAsAccount": "system", "enforceSignatureCheck": "false", "fileName": "$FileName" } "@ $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceManagementScripts' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceScript.ps1' 66 #Region '.\Public\New-Device\New-DeviceSettingCatalog.ps1' 0 Function New-DeviceSettingCatalog() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/configurationPolicies' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Device\New-DeviceSettingCatalog.ps1' 39 #Region '.\Public\New-Enrolment\New-EnrolmentAPProfile.ps1' 0 Function New-EnrolmentAPProfile() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/windowsAutopilotDeploymentProfiles' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Enrolment\New-EnrolmentAPProfile.ps1' 39 #Region '.\Public\New-Enrolment\New-EnrolmentESP.ps1' 0 Function New-EnrolmentESP() { <# .SYNOPSIS This function is used to get Deivce Enrollment Configurations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets Device Enrollment Configurations .EXAMPLE Get-DeviceEnrollmentConfigurations Returns Device Enrollment Configurations configured in Intune .NOTES NAME: Get-DeviceEnrollmentConfigurations #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceEnrollmentConfigurations' try { Test-MEMJSON -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\New-Enrolment\New-EnrolmentESP.ps1' 39 #Region '.\Public\Remove-App\Remove-AppConfigPolicyApp.ps1' 0 Function Remove-AppConfigPolicyApp() { <# .SYNOPSIS This function is used to remove Managed App policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes managed app policies .EXAMPLE Remove-AppConfigPolicyApp -id $id Removes a managed app policy configured in Intune .NOTES NAME: Remove-AppConfigPolicyApp #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [Parameter(Mandatory = $true)] [string]$Id ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/targetedManagedAppConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$Id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-App\Remove-AppConfigPolicyApp.ps1' 38 #Region '.\Public\Remove-App\Remove-AppConfigPolicyDevice.ps1' 0 Function Remove-AppConfigPolicyDevice() { <# .SYNOPSIS This function is used to remove Managed App policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes managed app policies .EXAMPLE Remove-AppConfigPolicyDevice -id $id Removes a managed app policy configured in Intune .NOTES NAME: Remove-AppConfigPolicyDevice #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$Id ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/mobileAppConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$Id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-App\Remove-AppConfigPolicyDevice.ps1' 38 #Region '.\Public\Remove-App\Remove-AppMobileAppAssignment.ps1' 0 Function Remove-AppMobileAppAssignment() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [parameter(Mandatory = $true)] [string]$Id, [parameter(Mandatory = $true)] [string]$AssignmentId ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps/$Id/assignments/$AssignmentId" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-App\Remove-AppMobileAppAssignment.ps1' 40 #Region '.\Public\Remove-App\Remove-AppMobileAppCategory.ps1' 0 Function Remove-AppMobileAppCategory() { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthTokenMSAL Authenticates you with the Graph API interface using MSAL.PS module .NOTES NAME: Get-AuthTokenMSAL #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] [string]$CategoryId ) $graphApiVersion = 'Beta' $Resource = "deviceAppManagement/mobileApps/$Id/categories/$CategoryId/`$ref" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-App\Remove-AppMobileAppCategory.ps1' 40 #Region '.\Public\Remove-App\Remove-AppProtectionPolicy.ps1' 0 Function Remove-AppProtectionPolicy() { <# .SYNOPSIS This function is used to remove Managed App policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes managed app policies .EXAMPLE Remove-ManagedAppPolicy -id $id Removes a managed app policy configured in Intune .NOTES NAME: Remove-ManagedAppPolicy #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceAppManagement/managedAppPolicies' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-App\Remove-AppProtectionPolicy.ps1' 38 #Region '.\Public\Remove-Device\Remove-DeviceCompliancePolicy.ps1' 0 Function Remove-DeviceCompliancePolicy() { <# .SYNOPSIS This function is used to delete a device configuration policy from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and deletes a device compliance policy .EXAMPLE Remove-DeviceCompliancePolicy -id $id Returns any device configuration policies configured in Intune .NOTES NAME: Remove-DeviceCompliancePolicy #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceCompliancePolicies' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-Device\Remove-DeviceCompliancePolicy.ps1' 38 #Region '.\Public\Remove-Device\Remove-DeviceConfigProfile.ps1' 0 Function Remove-DeviceConfigProfile() { <# .SYNOPSIS This function is used to remove a device configuration policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes a device configuration policies .EXAMPLE Remove-DeviceConfigProfile -id $id Removes a device configuration policies configured in Intune .NOTES NAME: Remove-DeviceConfigProfile #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceConfigurations' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-Device\Remove-DeviceConfigProfile.ps1' 38 #Region '.\Public\Remove-Device\Remove-DeviceFilter.ps1' 0 Function Remove-DeviceFilter() { <# .SYNOPSIS This function is used to remove a device configuration policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes a device configuration policies .EXAMPLE Remove-DeviceFilter -id $id Removes a device configuration policies configured in Intune .NOTES NAME: Remove-DeviceFilter #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/assignmentFilters' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" if ($PSCmdlet.ShouldProcess("ShouldProcess?")) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-Device\Remove-DeviceFilter.ps1' 38 #Region '.\Public\Remove-Device\Remove-DeviceScript.ps1' 0 Function Remove-DeviceManagement() { <# .SYNOPSIS This function is used to remove a device configuration policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes a device configuration policies .EXAMPLE Remove-DeviceManagementScript -id $id Removes a device configuration policies configured in Intune .NOTES NAME: Remove-DeviceManagementScript #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact='Medium')] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/deviceManagementScripts' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" if ($PSCmdlet.ShouldProcess("ShouldProcess?")) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-Device\Remove-DeviceScript.ps1' 38 #Region '.\Public\Remove-Device\Remove-DeviceSettingsCatalog.ps1' 0 Function Remove-DeviceSettingsCatalog() { <# .SYNOPSIS This function is used to remove a device configuration policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes a device configuration policies .EXAMPLE Remove-DeviceSettingsCatalogProfile -id $id Removes a device configuration policies configured in Intune .NOTES NAME: Remove-DeviceSettingsCatalogProfile #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$id ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/configurationPolicies' try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Delete } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Remove-Device\Remove-DeviceSettingsCatalog.ps1' 38 #Region '.\Public\Update-Device\Update-DeviceAPDevice.ps1' 0 Function Update-DeviceAP() { <# .SYNOPSIS This function is used to set autopilot devices properties via the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and sets autopilot device properties .EXAMPLE Set-AutopilotDevice Returns any autopilot devices .NOTES NAME: Set-AutopilotDevice #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Low')] param( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] [string]$GroupTag ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/windowsAutopilotDeviceIdentities/$Id/updateDeviceProperties" try { $Autopilot = New-Object -TypeName psobject $Autopilot | Add-Member -MemberType NoteProperty -Name 'groupTag' -Value $GroupTag $JSON = $Autopilot | ConvertTo-Json -Depth 3 $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Update-Device\Update-DeviceAPDevice.ps1' 43 #Region '.\Public\Update-Device\Update-DeviceCompliancePolicy.ps1' 0 Function Update-DeviceCompliancePolicy() { <# .SYNOPSIS This function is used to update device compliance policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and updates device compliance policies .EXAMPLE Update-DeviceCompliancePolicy -id -JSON Updates a device compliance policies configured in Intune .NOTES NAME: Update-DeviceCompliancePolicy #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] $JSON ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/deviceCompliancePolicies/$id" try { Test-Json -Json $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Patch -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Update-Device\Update-DeviceCompliancePolicy.ps1' 43 #Region '.\Public\Update-Device\Update-DeviceManagedDeviceName.ps1' 0 Function Update-DeviceManagedDeviceName() { <# .SYNOPSIS This function is used to update device compliance policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and updates device compliance policies .EXAMPLE Update-DeviceCompliancePolicy -id -JSON Updates a device compliance policies configured in Intune .NOTES NAME: Update-DeviceCompliancePolicy #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] Param( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] [string]$OS, [Parameter(Mandatory = $true)] [string]$DeviceName ) $graphApiVersion = 'Beta' $Resource = "deviceManagement/managedDevices('$Id')/setDeviceName" If ($OS -eq 'Windows') { $Length = '15' } Elseif ($OS -eq 'iOS') { $Length = '255' } Elseif ($OS -eq 'Android') { $Length = '50' } Elseif ($OS -eq 'macOS') { $Length = '250' } $DeviceName = $DeviceName.Replace(' ', '') if ($DeviceName.Length -ge $Length) { $DeviceName = $DeviceName.substring(0, $Length) Write-Information "Device name shortened to $DeviceName" } $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'deviceName' -Value $DeviceName $JSON = $Output | ConvertTo-Json -Depth 3 try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Post -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Update-Device\Update-DeviceManagedDeviceName.ps1' 66 #Region '.\Public\Update-Device\Update-DeviceOwnership.ps1' 0 Function Update-DeviceOwnership() { <# .SYNOPSIS This function is used to update device compliance policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and updates device compliance policies .EXAMPLE Update-DeviceCompliancePolicy -id -JSON Updates a device compliance policies configured in Intune .NOTES NAME: Update-DeviceCompliancePolicy #> [cmdletbinding(SupportsShouldProcess, ConfirmImpact = 'Medium')] param ( [Parameter(Mandatory = $true)] [string]$Id, [Parameter(Mandatory = $true)] [ValidateSet('Company', 'Personal')] [string]$Ownership ) $graphApiVersion = 'Beta' $Resource = 'deviceManagement/managedDevices' try { $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'ownerType' -Value $Ownership $JSON = $Output | ConvertTo-Json -Depth 3 $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$Id" if ($PSCmdlet.ShouldProcess('ShouldProcess?')) { Invoke-MEMRestMethod -Uri $uri -Method Patch -Body $JSON } } catch { $exs = $Error $ex = $exs[0] Write-Error "`n$ex" break } } #EndRegion '.\Public\Update-Device\Update-DeviceOwnership.ps1' 45 |