NLBaselineIntuneDeviceHardening

1.0.0

NLBaselineIntuneDeviceHardening.psm1

                                # NLBaseline PowerShell Module

# Module for managing Dutch Baseline for Secure Cloud

# Get module path

$modulePath = $PSScriptRoot

# Load all private functions

$privateFunctions = Get-ChildItem -Path (Join-Path -Path $modulePath -ChildPath "Private") -Filter "*.ps1" -ErrorAction SilentlyContinue

foreach ($function in $privateFunctions) {

    try {

        . $function.FullName

    }

    catch {

        Write-Warning "Failed to load private function $($function.Name): $_"

    }

}

# Load all public functions

$publicFunctions = Get-ChildItem -Path (Join-Path -Path $modulePath -ChildPath "Public") -Filter "*.ps1" -ErrorAction SilentlyContinue

foreach ($function in $publicFunctions) {

    try {

        . $function.FullName

    }

    catch {

        Write-Warning "Failed to load public function $($function.Name): $_"

    }

}

# Initialize module variables

$script:NLBaselineWorkspacePath = $null

# Try to load workspace path from settings

try {

    $moduleDataPath = Join-Path -Path $env:LOCALAPPDATA -ChildPath "NLBaseline"

    $settingsPath = Join-Path -Path $moduleDataPath -ChildPath "settings.json"

    if (Test-Path -Path $settingsPath) {

        $settings = Get-Content -Path $settingsPath -Raw | ConvertFrom-Json

        if ($settings.WorkspacePath) {

            # Validate that workspace path does not contain sandbox or test directories

            $workspacePath = $settings.WorkspacePath

            if ($workspacePath -match '\\sandbox\\|\\test-|\\sandbox$|\\test$') {

                # Clear the invalid path from settings immediately

                $settings.WorkspacePath = $null

                $settings.LastUpdated = (Get-Date -Format "yyyy-MM-dd HH:mm:ss")

                $settings | ConvertTo-Json | Set-Content -Path $settingsPath -Force

                $script:NLBaselineWorkspacePath = $null

                Write-Warning "Invalid workspace path (contains sandbox/test) was detected and cleared. Please initialize a proper workspace."

            }

            else {

                $script:NLBaselineWorkspacePath = $workspacePath

            }

        }

    }

}

catch {

    Write-Verbose "NLBaseline init (load workspace path): $_"

}

# Export module members

Export-ModuleMember -Function @(

    'Start-NLBaseline',

    'Initialize-NLBaseline',

    'Import-NLBaselineToIntune',

    'Export-NLBaselineFromIntune',

    'Restore-NLBaselineFromIntune',

    'Import-WingetAutoUpdateToIntune',

    'Import-EndpointSecurityToIntune',

    'Import-UpdateRingsToIntune',

    'Import-CompliancePolicyToIntune',

    'Import-MultiPlatformComplianceToIntune',

    'Import-AppProtectionPolicyToIntune',

    'Import-ASRPolicyToIntune',

    'Import-ExploitProtectionToIntune',

    'Import-EventViewerCustomViews',

    'Import-CountryIPBlockingToIntune',

    'Import-IntunePolicyFromJSON',

    'Import-MicrosoftSecurityBaselineToIntune',

    'Import-Microsoft365AppsBaselineToIntune',

    'Import-EdgeSecurityBaselineToIntune',

    'Import-OptionalWindowsFeaturesToIntune',

    'Import-AuditPoliciesToIntune',

    'Import-CertificateCheckingToIntune',

    'Import-WDACPolicyToIntune',

    'Import-CSPPolicyToIntune',

    'Import-CISBenchmarkToIntune',

    'Import-TamperProtectionToIntune',

    'Import-WindowsLAPSToIntune',

    'Remove-AllNLBaselinePoliciesFromIntune',

    'Deploy-AllNLBaselineToIntune',

    'Deploy-NLBaselineWithRings',

    'Assign-IntunePolicyToGroup',

    'Get-RingConfigurationTemplate',

    'Update-NLBaselineDeployments',

    'Get-NLBaselineStatus',

    'Get-NLBaselineConfig',

    'Set-NLBaselineConfig',

    'Reset-NLBaselineWorkspace',

    'Sync-NLBaselineWorkspace',

    'Check-NLBaselineUpdates',

    'Update-NLBaselineWorkspace'

)