NLBaselineIntuneDeviceHardening

1.0.0

Public/Import-CountryIPBlockingToIntune.ps1

                                <#

.SYNOPSIS

    Imports Country IP Blocking configuration to Intune.

.DESCRIPTION

    Creates firewall rules or network protection rules to block IPs from specific countries.

.EXAMPLE

    Import-CountryIPBlockingToIntune -Countries @("CN", "RU", "KP")

#>

function Import-CountryIPBlockingToIntune {

    [CmdletBinding()]

    param(

        [string[]]$Countries = @(),

        [switch]$DryRun

    )

    $ErrorActionPreference = "Stop"

    $workspacePath = Get-WorkspacePath

    if (-not $workspacePath) {

        Write-Error "Workspace not configured. Run Initialize-NLBaseline first."

        return

    }

    $config = Get-Config -WorkspacePath $workspacePath

    if (-not $config -or [string]::IsNullOrEmpty($config.AppRegistration.ClientId) -or [string]::IsNullOrEmpty($config.AppRegistration.ClientSecret) -or [string]::IsNullOrEmpty($config.AppRegistration.TenantId)) {

        Write-Error "App Registration not configured in config.json."

        return

    }

    Write-Host "`nImporting Country IP Blocking to Intune`n" -ForegroundColor Cyan

    $modulePath = $PSScriptRoot -replace 'Public$', ''

    $countriesPath = Join-Path -Path $modulePath -ChildPath "Resources\CountryIPsData\CountriesData.json"

    if (-not (Test-Path $countriesPath)) {

        Write-Error "Countries data not found: $countriesPath"

        return

    }

    $countriesData = Get-Content -Path $countriesPath -Raw | ConvertFrom-Json

    if ($Countries.Count -eq 0) {

        Write-Host "Available countries (showing first 20):" -ForegroundColor Yellow

        $countriesData | Select-Object -First 20 | ForEach-Object {

            Write-Host "  $($_.Alpha2Code) - $($_.FriendlyName)" -ForegroundColor White

        }

        Write-Host "`nTotal countries available: $($countriesData.Count)" -ForegroundColor Gray

        Write-Host "`nUsage: Import-CountryIPBlockingToIntune -Countries @('CN', 'RU', 'KP')" -ForegroundColor Yellow

        return

    }

    if ($DryRun) {

        Write-Host "[DryRun] Would create Country IP Blocking for: $($Countries -join ', ')" -ForegroundColor Cyan

        Write-Host "Note: Country IP blocking requires downloading IP ranges and creating firewall rules" -ForegroundColor Gray

        Write-Host "IP ranges are available from: https://github.com/HotCakeX/Official-IANA-IP-blocks" -ForegroundColor Gray

        return

    }

    Write-Host "Note: Country IP Blocking implementation:" -ForegroundColor Yellow

    Write-Host "1. Download IP ranges for selected countries from IANA IP blocks" -ForegroundColor White

    Write-Host "2. Create Windows Firewall rules to block outbound connections" -ForegroundColor White

    Write-Host "3. Or use Network Protection in Microsoft Defender" -ForegroundColor White

    Write-Host "`nSelected countries: $($Countries -join ', ')" -ForegroundColor Cyan

    Write-Host "`nThis feature requires PowerShell script deployment via Intune Scripts" -ForegroundColor Yellow

}