Public/Import-EndpointSecurityToIntune.ps1
|
<#
.SYNOPSIS Imports Endpoint Security policies (Antivirus, Firewall) to Intune. .DESCRIPTION Creates Endpoint Security policies for Antivirus and Firewall configurations. .EXAMPLE Import-EndpointSecurityToIntune -PolicyType Antivirus #> function Import-EndpointSecurityToIntune { [CmdletBinding()] param( [ValidateSet('Antivirus', 'Firewall', 'All')] [string]$PolicyType = 'All', [switch]$DryRun ) $ErrorActionPreference = "Stop" $workspacePath = Get-WorkspacePath if (-not $workspacePath) { Write-Error "Workspace not configured. Run Initialize-NLBaseline first." return } $config = Get-Config -WorkspacePath $workspacePath if (-not $config -or [string]::IsNullOrEmpty($config.AppRegistration.ClientId) -or [string]::IsNullOrEmpty($config.AppRegistration.ClientSecret) -or [string]::IsNullOrEmpty($config.AppRegistration.TenantId)) { Write-Error "App Registration not configured in config.json." return } Write-Host "`nImporting Endpoint Security policies to Intune`n" -ForegroundColor Cyan if (-not $DryRun) { $connected = Connect-Intune -Config $config if (-not $connected) { Write-Error "Failed to connect to Microsoft Graph." return } } $policies = @() if ($PolicyType -eq 'Antivirus' -or $PolicyType -eq 'All') { $policies += @{ Type = 'Antivirus' Body = @{ "@odata.type" = "#microsoft.graph.windows10EndpointProtectionConfiguration" displayName = "NLBaseline - Endpoint Security Antivirus" description = "Antivirus settings from NLBaseline" defenderAntivirusScanDirection = "monitorAllFiles" defenderAntivirusScanType = "fullScan" defenderCloudBlockLevel = "high" defenderCloudExtendedTimeout = 50 defenderDisableBehaviorMonitoring = $false defenderDisableCloudProtection = $false defenderDisableIntrusionPreventionSystem = $false defenderDisableOnAccessProtection = $false defenderDisableRealTimeMonitoring = $false defenderDisableScanArchiveFiles = $false defenderDisableScanDownloads = $false defenderDisableScanNetworkFiles = $false defenderDisableScanRemovableDrivesDuringFullScan = $false defenderDisableScanScriptsLoadedInInternetExplorer = $false defenderEnableNetworkProtection = "enabled" defenderFileExtensionsToExclude = @() defenderMonitorFileActivity = "monitorAllFiles" defenderProcessesToExclude = @() defenderPromptForSampleSubmission = "sendSafeSamplesAutomatically" defenderRequireBehaviorMonitoring = $true defenderRequireCloudProtection = $true defenderRequireNetworkInspectionSystem = $true defenderRequireRealTimeMonitoring = $true defenderScanMaxCpuPercentage = 50 defenderSignatureUpdateIntervalInHours = 8 defenderSubmitSamplesConsentType = "sendSafeSamplesAutomatically" } } } if ($PolicyType -eq 'Firewall' -or $PolicyType -eq 'All') { Write-Host "Note: Firewall policies should be created via Endpoint Security > Firewall in Intune portal" -ForegroundColor Yellow Write-Host "Firewall settings are already included in WindowsFirewall baseline policy" -ForegroundColor Gray } $created = @() $failed = @() foreach ($pol in $policies) { if ($DryRun) { Write-Host "[DryRun] Would create: $($pol.Type) policy" -ForegroundColor Cyan $created += $pol.Type continue } try { # Check if policy with same displayName already exists and remove it $policyDisplayName = $pol.Body.displayName $removed = Remove-IntunePolicyByDisplayName -DisplayName $policyDisplayName -PolicyType "Configuration" if ($removed) { Write-Host "Removed existing policy: $policyDisplayName" -ForegroundColor Yellow } $res = Invoke-IntuneGraphRequest -Method POST -Uri "https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations" -Body ($pol.Body | ConvertTo-Json -Depth 20) $created += $pol.Type Write-Host "Created: $($pol.Type) policy (id: $($res.id))" -ForegroundColor Green } catch { $failed += "$($pol.Type): $_" Write-Warning "Failed to create $($pol.Type) policy: $_" } } Write-Host "`nImport complete. Created: $($created.Count), Failed: $($failed.Count)" -ForegroundColor Cyan } |