NLBaselineIntuneDeviceHardening

1.0.0

Public/Import-Microsoft365AppsBaselineToIntune.ps1

                                <#

.SYNOPSIS

    Imports Microsoft 365 Apps Security Baseline to Intune.

.DESCRIPTION

    Downloads and applies Microsoft 365 Apps Security Baseline to Intune as Device Configuration policies.

.EXAMPLE

    Import-Microsoft365AppsBaselineToIntune

#>

function Import-Microsoft365AppsBaselineToIntune {

    [CmdletBinding()]

    param(

        [switch]$DryRun

    )

    $ErrorActionPreference = "Stop"

    $workspacePath = Get-WorkspacePath

    if (-not $workspacePath) {

        Write-Error "Workspace not configured. Run Initialize-NLBaseline first."

        return

    }

    $config = Get-Config -WorkspacePath $workspacePath

    if (-not $config -or [string]::IsNullOrEmpty($config.AppRegistration.ClientId) -or [string]::IsNullOrEmpty($config.AppRegistration.ClientSecret) -or [string]::IsNullOrEmpty($config.AppRegistration.TenantId)) {

        Write-Error "App Registration not configured in config.json."

        return

    }

    Write-Host "`nImporting Microsoft 365 Apps Security Baseline to Intune`n" -ForegroundColor Cyan

    if ($DryRun) {

        Write-Host "[DryRun] Would download and apply Microsoft 365 Apps Security Baseline" -ForegroundColor Cyan

        Write-Host "Note: Baseline is published twice a year (June and December)" -ForegroundColor Yellow

        Write-Host "`nTo get latest baseline, visit:" -ForegroundColor Yellow

        Write-Host "  https://learn.microsoft.com/deployoffice/security/security-baseline" -ForegroundColor White

        return

    }

    Write-Host "`nNote: Microsoft 365 Apps Security Baseline must be downloaded and applied via:" -ForegroundColor Yellow

    Write-Host "1. Download baseline ZIP from Microsoft" -ForegroundColor White

    Write-Host "2. Extract ADMX/ADML files and GPO backup" -ForegroundColor White

    Write-Host "3. Use Group Policy Analytics in Intune to convert to Settings Catalog policy" -ForegroundColor White

    Write-Host "`nLatest download: https://www.microsoft.com/download/details.aspx?id=55319" -ForegroundColor Cyan

    Write-Host "`nFor automated deployment:" -ForegroundColor Yellow

    Write-Host "  Devices > Configuration > Group Policy Analytics" -ForegroundColor White

    Write-Host "  Upload GPO backup and convert to Settings Catalog policy" -ForegroundColor White

}