Public/Remove-AllNLBaselinePoliciesFromIntune.ps1
|
<#
.SYNOPSIS Removes ALL policies from Intune (Device Configurations and Compliance Policies). .DESCRIPTION Deletes ALL device configuration policies and compliance policies from Intune. This removes everything, including old configurations that are not part of this project. .PARAMETER DryRun List policies that would be deleted without actually deleting them. .EXAMPLE Remove-AllNLBaselinePoliciesFromIntune -DryRun Remove-AllNLBaselinePoliciesFromIntune #> function Remove-AllNLBaselinePoliciesFromIntune { [CmdletBinding(SupportsShouldProcess)] param( [switch]$DryRun ) $ErrorActionPreference = "Stop" $workspacePath = Get-WorkspacePath if (-not $workspacePath) { Write-Error "Workspace not configured. Run Initialize-NLBaseline first." return } $config = Get-Config -WorkspacePath $workspacePath if (-not $config -or [string]::IsNullOrEmpty($config.AppRegistration.ClientId) -or [string]::IsNullOrEmpty($config.AppRegistration.ClientSecret) -or [string]::IsNullOrEmpty($config.AppRegistration.TenantId)) { Write-Error "App Registration not configured in config.json." return } Write-Host "`nRemoving ALL policies from Intune`n" -ForegroundColor Cyan Write-Host "WARNING: This will delete ALL device configuration policies and compliance policies!" -ForegroundColor Red if (-not $DryRun) { $connected = Connect-Intune -Config $config if (-not $connected) { Write-Error "Failed to connect to Microsoft Graph." return } } $totalDeleted = 0 $totalFailed = 0 $allFailedPolicies = @() try { # Get all device configuration policies Write-Host "`nRetrieving Device Configuration Policies..." -ForegroundColor Yellow $configUri = "https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations" $allConfigPolicies = @() $nextLink = $configUri do { if ($DryRun) { $response = @{ value = @() '@odata.nextLink' = $null } } else { $response = Invoke-IntuneGraphRequest -Method GET -Uri $nextLink } if ($response.value) { $allConfigPolicies += $response.value } $nextLink = $response.'@odata.nextLink' } while ($nextLink) Write-Host "Found $($allConfigPolicies.Count) device configuration policies" -ForegroundColor White # Get all compliance policies Write-Host "`nRetrieving Compliance Policies..." -ForegroundColor Yellow $complianceUri = "https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies" $allCompliancePolicies = @() $nextLink = $complianceUri do { if ($DryRun) { $response = @{ value = @() '@odata.nextLink' = $null } } else { $response = Invoke-IntuneGraphRequest -Method GET -Uri $nextLink } if ($response.value) { $allCompliancePolicies += $response.value } $nextLink = $response.'@odata.nextLink' } while ($nextLink) Write-Host "Found $($allCompliancePolicies.Count) compliance policies" -ForegroundColor White $totalPolicies = $allConfigPolicies.Count + $allCompliancePolicies.Count if ($totalPolicies -eq 0) { Write-Host "`nNo policies found in Intune." -ForegroundColor Yellow return } Write-Host "`nTotal policies to delete: $totalPolicies" -ForegroundColor Yellow Write-Host " - Device Configuration Policies: $($allConfigPolicies.Count)" -ForegroundColor White Write-Host " - Compliance Policies: $($allCompliancePolicies.Count)" -ForegroundColor White if ($DryRun) { Write-Host "`n[DryRun] Would delete the following policies:" -ForegroundColor Cyan Write-Host "`nDevice Configuration Policies:" -ForegroundColor Yellow foreach ($policy in $allConfigPolicies) { Write-Host " - $($policy.displayName) (ID: $($policy.id))" -ForegroundColor White } Write-Host "`nCompliance Policies:" -ForegroundColor Yellow foreach ($policy in $allCompliancePolicies) { Write-Host " - $($policy.displayName) (ID: $($policy.id))" -ForegroundColor White } Write-Host "`n[DryRun] Would delete $totalPolicies policies total" -ForegroundColor Cyan return } if (-not $PSCmdlet.ShouldProcess("$totalPolicies policies (Device Configurations + Compliance)", "Delete ALL")) { Write-Host "Operation cancelled." -ForegroundColor Yellow return } # Delete device configuration policies Write-Host "`nDeleting Device Configuration Policies..." -ForegroundColor Yellow foreach ($policy in $allConfigPolicies) { try { $deleteUri = "https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/$($policy.id)" Invoke-IntuneGraphRequest -Method DELETE -Uri $deleteUri Write-Host " Deleted: $($policy.displayName)" -ForegroundColor Green $totalDeleted++ } catch { Write-Warning " Failed to delete $($policy.displayName): $_" $totalFailed++ $allFailedPolicies += @{ Name = $policy.displayName Id = $policy.id Type = "Device Configuration" Error = $_.Exception.Message } } } # Delete compliance policies Write-Host "`nDeleting Compliance Policies..." -ForegroundColor Yellow foreach ($policy in $allCompliancePolicies) { try { $deleteUri = "https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/$($policy.id)" Invoke-IntuneGraphRequest -Method DELETE -Uri $deleteUri Write-Host " Deleted: $($policy.displayName)" -ForegroundColor Green $totalDeleted++ } catch { Write-Warning " Failed to delete $($policy.displayName): $_" $totalFailed++ $allFailedPolicies += @{ Name = $policy.displayName Id = $policy.id Type = "Compliance" Error = $_.Exception.Message } } } Write-Host "`nDeletion complete:" -ForegroundColor Cyan Write-Host " Deleted: $totalDeleted" -ForegroundColor Green Write-Host " Failed: $totalFailed" -ForegroundColor $(if ($totalFailed -eq 0) { 'Green' } else { 'Red' }) if ($totalFailed -gt 0) { Write-Host "`nFailed policies:" -ForegroundColor Yellow foreach ($fp in $allFailedPolicies) { Write-Host " - [$($fp.Type)] $($fp.Name): $($fp.Error)" -ForegroundColor Red } } } catch { Write-Error "Failed to remove policies: $_" } } |