PSCloudPC

1.0.2

Public/Set-CPCUserSettingsPolicyAssignment.ps1

function Set-CPCUserSettingsPolicyAssignment {
    <#
    .SYNOPSIS
    Assign a Cloud PC User Settings Policy to a group
    .DESCRIPTION
    Assign a Cloud PC User Settings Policy to a group
    .PARAMETER Name
    Name of the Cloud PC User Settings Policy
    .PARAMETER GroupName
    Name of the group to assign the policy to
    .EXAMPLE
    Set-CPCUserSettingsPolicyAssignment -Name "MyUserSettingsPolicy" -GroupName "MyGroup"
    .EXAMPLE
    Set-CPCUserSettingsPolicyAssignment -Name "MyUserSettingsPolicy" -GroupName "MyGroup" -Force (Removes existing assignments)
    #>
    [CmdletBinding(DefaultParameterSetName = 'Name')]
    param (
        [parameter(Mandatory = $true, ParameterSetName = 'Name')]
        [string]$Name,
        [Parameter(mandatory = $false)][string]$GroupName,
        [Parameter(mandatory = $false)][switch]$Force
        # TODO: Add SupportsShouldProcess

    )
    
    begin {
        Get-TokenValidity

        Get-AzureADGroupID -GroupName $GroupName

        If ($null -eq $script:GroupID) {
            Throw "No group found with name $GroupName"
            return
        }

        $Policy = Get-CPCUserSettingsPolicy -name $Name

        If ($null -eq $Policy) {
            Throw "No User Settings Policy found with name $Name"
            return
        }

        $url = "https://graph.microsoft.com/$script:MSGraphVersion/deviceManagement/virtualEndpoint/userSettings/$($Policy.id)/assign"

        Write-Verbose "Assignment url: $($url)"

    }

    Process {

        If ($Force) {
            Write-Verbose "Force parameter is set. Not adding existing assignments to body, using GroupID $($script:GroupID)"
            $GroupID = $script:GroupID
        }
        Else {

            Write-Verbose "Force parameter is not set. Adding existing, if present, assignments to body"

            $assignmenturl = "https://graph.microsoft.com/$script:MSGraphVersion/deviceManagement/virtualEndpoint/userSettings/$($Policy.id)?`$expand=assignments"
            
            Write-Verbose "Current Assignments url: $($assignmenturl)"

            $assignments = Invoke-RestMethod -Uri $assignmenturl -Headers $script:Authheader -Method GET

            $currentassignments = $Assignments.assignments.target.GroupId

            Write-verbose "Current Assignments: $($currentassignments)"

            If ($null -eq $currentassignments) {
                Write-Verbose "No assignments found"
                $GroupID = $script:GroupID
                Write-Verbose "GroupID Value: $($GroupID)"

            }
            Else {
                Write-Verbose "Assignments found"
                $GroupID = New-Object System.Collections.Generic.List[System.Object]
                $GroupID.Add($script:GroupID)
                $currentassignments | ForEach-Object {
                    $GroupID.Add($_)
                }
                Write-Verbose "GroupID Value: $($GroupID)"

            }

        }

        # Initialize the $params variable
        $params = @{
            Assignments = @()
        }

        # Iterate over the group IDs and add an element to the Assignments array for each group ID
        $GroupID | ForEach-Object {
            $params.Assignments += @{
                Target = @{
                    GroupId = $_  
                }
            }
        }

        $body = $params | ConvertTo-Json -Depth 100

        try {
            Invoke-RestMethod -Headers $script:Authheader -Uri $url -Method Post -ContentType "application/json" -Body $body
        }
        catch {
            Throw $_.Exception.Message
        }
        
    }
}