UnofficialIntuneManagement.psm1
|
<#
.COPYRIGHT Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. #> function Get-AuthToken { <# .SYNOPSIS This function is used to authenticate with the Graph API REST interface .DESCRIPTION The function authenticate with the Graph API Interface with the tenant name .EXAMPLE Get-AuthToken Authenticates you with the Graph API interface .NOTES NAME: Get-AuthToken #> [cmdletbinding()] param ( [Parameter(Mandatory=$true)] $User, $Password ) $userUpn = New-Object "System.Net.Mail.MailAddress" -ArgumentList $User $tenant = $userUpn.Host Write-Host "Checking for AzureAD module..." $AadModule = Get-Module -Name "AzureAD" -ListAvailable if ($AadModule -eq $null) { Write-Host "AzureAD PowerShell module not found, looking for AzureADPreview" $AadModule = Get-Module -Name "AzureADPreview" -ListAvailable } if ($AadModule -eq $null) { write-host "AzureAD Powershell module not installed..." -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow write-host "Script can't continue..." -f Red exit } # Getting path to ActiveDirectory Assemblies # If the module count is greater than 1 find the latest version if($AadModule.count -gt 1){ $Latest_Version = ($AadModule | select version | Sort-Object)[-1] $aadModule = $AadModule | ? { $_.version -eq $Latest_Version.version } # Checking if there are multiple versions of the same module found if($AadModule.count -gt 1){ $aadModule = $AadModule | select -Unique } $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll" } else { $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll" } [System.Reflection.Assembly]::LoadFrom($adal) | Out-Null [System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null $clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547" $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $resourceAppIdURI = "https://graph.microsoft.com" $authority = "https://login.microsoftonline.com/$Tenant" try { $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Always" if ($Password -eq $null) { $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId") $authResult = $authContext.AcquireTokenAsync($resourceAppIdURI, $clientId, $redirectUri, $platformParameters).Result } else { $userCred = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $User, $Password $authResult = $authContext.AcquireTokenAsync($resourceAppIdURI, $userCred).Result } # If the accesstoken is valid then create the authentication header if($authResult.AccessToken){ # Creating header for Authorization token $authHeader = @{ 'Content-Type'='application/json' 'Authorization'="Bearer " + $authResult.AccessToken 'ExpiresOn'=$authResult.ExpiresOn } return $authHeader } else { Write-Host "Authorization Access Token is null, please re-run authentication..." -ForegroundColor Red break } } catch { write-host $_.Exception.Message -f Red write-host $_.Exception.ItemName -f Red break } } Function Get-AADGroup(){ <# .SYNOPSIS This function is used to get AAD Groups from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any Groups registered with AAD .EXAMPLE Get-AADGroup Returns all users registered with Azure AD .NOTES NAME: Get-AADGroup #> [cmdletbinding()] param ( $GroupName, $id, [switch]$Members ) # Defining Variables $graphApiVersion = "v1.0" $Group_resource = "groups" try { if($id){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=id eq '$id'" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } elseif($GroupName -eq "" -or $GroupName -eq $null){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } else { if(!$Members){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } elseif($Members){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" $Group = (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value if($Group){ $GID = $Group.id $Group.displayName $uri = "https://graph.microsoft.com/$graphApiVersion/$($Group_resource)/$GID/Members" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-AADUser(){ <# .SYNOPSIS This function is used to get AAD Users from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any users registered with AAD .EXAMPLE Get-AADUser Returns all users registered with Azure AD .EXAMPLE Get-AADUser -userPrincipleName user@domain.com Returns specific user by UserPrincipalName registered with Azure AD .NOTES NAME: Get-AADUser #> [cmdletbinding()] param ( $userPrincipalName, $Property ) # Defining Variables $graphApiVersion = "v1.0" $User_resource = "users" try { if($userPrincipalName -eq "" -or $userPrincipalName -eq $null){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($User_resource)" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } else { if($Property -eq "" -or $Property -eq $null){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($User_resource)/$userPrincipalName" Write-Verbose $uri Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($User_resource)/$userPrincipalName/$Property" Write-Verbose $uri (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-AADUserDevices(){ <# .SYNOPSIS This function is used to get an AAD User Devices from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets a users devices registered with Intune MDM .EXAMPLE Get-AADUserDevices -UserID $UserID Returns all user devices registered in Intune MDM .NOTES NAME: Get-AADUserDevices #> [cmdletbinding()] param ( [Parameter(Mandatory=$true,HelpMessage="UserID (guid) for the user you want to take action on must be specified:")] $UserID ) # Defining Variables $graphApiVersion = "beta" $Resource = "users/$UserID/managedDevices" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Write-Verbose $uri (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-AADDevice(){ <# .SYNOPSIS This function is used to get an AAD Device from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets an AAD Device registered with AAD .EXAMPLE Get-AADDevice -DeviceID $DeviceID Returns an AAD Device from Azure AD .NOTES NAME: Get-AADDevice #> [cmdletbinding()] param ( $DeviceID ) # Defining Variables $graphApiVersion = "v1.0" $Resource = "devices" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)?`$filter=deviceId eq '$DeviceID'" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-AADGroupMember(){ <# .SYNOPSIS This function is used to add an member to an AAD Group from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a member to an AAD Group registered with AAD .EXAMPLE Add-AADGroupMember -GroupId $GroupId -AADMemberID $AADMemberID Returns all users registered with Azure AD .NOTES NAME: Add-AADGroupMember #> [cmdletbinding()] param ( $GroupId, $AADMemberId ) # Defining Variables $graphApiVersion = "v1.0" $Resource = "groups" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource/$GroupId/members/`$ref" $JSON = @" { "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/$AADMemberId" } "@ Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $Json -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-AndroidApplication(){ <# .SYNOPSIS This function is used to add an Android application using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds an Android application from the itunes store .EXAMPLE Add-AndroidApplication -JSON $JSON -IconURL pathtourl Adds an Android application into Intune using an icon from a URL .NOTES NAME: Add-AndroidApplication #> [cmdletbinding()] param ( $JSON, $IconURL ) $graphApiVersion = "Beta" $App_resource = "deviceAppManagement/mobileApps" try { if(!$JSON){ write-host "No JSON was passed to the function, provide a JSON variable" -f Red break } if($IconURL){ write-verbose "Icon specified: $IconURL" if(!(test-path "$IconURL")){ write-host "Icon Path '$IconURL' doesn't exist..." -ForegroundColor Red Write-Host "Please specify a valid path..." -ForegroundColor Red break } $iconResponse = Invoke-WebRequest "$iconUrl" $base64icon = [System.Convert]::ToBase64String($iconResponse.Content) $iconExt = ([System.IO.Path]::GetExtension("$iconURL")).replace(".","") $iconType = "image/$iconExt" Write-Verbose "Updating JSON to add Icon Data" $U_JSON = ConvertFrom-Json $JSON $U_JSON.largeIcon.type = "$iconType" $U_JSON.largeIcon.value = "$base64icon" $JSON = ConvertTo-Json $U_JSON Write-Verbose $JSON Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-itunesApplication(){ <# .SYNOPSIS This function is used to get an iOS application from the itunes store using the Apple REST API interface .DESCRIPTION The function connects to the Apple REST API Interface and returns applications from the itunes store .EXAMPLE Get-itunesApplication -SearchString "Microsoft Corporation" Gets an iOS application from itunes store .EXAMPLE Get-itunesApplication -SearchString "Microsoft Corporation" -Limit 10 Gets an iOS application from itunes store with a limit of 10 results .NOTES NAME: Get-itunesApplication https://affiliate.itunes.apple.com/resources/documentation/itunes-store-web-service-search-api/ #> [cmdletbinding()] param ( [Parameter(Mandatory=$true)] $SearchString, [int]$Limit ) try{ Write-Verbose $SearchString # Testing if string contains a space and replacing it with a + $SearchString = $SearchString.replace(" ","+") Write-Verbose "SearchString variable converted if there is a space in the name $SearchString" if($Limit){ $iTunesUrl = "https://itunes.apple.com/search?entity=software&term=$SearchString&attribute=softwareDeveloper&limit=$limit" } else { $iTunesUrl = "https://itunes.apple.com/search?entity=software&term=$SearchString&attribute=softwareDeveloper" } write-verbose $iTunesUrl $apps = Invoke-RestMethod -Uri $iTunesUrl -Method Get # Putting sleep in so that no more than 20 API calls to itunes REST API # https://affiliate.itunes.apple.com/resources/documentation/itunes-store-web-service-search-api/ sleep 3 return $apps } catch { write-host $_.Exception.Message -f Red write-host $_.Exception.ItemName -f Red write-verbose $_.Exception break } } Function Add-iOSApplication(){ <# .SYNOPSIS This function is used to add an iOS application using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds an iOS application from the itunes store .EXAMPLE Add-iOSApplication -AuthHeader $AuthHeader Adds an iOS application into Intune from itunes store .NOTES NAME: Add-iOSApplication #> [cmdletbinding()] param ( $itunesApp ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" $app = $itunesApp Write-Verbose $app Write-Host "Publishing $($app.trackName)" -f Yellow # Step 1 - Downloading the icon for the application $iconUrl = $app.artworkUrl60 if ($iconUrl -eq $null){ Write-Host "60x60 icon not found, using 100x100 icon" $iconUrl = $app.artworkUrl100 } if ($iconUrl -eq $null){ Write-Host "60x60 icon not found, using 512x512 icon" $iconUrl = $app.artworkUrl512 } $iconResponse = Invoke-WebRequest $iconUrl $base64icon = [System.Convert]::ToBase64String($iconResponse.Content) $iconType = $iconResponse.Headers["Content-Type"] if(($app.minimumOsVersion.Split(".")).Count -gt 2){ $Split = $app.minimumOsVersion.Split(".") $MOV = $Split[0] + "." + $Split[1] $osVersion = [Convert]::ToDouble($MOV) } else { $osVersion = [Convert]::ToDouble($app.minimumOsVersion) } # Setting support Operating System Devices if($app.supportedDevices -match "iPadMini"){ $iPad = $true } else { $iPad = $false } if($app.supportedDevices -match "iPhone6"){ $iPhone = $true } else { $iPhone = $false } # Step 2 - Create the Hashtable Object of the application $description = $app.description -replace "[^\x00-\x7F]+","" $graphApp = @{ "@odata.type"="#microsoft.graph.iosStoreApp"; displayName=$app.trackName; publisher=$app.artistName; description=$description; largeIcon= @{ type=$iconType; value=$base64icon; }; isFeatured=$false; appStoreUrl=$app.trackViewUrl; applicableDeviceType=@{ iPad=$iPad; iPhoneAndIPod=$iPhone; }; minimumSupportedOperatingSystem=@{ v8_0=$osVersion -lt 9.0; v9_0=$osVersion -eq 9.0; v10_0=$osVersion -gt 9.0; }; }; $JSON = ConvertTo-Json $graphApp # Step 3 - Publish the application to Graph Write-Host "Creating application via Graph" $createResult = Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body (ConvertTo-Json $graphApp) -Headers $authToken Write-Host "Application created as $uri/$($createResult.id)" } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-ApplicationCategory(){ <# .SYNOPSIS This function is used to add an application category using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a application category .EXAMPLE Add-ApplicationCategory -AppCategoryName $AppCategoryName Adds an application category in Intune .NOTES NAME: Add-ApplicationCategory #> [cmdletbinding()] param ( $AppCategoryName ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileAppCategories" try { if(!$AppCategoryName){ write-host "No Application Category Name specified, specify a valid Application Category Name" -f Red break } $JSON = @" { "@odata.type": "#microsoft.graph.mobileAppCategory", "displayName": "$AppCategoryName" } "@ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ApplicationCategory(){ <# .SYNOPSIS This function is used to get application categories from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any application category .EXAMPLE Get-ApplicationCategory Returns any application categories configured in Intune .NOTES NAME: Get-ApplicationCategory #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileAppCategories" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-ApplicationAssignment(){ <# .SYNOPSIS This function is used to add an application assignment using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a application assignment .EXAMPLE Add-ApplicationAssignment -ApplicationId $ApplicationId -TargetGroupId $TargetGroupId -InstallIntent $InstallIntent Adds an application assignment in Intune .NOTES NAME: Add-ApplicationAssignment #> [cmdletbinding()] param ( $ApplicationId, $TargetGroupId, $InstallIntent ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps/$ApplicationId/groupAssignments" try { if(!$ApplicationId){ write-host "No Application Id specified, specify a valid Application Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } if(!$InstallIntent){ write-host "No Install Intent specified, specify a valid Install Intent - available, notApplicable, required, uninstall, availableWithoutEnrollment" -f Red break } $JSON = @" { "@odata.type": "#microsoft.graph.mobileAppGroupAssignment", "targetGroupId": "$TargetGroupId", "installIntent": "$InstallIntent" } "@ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ApplicationAssignment(){ <# .SYNOPSIS This function is used to get an application assignment from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets an application assignment .EXAMPLE Get-ApplicationAssignment Returns an Application Assignment configured in Intune .NOTES NAME: Get-ApplicationAssignment #> [cmdletbinding()] param ( $ApplicationId ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps/$ApplicationId/groupAssignments" try { if(!$ApplicationId){ write-host "No Application Id specified, specify a valid Application Id" -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Remove-ApplicationCategory(){ <# .SYNOPSIS This function is used to remove an application category from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes an application category .EXAMPLE Remove-ApplicationCategory -id $id Removes an application category configured in Intune .NOTES NAME: Remove-ApplicationCategory #> [cmdletbinding()] param ( $id ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileAppCategories" try { if($id -eq "" -or $id -eq $null){ write-host "No id specified for application category, can't remove application category..." -f Red write-host "Please specify id for application category..." -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" Invoke-RestMethod -Uri $uri Headers $authToken Method Delete } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-IntuneMAMApplication(){ <# .SYNOPSIS This function is used to get MAM applications from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any MAM applications .EXAMPLE Get-IntuneMAMApplication Returns any MAM applications configured in Intune .NOTES NAME: Get-IntuneMAMApplication #> [cmdletbinding()] $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | ? { ($_.'@odata.type').Contains("managed") } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-IntuneApplication(){ <# .SYNOPSIS This function is used to get applications from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any applications added .EXAMPLE Get-IntuneApplication Returns any applications configured in Intune .NOTES NAME: Get-IntuneApplication #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") -and (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Remove-IntuneApplication(){ <# .SYNOPSIS This function is used to remove an application from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes and application .EXAMPLE Remove-IntuneApplication -id $id Removes an application configured in Intune .NOTES NAME: Remove-IntuneApplication #> [cmdletbinding()] param ( $id ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { if($id -eq "" -or $id -eq $null){ write-host "No id specified for application, can't remove application..." -f Red write-host "Please specify id for application..." -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" Invoke-RestMethod -Uri $uri Headers $authToken Method Delete } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-WebApplication(){ <# .SYNOPSIS This function is used to add a Web application using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a Web application .EXAMPLE Add-WebApplication -JSON $JSON -IconURL pathtourl Adds a Web application into Intune using an icon from a URL .NOTES NAME: Add-WebApplication #> [cmdletbinding()] param ( $JSON, $IconURL ) $graphApiVersion = "Beta" $App_resource = "deviceAppManagement/mobileApps" try { if(!$JSON){ write-host "No JSON was passed to the function, provide a JSON variable" -f Red break } if($IconURL){ write-verbose "Icon specified: $IconURL" if(!(test-path "$IconURL")){ write-host "Icon Path '$IconURL' doesn't exist..." -ForegroundColor Red Write-Host "Please specify a valid path..." -ForegroundColor Red break } $iconResponse = Invoke-WebRequest "$iconUrl" $base64icon = [System.Convert]::ToBase64String($iconResponse.Content) $iconExt = ([System.IO.Path]::GetExtension("$iconURL")).replace(".","") $iconType = "image/$iconExt" Write-Verbose "Updating JSON to add Icon Data" $U_JSON = ConvertFrom-Json $JSON $U_JSON.largeIcon.type = "$iconType" $U_JSON.largeIcon.value = "$base64icon" $JSON = ConvertTo-Json $U_JSON Write-Verbose $JSON Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-WebApplication(){ <# .SYNOPSIS This function is used to add a Web application using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a Web application .EXAMPLE Add-WebApplication -JSON $JSON -IconURL pathtourl Adds a Web application into Intune using an icon from a URL .NOTES NAME: Add-WebApplication #> [cmdletbinding()] param ( $JSON, $IconURL ) $graphApiVersion = "Beta" $App_resource = "deviceAppManagement/mobileApps" try { if(!$JSON){ write-host "No JSON was passed to the function, provide a JSON variable" -f Red break } if($IconURL){ write-verbose "Icon specified: $IconURL" if(!(test-path "$IconURL")){ write-host "Icon Path '$IconURL' doesn't exist..." -ForegroundColor Red Write-Host "Please specify a valid path..." -ForegroundColor Red break } $iconResponse = Invoke-WebRequest "$iconUrl" $base64icon = [System.Convert]::ToBase64String($iconResponse.Content) $iconExt = ([System.IO.Path]::GetExtension("$iconURL")).replace(".","") $iconType = "image/$iconExt" Write-Verbose "Updating JSON to add Icon Data" $U_JSON = ConvertFrom-Json $JSON $U_JSON.largeIcon.type = "$iconType" $U_JSON.largeIcon.value = "$base64icon" $JSON = ConvertTo-Json $U_JSON Write-Verbose $JSON Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-ManagedAppPolicy(){ <# .SYNOPSIS This function is used to add an Managed App policy using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a Managed App policy .EXAMPLE Add-ManagedAppPolicy -JSON $JSON Adds a Managed App policy in Intune .NOTES NAME: Add-ManagedAppPolicy #> [cmdletbinding()] param ( $JSON ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/managedAppPolicies" try { if($JSON -eq "" -or $JSON -eq $null){ write-host "No JSON specified, please specify valid JSON for a Managed App Policy..." -f Red } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Assign-ManagedAppPolicy(){ <# .SYNOPSIS This function is used to assign an AAD group to a Managed App Policy using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and assigns a Managed App Policy with an AAD Group .EXAMPLE Assign-ManagedAppPolicy -Id $Id -TargetGroupId $TargetGroupId -OS Android Assigns an AAD Group assignment to an Android App Protection Policy in Intune .EXAMPLE Assign-ManagedAppPolicy -Id $Id -TargetGroupId $TargetGroupId -OS iOS Assigns an AAD Group assignment to an iOS App Protection Policy in Intune .NOTES NAME: Assign-ManagedAppPolicy #> [cmdletbinding()] param ( $Id, $TargetGroupId, $OS ) $graphApiVersion = "Beta" try { if(!$Id){ write-host "No Policy Id specified, specify a valid Application Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } $JSON = @" { "targetedSecurityGroups":[{"id":"https://graph.microsoft.com/v1.0/groups/$TargetGroupId"}] } "@ if($OS -eq "" -or $OS -eq $null){ write-host "No OS parameter specified, please provide an OS. Supported value Android or iOS..." -f Red break } elseif($OS -eq "Android"){ $uri = "https://graph.microsoft.com/beta/deviceAppManagement/iosManagedAppProtections('$ID')/updateTargetedSecurityGroups" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } elseif($OS -eq "iOS"){ $uri = "https://graph.microsoft.com/$graphApiVersion/deviceAppManagement/iosManagedAppProtections('$ID')/updateTargetedSecurityGroups" Invoke-RestMethod -Uri $uri -Method Post -ContentType "application/json" -Body $JSON -Headers $authToken } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ManagedAppPolicy(){ <# .SYNOPSIS This function is used to get managed app policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any managed app policies .EXAMPLE Get-ManagedAppPolicy Returns any managed app policies configured in Intune .NOTES NAME: Get-ManagedAppPolicy #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/managedAppPolicies" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ManagedAppPolicyMobileApps(){ <# .SYNOPSIS This function is used to get managed app policy Mobile Apps from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any managed app policy mobile apps .EXAMPLE Get-ManagedAppPolicyMobileApps -id $id Returns any managed app policy mobile apps configured in Intune .NOTES NAME: Get-ManagedAppPolicyMobileApps #> [cmdletbinding()] param ( $id, $OS ) $graphApiVersion = "Beta" try { if($id -eq "" -or $id -eq $null){ write-host "No Managed App Policy id specified, please provide a policy id..." -f Red break } else { if($OS -eq "" -or $OS -eq $null){ write-host "No OS parameter specified, please provide an OS. Supported value Android or iOS..." -f Red break } elseif($OS -eq "Android"){ $Resource = "deviceAppManagement/androidManagedAppProtections('$id')/?`$Expand=mobileAppIdentifierDeployments" $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri Headers $authToken Method Get | select mobileAppIdentifierDeployments } elseif($OS -eq "iOS"){ $Resource = "deviceAppManagement/iosManagedAppProtections('$id')/?`$Expand=mobileAppIdentifierDeployments" $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri Headers $authToken Method Get | select mobileAppIdentifierDeployments } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Remove-ManagedAppPolicy(){ <# .SYNOPSIS This function is used to remove Managed App policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and removes managed app policies .EXAMPLE Remove-ManagedAppPolicy -id $id Removes a managed app policy configured in Intune .NOTES NAME: Remove-ManagedAppPolicy #> [cmdletbinding()] param ( $id ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/managedAppPolicies" try { if($id -eq "" -or $id -eq $null){ write-host "No id specified for managed app policy, can't remove managed app policy..." -f Red write-host "Please specify id for managed app policy..." -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" Invoke-RestMethod -Uri $uri Headers $authToken Method Delete } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-AADUserManagedAppRegistrations(){ <# .SYNOPSIS This function is used to get an AAD User Managed App Registrations from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets a users Managed App Registrations registered with AAD .EXAMPLE Get-AADUser Returns all Managed App Registration for a User registered with Azure AD .EXAMPLE Get-AADUserManagedAppRegistrations -id $id Returns specific user by id registered with Azure AD .NOTES NAME: Get-AADUserManagedAppRegistrations #> [cmdletbinding()] param ( $id ) # Defining Variables $graphApiVersion = "beta" $User_resource = "users/$id/managedAppRegistrations" try { if(!$id){ Write-Host "No AAD User ID was passed to the function, specify a valid AAD User ID" -ForegroundColor Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$User_resource" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-IntuneBrand(){ <# .SYNOPSIS This function is used to get the Company Intune Branding resources from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets the Intune Branding Resource .EXAMPLE Get-IntuneBrand Returns the Company Intune Branding configured in Intune .NOTES NAME: Get-IntuneBrand #> [cmdletbinding()] $graphApiVersion = "Beta" $Resource = "deviceManagement/intuneBrand" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" Invoke-RestMethod -Uri $uri Headers $authToken Method Get } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Set-IntuneBrand(){ <# .SYNOPSIS This function is used to set the Company Intune Brand resource using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and sets the Company Intune Brand Resource .EXAMPLE Set-IntuneBrand -JSON $JSON Sets the Company Intune Brand using Graph API .NOTES NAME: Set-IntuneBrand #> [cmdletbinding()] param ( $JSON ) $graphApiVersion = "Beta" $App_resource = "deviceManagement" try { if(!$JSON){ write-host "No JSON was passed to the function, provide a JSON variable" -f Red break } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($App_resource)" Invoke-RestMethod -Uri $uri -Method Patch -ContentType "application/json" -Body $JSON -Headers $authToken } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Assign-ProfileToDevices(){ <# .SYNOPSIS This function is used to assign a profile to given devices using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and assigns a profile to given devices .EXAMPLE Assign-ProfileToDevices Assigns a profile to given devices in Intune .NOTES NAME: Assign-ProfileToDevices #> [cmdletbinding()] param ( $Devices, $ProfileId ) $graphApiVersion = "Beta" $ResourceSegment = "deviceManagement/enrollmentProfiles('{0}')/updateDeviceProfileAssignment" try { if([string]::IsNullOrWhiteSpace($ProfileId)){ $ProfileId = Read-Host -Prompt "Please specify profile Id to assign to devices" } $id = [Guid]::NewGuid(); if([string]::IsNullOrWhiteSpace($ProfileId) -or ![Guid]::TryParse($ProfileId, [ref]$id)){ write-host "Invalid ProfileId specified, please specify valid ProfileId to assign to devices..." -f Red } elseif ($Devices -eq $null -or $Devices.Count -eq 0){ write-host "No devices specified, please specify a list of devices to assign..." -f Red } else { $Resource = "deviceManagement/enrollmentProfiles('$ProfileId')/updateDeviceProfileAssignment" $DevicesArray = $Devices -split "," $JSON = @{ "deviceIds" = $DevicesArray } | ConvertTo-Json Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" Write-Host "Devices assigned!" -f Green } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-UnAssignedDevices(){ <# .SYNOPSIS This function is used to get all un-assigned bulk devices using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets all un-assigned bulk devices .EXAMPLE Get-UnAssignedDevices Gets all un-assigned bulk devices .NOTES NAME: Get-UnAssignedDevices #> [cmdletbinding()] param ( ) $graphApiVersion = "Beta" $ResourceSegment = "deviceManagement/importedAppleDeviceIdentities?`$filter=discoverySource eq 'deviceEnrollmentProgram'" try { [System.String]$devicesNextLink = '' [System.String[]]$unAssignedDevices = @() [System.Uri]$uri = "https://graph.microsoft.com/$graphApiVersion/$($ResourceSegment)" DO { $response = Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get -ContentType "application/json" $devicesNextLink = $response."@odata.nextLink" $uri = $devicesNextLink foreach($device in $response.value) { write-host "SerialNumber: " $device.SerialNumber "RequestedEnrollmentProfileId: " $device.RequestedEnrollmentProfileId "`n" if ([string]::IsNullOrEmpty($device.RequestedEnrollmentProfileId)) { $unAssignedDevices += $device.SerialNumber } if ($unAssignedDevices.Count -ge 1000) { $devicesNextLink = '' break } } }While(![string]::IsNullOrEmpty($devicesNextLink)) Write-Host $unAssignedDevices -f Yellow return $unAssignedDevices } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-UserDeviceStatus(){ [cmdletbinding()] param ( [switch]$Analyze ) Write-Host "Getting User Devices..." -ForegroundColor Yellow $UserDevices = Get-AADUserDevices -UserID $UserID if($UserDevices){ write-host "-------------------------------------------------------------------" foreach($UserDevice in $UserDevices){ $UserDeviceId = $UserDevice.id $UserDeviceName = $UserDevice.deviceName $UserDeviceAADDeviceId = $UserDevice.azureActiveDirectoryDeviceId $UserDeviceComplianceState = $UserDevice.complianceState write-host "Device Name:" $UserDevice.deviceName -f Cyan Write-Host "Device Id:" $UserDevice.id write-host "Owner Type:" $UserDevice.ownerType write-host "Last Sync Date:" $UserDevice.lastSyncDateTime write-host "OS:" $UserDevice.operatingSystem write-host "OS Version:" $UserDevice.osVersion if($UserDevice.easActivated -eq $false){ write-host "EAS Activated:" $UserDevice.easActivated -ForegroundColor Red } else { write-host "EAS Activated:" $UserDevice.easActivated } Write-Host "EAS DeviceId:" $UserDevice.easDeviceId if($UserDevice.aadRegistered -eq $false){ write-host "AAD Registered:" $UserDevice.aadRegistered -ForegroundColor Red } else { write-host "AAD Registered:" $UserDevice.aadRegistered } write-host "Enrollment Type:" $UserDevice.enrollmentType write-host "Management State:" $UserDevice.managementState if($UserDevice.complianceState -eq "noncompliant"){ write-host "Compliance State:" $UserDevice.complianceState -f Red $uri = "https://graph.microsoft.com/beta/managedDevices/$UserDeviceId/deviceCompliancePolicyStates" $deviceCompliancePolicyStates = (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value foreach($DCPS in $deviceCompliancePolicyStates){ if($DCPS.State -ne "notApplicable"){ Write-Host "Non Compliant Policy for device $UserDeviceName" -ForegroundColor Yellow write-host "Display Name:" $DCPS.displayName $SettingStatesId = $DCPS.id.split("_")[2] $uri = "https://graph.microsoft.com/beta/managedDevices/$UserDeviceId/deviceCompliancePolicyStates/$SettingStatesId/settingStates" $SettingStates = (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value foreach($SS in $SettingStates){ if($SS.state -eq "nonCompliant"){ Write-Host "Setting:" $SS.setting Write-Host "State:" $SS.state -ForegroundColor Red } } } } # Getting AAD Device using azureActiveDirectoryDeviceId property $uri = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$UserDeviceAADDeviceId'" $AADDevice = (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value $AAD_Compliant = $AADDevice.isCompliant # Checking if AAD Device and Intune ManagedDevice state are the same value Write-Host "Compliance State - AAD and ManagedDevices" -ForegroundColor Yellow Write-Host "AAD Compliance State:" $AAD_Compliant Write-Host "Intune Managed Device State:" $UserDeviceComplianceState } else { write-host "Compliance State:" $UserDevice.complianceState -f Green # Getting AAD Device using azureActiveDirectoryDeviceId property $uri = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$UserDeviceAADDeviceId'" $AADDevice = (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value $AAD_Compliant = $AADDevice.isCompliant # Checking if AAD Device and Intune ManagedDevice state are the same value Write-Host "Compliance State - AAD and ManagedDevices" -ForegroundColor Yellow Write-Host "AAD Compliance State:" $AAD_Compliant Write-Host "Intune Managed Device State:" $UserDeviceComplianceState } write-host "-------------------------------------------------------------------" } } else { #write-host "User Devices:" -f Yellow write-host "User has no devices" } } Function Add-DeviceCompliancePolicy(){ <# .SYNOPSIS This function is used to add a device compliance policy using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a device compliance policy .EXAMPLE Add-DeviceCompliancePolicy -JSON $JSON Adds an Android device compliance policy in Intune .NOTES NAME: Add-DeviceCompliancePolicy #> [cmdletbinding()] param ( $JSON ) $graphApiVersion = "Beta" $Resource = "deviceManagement/deviceCompliancePolicies" try { if($JSON -eq "" -or $JSON -eq $null){ write-host "No JSON specified, please specify valid JSON for the Android Policy..." -f Red } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-DeviceCompliancePolicyAssignment(){ <# .SYNOPSIS This function is used to add a device compliance policy assignment using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a device compliance policy assignment .EXAMPLE Add-DeviceCompliancePolicyAssignment -CompliancePolicyId $CompliancePolicyId -TargetGroupId $TargetGroupId Adds a device compliance policy assignment in Intune .NOTES NAME: Add-DeviceCompliancePolicyAssignment #> [cmdletbinding()] param ( $CompliancePolicyId, $TargetGroupId ) $graphApiVersion = "Beta" $Resource = "deviceManagement/deviceCompliancePolicies/$CompliancePolicyId/assign" try { if(!$CompliancePolicyId){ write-host "No Compliance Policy Id specified, specify a valid Compliance Policy Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } $ComPolAssign = "$CompliancePolicyId" + "_" + "$TargetGroupId" $JSON = @" { "deviceCompliancePolicyGroupAssignments": [ { "@odata.type": "#microsoft.graph.deviceCompliancePolicyGroupAssignment", "id": "$ComPolAssign", "targetGroupId": "$TargetGroupId" } ] } "@ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-DeviceCompliancePolicyAssignment(){ <# .SYNOPSIS This function is used to get device compliance policy assignment from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets a device compliance policy assignment .EXAMPLE Get-DeviceCompliancePolicyAssignment -id $id Returns any device compliance policy assignment configured in Intune .NOTES NAME: Get-DeviceCompliancePolicyAssignment #> [cmdletbinding()] param ( [Parameter(Mandatory=$true,HelpMessage="Enter id (guid) for the Device Compliance Policy you want to check assignment")] $id ) $graphApiVersion = "Beta" $DCP_resource = "deviceManagement/deviceCompliancePolicies" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($DCP_resource)/$id/groupAssignments" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-DeviceCompliancePolicy(){ <# .SYNOPSIS This function is used to get device compliance policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any device compliance policies .EXAMPLE Get-DeviceCompliancePolicy Returns any device compliance policies configured in Intune .EXAMPLE Get-DeviceCompliancePolicy -Android Returns any device compliance policies for Android configured in Intune .EXAMPLE Get-DeviceCompliancePolicy -iOS Returns any device compliance policies for iOS configured in Intune .NOTES NAME: Get-DeviceCompliancePolicy #> [cmdletbinding()] param ( $Name, [switch]$Android, [switch]$iOS, [switch]$Win10 ) $graphApiVersion = "Beta" $Resource = "deviceManagement/deviceCompliancePolicies" try { $Count_Params = 0 if($Android.IsPresent){ $Count_Params++ } if($iOS.IsPresent){ $Count_Params++ } if($Win10.IsPresent){ $Count_Params++ } if($Name.IsPresent){ $Count_Params++ } if($Count_Params -gt 1){ write-host "Multiple parameters set, specify a single parameter -Android -iOS or -Win10 against the function" -f Red } elseif($Android){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'@odata.type').contains("android") } } elseif($iOS){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'@odata.type').contains("ios") } } elseif($Win10){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'@odata.type').contains("windows10CompliancePolicy") } } elseif($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Remove-DeviceCompliancePolicy(){ <# .SYNOPSIS This function is used to delete a device configuration policy from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and deletes a device compliance policy .EXAMPLE Remove-DeviceConfigurationPolicy -id $id Returns any device configuration policies configured in Intune .NOTES NAME: Remove-DeviceConfigurationPolicy #> [cmdletbinding()] param ( $id ) $graphApiVersion = "Beta" $Resource = "deviceManagement/deviceCompliancePolicies" try { if($id -eq "" -or $id -eq $null){ write-host "No id specified for device compliance, can't remove compliance policy..." -f Red write-host "Please specify id for device compliance policy..." -f Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)/$id" Invoke-RestMethod -Uri $uri Headers $authToken Method Delete } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-DeviceConfigurationPolicy(){ <# .SYNOPSIS This function is used to add an device configuration policy using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a device configuration policy .EXAMPLE Add-DeviceConfigurationPolicy -JSON $JSON Adds a device configuration policy in Intune .NOTES NAME: Add-DeviceConfigurationPolicy #> [cmdletbinding()] param ( $JSON ) $graphApiVersion = "Beta" $DCP_resource = "deviceManagement/deviceConfigurations" Write-Verbose "Resource: $DCP_resource" try { if($JSON -eq "" -or $JSON -eq $null){ write-host "No JSON specified, please specify valid JSON for the Android Policy..." -f Red } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($DCP_resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-DeviceConfigurationPolicyAssignment(){ <# .SYNOPSIS This function is used to add a device configuration policy assignment using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a device configuration policy assignment .EXAMPLE Add-DeviceConfigurationPolicyAssignment -ConfigurationPolicyId $ConfigurationPolicyId -TargetGroupId $TargetGroupId Adds a device configuration policy assignment in Intune .NOTES NAME: Add-DeviceConfigurationPolicyAssignment #> [cmdletbinding()] param ( $ConfigurationPolicyId, $TargetGroupId ) $graphApiVersion = "Beta" $Resource = "deviceManagement/deviceConfigurations/$ConfigurationPolicyId/assign" try { if(!$ConfigurationPolicyId){ write-host "No Configuration Policy Id specified, specify a valid Configuration Policy Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } $ConfPolAssign = "$ConfigurationPolicyId" + "_" + "$TargetGroupId" $JSON = @" { "deviceConfigurationGroupAssignments": [ { "@odata.type": "#microsoft.graph.deviceConfigurationGroupAssignment", "id": "$ConfPolAssign", "targetGroupId": "$TargetGroupId" } ] } "@ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-DeviceConfigurationPolicy(){ <# .SYNOPSIS This function is used to get device configuration policies from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any device configuration policies .EXAMPLE Get-DeviceConfigurationPolicy Returns any device configuration policies configured in Intune .NOTES NAME: Get-DeviceConfigurationPolicy #> [cmdletbinding()] $graphApiVersion = "Beta" $DCP_resource = "deviceManagement/deviceConfigurations" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($DCP_resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Set-DeviceEnrollmentRestrictions(){ <# .SYNOPSIS This function is used to set Device Enrollment Restrictions resource from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and sets Device Enrollment Restrictions Resource .EXAMPLE Set-DeviceEnrollmentRestrictions -id $id -JSON $JSON Sets device enrollment restrictions configured in Intune .NOTES NAME: Set-DeviceEnrollmentRestrictions #> [cmdletbinding()] param ( $id, $JSON ) $graphApiVersion = "Beta" $Resource = "organization('$id')" try { if(!$id){ write-host "Organization Id hasn't been specified, please specify Id..." -f Red break } elseif(!$JSON){ write-host "No JSON has been passed to the function, please specify JSON metadata..." -f Red break } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Patch -Body $Json -ContentType "application/json" } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Invoke-DeviceAction(){ <# .SYNOPSIS This function is used to set a generic intune resources from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and sets a generic Intune Resource .EXAMPLE Invoke-DeviceAction -DeviceID $DeviceID -remoteLock Resets a managed device passcode .NOTES NAME: Invoke-DeviceAction #> [cmdletbinding()] param ( [switch]$RemoteLock, [switch]$ResetPasscode, [switch]$Wipe, [switch]$Retire, [switch]$Delete, [switch]$Sync, [Parameter(Mandatory=$true,HelpMessage="DeviceId (guid) for the Device you want to take action on must be specified:")] $DeviceID ) $graphApiVersion = "Beta" try { $Count_Params = 0 if($RemoteLock.IsPresent){ $Count_Params++ } if($ResetPasscode.IsPresent){ $Count_Params++ } if($Wipe.IsPresent){ $Count_Params++ } if($Retire.IsPresent){ $Count_Params++ } if($Delete.IsPresent){ $Count_Params++ } if($Sync.IsPresent){ $Count_Params++ } if($Count_Params -eq 0){ write-host "No parameter set, specify -RemoteLock -ResetPasscode -Wipe -Delete or -Sync against the function" -f Red } elseif($Count_Params -gt 1){ write-host "Multiple parameters set, specify a single parameter -RemoteLock -ResetPasscode -Wipe -Delete or -Sync against the function" -f Red } elseif($RemoteLock){ $Resource = "managedDevices/$DeviceID/remoteLock" $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" write-verbose $uri Write-Verbose "Sending remoteLock command to $DeviceID" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post } elseif($ResetPasscode){ write-host "Are you sure you want to reset the Passcode this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ $Resource = "managedDevices/$DeviceID/resetPasscode" $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" write-verbose $uri Write-Verbose "Sending remotePasscode command to $DeviceID" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post } else { Write-Host "Reset of the Passcode for the device $DeviceID was cancelled..." } } elseif($Wipe){ write-host "Are you sure you want to wipe this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ $Resource = "managedDevices/$DeviceID/wipe" $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" write-verbose $uri Write-Verbose "Sending wipe command to $DeviceID" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post } else { Write-Host "Wipe of the device $DeviceID was cancelled..." } } elseif($Retire){ write-host "Are you sure you want to retire this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ $Resource = "managedDevices/$DeviceID/retire" $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" write-verbose $uri Write-Verbose "Sending retire command to $DeviceID" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post } else { Write-Host "Retire of the device $DeviceID was cancelled..." } } elseif($Delete){ Write-Warning "A deletion of a device will only work if the device has already had a retire or wipe request sent to the device..." write-host "Are you sure you want to delete this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ $Resource = "managedDevices('$DeviceID')" $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" write-verbose $uri Write-Verbose "Sending delete command to $DeviceID" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Delete } else { Write-Host "Deletion of the device $DeviceID was cancelled..." } } elseif($Sync){ write-host "Are you sure you want to sync this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ $Resource = "managedDevices('$DeviceID')/syncDevice" $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" write-verbose $uri Write-Verbose "Sending sync command to $DeviceID" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post } else { Write-Host "Sync of the device $DeviceID was cancelled..." } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ManagedDeviceOverview(){ <# .SYNOPSIS This function is used to get Managed Device Overview from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets the Managed Device Overview .EXAMPLE Get-ManagedDeviceOverview Returns Managed Device Overview configured in Intune .NOTES NAME: Get-ManagedDeviceOverview #> [cmdletbinding()] $graphApiVersion = "Beta" $Resource = "managedDeviceOverview" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ManagedDevices(){ <# .SYNOPSIS This function is used to get Intune Managed Devices from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any Intune Managed Device .EXAMPLE Get-ManagedDevices Returns all managed devices but excludes EAS devices registered within the Intune Service .EXAMPLE Get-ManagedDevices -IncludeEAS Returns all managed devices including EAS devices registered within the Intune Service .NOTES NAME: Get-ManagedDevices #> [cmdletbinding()] param ( [switch]$IncludeEAS, [switch]$ExcludeMDM ) # Defining Variables $graphApiVersion = "beta" $Resource = "managedDevices" try { $Count_Params = 0 if($IncludeEAS.IsPresent){ $Count_Params++ } if($ExcludeMDM.IsPresent){ $Count_Params++ } if($Count_Params -gt 1){ write-warning "Multiple parameters set, specify a single parameter -IncludeEAS, -ExcludeMDM or no parameter against the function" break } elseif($IncludeEAS){ $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource" } elseif($ExcludeMDM){ $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource`?`$filter=managementAgent eq 'eas'" } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource`?`$filter=managementAgent eq 'mdm' and managementAgent eq 'easmdm'" Write-Warning "EAS Devices are excluded by default, please use -IncludeEAS if you want to include those devices" } (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Set-ManagedDevice(){ <# .SYNOPSIS This function is used to set Managed Device property from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and sets a Managed Device property .EXAMPLE Set-ManagedDevice -id $id -ownerType company Returns Managed Devices configured in Intune .NOTES NAME: Set-ManagedDevice #> [cmdletbinding()] param ( $id, $ownertype ) $graphApiVersion = "Beta" $Resource = "managedDevices" try { if($id -eq "" -or $id -eq $null){ write-host "No Device id specified, please provide a device id..." -f Red break } if($ownerType -eq "" -or $ownerType -eq $null){ write-host "No ownerType parameter specified, please provide an ownerType. Supported value personal or company..." -f Red break } elseif($ownerType -eq "company"){ $JSON = @" { ownerType:"company" } "@ write-host "Are you sure you want to change the device ownership to 'company' on this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ # Send Patch command to Graph to change the ownertype $uri = "https://graph.microsoft.com/beta/managedDevices('$ID')" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Patch -Body $Json -ContentType "application/json" } else { Write-Host "Change of Device Ownership for the device $ID was cancelled..." -ForegroundColor Yellow } } elseif($ownerType -eq "personal"){ $JSON = @" { ownerType:"personal" } "@ write-host "Are you sure you want to change the device ownership to 'personal' on this device? Y or N?" $Confirm = read-host if($Confirm -eq "y" -or $Confirm -eq "Y"){ # Send Patch command to Graph to change the ownertype $uri = "https://graph.microsoft.com/beta/managedDevices('$ID')" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Patch -Body $Json -ContentType "application/json" } else { Write-Host "Change of Device Ownership for the device $ID was cancelled..." -ForegroundColor Yellow } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-ManagedDeviceUser(){ <# .SYNOPSIS This function is used to get a Managed Device username from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets a managed device users registered with Intune MDM .EXAMPLE Get-ManagedDeviceUser -DeviceID $DeviceID Returns a managed device user registered in Intune .NOTES NAME: Get-ManagedDeviceUser #> [cmdletbinding()] param ( [Parameter(Mandatory=$true,HelpMessage="DeviceID (guid) for the device on must be specified:")] $DeviceID ) # Defining Variables $graphApiVersion = "beta" $Resource = "manageddevices('$DeviceID')?`$select=userId" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Write-Verbose $uri (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).userId } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-Organization(){ <# .SYNOPSIS This function is used to get the Organization intune resource from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets the Organization Intune Resource .EXAMPLE Get-Organization Returns the Organization resource configured in Intune .NOTES NAME: Get-Organization #> [cmdletbinding()] $graphApiVersion = "Beta" $resource = "organization" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-RBACRole(){ <# .SYNOPSIS This function is used to add an RBAC Role Definitions from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds an RBAC Role Definitions .EXAMPLE Add-RBACRole -JSON $JSON .NOTES NAME: Add-RBACRole #> [cmdletbinding()] param ( $JSON ) $graphApiVersion = "Beta" $Resource = "deviceManagement/roleDefinitions" try { if(!$JSON){ write-host "No JSON was passed to the function, provide a JSON variable" -f Red break } Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $Json -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Assign-RBACRole(){ <# .SYNOPSIS This function is used to set an assignment for an RBAC Role using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and sets and assignment for an RBAC Role .EXAMPLE Assign-RBACRole -Id $IntuneRoleID -DisplayName "Assignment" -MemberGroupId $MemberGroupId -TargetGroupId $TargetGroupId Creates and Assigns and Intune Role assignment to an Intune Role in Intune .NOTES NAME: Assign-RBACRole #> [cmdletbinding()] param ( $Id, $DisplayName, $MemberGroupId, $TargetGroupId ) $graphApiVersion = "Beta" $Resource = "deviceManagement/roleAssignments" try { if(!$Id){ write-host "No Policy Id specified, specify a valid Application Id" -f Red break } if(!$DisplayName){ write-host "No Display Name specified, specify a Display Name" -f Red break } if(!$MemberGroupId){ write-host "No Member Group Id specified, specify a valid Target Group Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } $JSON = @" { "id":"", "description":"", "displayName":"$DisplayName", "members":["$MemberGroupId"], "scopeMembers":["$TargetGroupId"], "roleDefinition@odata.bind":"https://graph.microsoft.com/beta/deviceManagement/roleDefinitions('$ID')" } "@ $uri = "https://graph.microsoft.com/$graphApiVersion/$Resource" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-RBACRole(){ <# .SYNOPSIS This function is used to get RBAC Role Definitions from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any RBAC Role Definitions .EXAMPLE Get-RBACRole Returns any RBAC Role Definitions configured in Intune .NOTES NAME: Get-RBACRole #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceManagement/roleDefinitions" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") -and $_.isBuiltInRoleDefinition -eq $false } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Remove-RBACRole(){ <# .SYNOPSIS This function is used to delete an RBAC Role Definition from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and deletes an RBAC Role Definition .EXAMPLE Remove-RBACRole -roleDefinitionId $roleDefinitionId Returns any RBAC Role Definitions configured in Intune .NOTES NAME: Remove-RBACRole #> [cmdletbinding()] param ( $roleDefinitionId ) $graphApiVersion = "Beta" $Resource = "deviceManagement/roleDefinitions/$roleDefinitionId" try { if($roleDefinitionId -eq "" -or $roleDefinitionId -eq $null){ Write-Host "roleDefinitionId hasn't been passed as a paramater to the function..." -ForegroundColor Red write-host "Please specify a valid roleDefinitionId..." -ForegroundColor Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri Headers $authToken Method Delete } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-RBACRoleDefinition(){ <# .SYNOPSIS This function is used to get an RBAC Role Definition from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any RBAC Role Definition .EXAMPLE Get-RBACRoleDefinition -id $id Returns an RBAC Role Definitions configured in Intune .NOTES NAME: Get-RBACRoleDefinition #> [cmdletbinding()] param ( $id ) $graphApiVersion = "Beta" $Resource = "deviceManagement/roleDefinitions('$id')?`$expand=roleassignments" try { if(!$id){ write-host "No Role ID was passed to the function, provide an ID variable" -f Red break } $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).roleAssignments } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-RBACRoleAssignment(){ <# .SYNOPSIS This function is used to get an RBAC Role Assignment from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any RBAC Role Assignment .EXAMPLE Get-RBACRoleAssignment -id $id Returns an RBAC Role Assignment configured in Intune .NOTES NAME: Get-RBACRoleAssignment #> [cmdletbinding()] param ( $id ) $graphApiVersion = "Beta" $Resource = "deviceManagement/roleAssignments('$id')" try { if(!$id){ write-host "No Role Assignment ID was passed to the function, provide an ID variable" -f Red break } $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get) } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-RemoteActionAudit(){ <# .SYNOPSIS This function is used to get Remote Action Audits from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any Remote Action Audits .EXAMPLE Get-RemoteActionAudit Returns any device compliance policies configured in Intune .NOTES NAME: Get-RemoteActionAudit #> [cmdletbinding()] $graphApiVersion = "Beta" $Resource = "deviceManagement/remoteActionAudits" try { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Add-TermsAndConditions(){ <# .SYNOPSIS This function is used to add Terms and Conditions using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds Terms and Conditions Statement .EXAMPLE Add-TermsAndConditions -JSON $JSON Adds Terms and Conditions into Intune .NOTES NAME: Add-TermsAndConditions #> [cmdletbinding()] param ( $JSON ) $graphApiVersion = "Beta" $Resource = "deviceManagement/termsAndConditions" try { if($JSON -eq "" -or $JSON -eq $null){ write-host "No JSON specified, please specify valid JSON for the Android Policy..." -f Red } else { Test-JSON -JSON $JSON $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Assign-TermsAndConditions(){ <# .SYNOPSIS This function is used to assign Terms and Conditions from Intune to a Group using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and assigns terms and conditions to a group .EXAMPLE Assign-TermsAndConditions -id $id -TargetGroupId .NOTES NAME: Assign-TermsAndConditions #> [cmdletbinding()] param ( $id, $TargetGroupId ) $graphApiVersion = "Beta" $Resource = "deviceManagement/termsAndConditions/$id/groupAssignments" try { if(!$id){ Write-Host "No Terms and Conditions ID was passed to the function, specify a valid terms and conditions ID" -ForegroundColor Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } else { $JSON = @" { "targetGroupId":"$TargetGroupId" } "@ $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json" } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Get-TermsAndConditions(){ <# .SYNOPSIS This function is used to get the Get Terms And Conditions intune resource from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets the Terms and Conditions Intune Resource .EXAMPLE Get-TermsAndConditions Returns the Organization resource configured in Intune .NOTES NAME: Get-TermsAndConditions #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $resource = "deviceManagement/termsAndConditions" try { if($Name){ $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") } } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($resource)" (Invoke-RestMethod -Uri $uri Headers $authToken Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Remove-TermsAndCondition(){ <# .SYNOPSIS This function is used to delete a Terms and Condition Definition from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and deletes a Terms and Condition Definition .EXAMPLE Remove-TermsAndCondition -termsAndConditionsId $termsAndConditionsId Removes a Terms and Condition Definition configured in Intune .NOTES NAME: Remove-TermsAndCondition #> [cmdletbinding()] param ( $termsAndConditionId ) $graphApiVersion = "Beta" $Resource = "deviceManagement/termsAndConditions/$termsAndConditionId" try { if($termsAndConditionId -eq "" -or $termsAndConditionId -eq $null){ Write-Host "termsAndConditionId hasn't been passed as a paramater to the function..." -ForegroundColor Red write-host "Please specify a valid termsAndConditionsId..." -ForegroundColor Red break } else { $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri Headers $authToken Method Delete } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" break } } Function Test-JSON(){ <# .SYNOPSIS This function is used to test if the JSON passed to a REST Post request is valid .DESCRIPTION The function tests if the JSON passed to the REST Post is valid .EXAMPLE Test-JSON -JSON $JSON Test if the JSON is valid before calling the Graph REST interface .NOTES NAME: Test-JSON #> param ( $JSON ) try { $TestJSON = ConvertFrom-Json $JSON -ErrorAction Stop $validJson = $true } catch { $validJson = $false $_.Exception } if (!$validJson){ Write-Host "Provided JSON isn't in valid JSON format" -f Red break } } Function Export-JSONData(){ <# .SYNOPSIS This function is used to export JSON data returned from Graph .DESCRIPTION This function is used to export JSON data returned from Graph .EXAMPLE Export-JSONData -JSON $JSON Export the JSON inputted on the function .NOTES NAME: Export-JSONData #> param ( $JSON, $ExportPath ) try { if($JSON -eq "" -or $JSON -eq $null){ write-host "No JSON specified, please specify valid JSON..." -f Red } elseif(!$ExportPath){ write-host "No export path parameter set, please provide a path to export the file" -f Red } elseif(!(Test-Path $ExportPath)){ write-host "$ExportPath doesn't exist, can't export JSON Data" -f Red } else { $JSON1 = ConvertTo-Json $JSON $JSON_Convert = $JSON1 | ConvertFrom-Json $displayName = $JSON_Convert.displayName $Properties = ($JSON_Convert | Get-Member | ? { $_.MemberType -eq "NoteProperty" }).Name $displayName = $JSON_Convert.displayName $FileName_CSV = "$DisplayName" + "_" + $(get-date -f dd-MM-yyyy-H-mm-ss) + ".csv" $FileName_JSON = "$DisplayName" + "_" + $(get-date -f dd-MM-yyyy-H-mm-ss) + ".json" $Object = New-Object System.Object foreach($Property in $Properties){ $Object | Add-Member -MemberType NoteProperty -Name $Property -Value $JSON_Convert.$Property } write-host "Export Path:" "$ExportPath" $Object | Export-Csv "$ExportPath\$FileName_CSV" -Delimiter "," -NoTypeInformation -Append $JSON1 | Out-File "$ExportPath\$FileName_JSON" write-host "CSV created in $ExportPath\$FileName_CSV..." -f cyan write-host "JSON created in $ExportPath\$FileName_JSON..." -f cyan } } catch { $_.Exception } } Export-ModuleMember -Function * |