Public/TenantConfiguration/Baseline/Add-BaselineConfiguration.ps1

function Add-BaselineConfiguration {
    param(
        [Parameter(Mandatory)]
        [string]$TenantId
    )

    try {
        Connect-CustomerGraph -CustomerTenantId $TenantId

        # These are dependent on each other, so we need to run them in a specific order

        # Entra ID
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding authentication method policy" -PercentComplete 0
        Add-AuthenticationMethodPolicy -TenantId $TenantId

        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding authentication strengths" -PercentComplete 10
        Add-AuthenticationStrengths -TenantId $TenantId
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding named locations" -PercentComplete 20
        Add-NamedLocations -TenantId $TenantId
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding conditional access policies" -PercentComplete 30
        Add-ConditionalAccessPolicies -TenantId $TenantId
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding authorization policies" -PercentComplete 40
        Add-AuthorizationPolicies -TenantId $TenantId
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding device registration policy" -PercentComplete 40
        Add-DeviceRegistrationPolicy -TenantId $TenantId

        # Intune
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding app protection policies" -PercentComplete 50
        Add-AppProtectionPolicies -TenantId $TenantId
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding device enrollment configuration" -PercentComplete 60
        Add-DeviceEnrollmentConfiguration -TenantId $TenantId

        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding configuration policies" -PercentComplete 70
        Add-ConfigurationPolicies -TenantId $TenantId
        
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding Windows Update for Business policies" -PercentComplete 80
        Add-WUFBConfiguration -TenantId $TenantId

        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding Windows Hello for Business PIN Reset" -PercentComplete 85
        Add-WindowsHelloForBusinessPINReset -TenantId $TenantId

        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding security baselines" -PercentComplete 90
        Add-SecurityBaselines -TenantId $TenantId

        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding compliance policies" -PercentComplete 95
        Add-CompliancePolicies -TenantId $TenantId
    
        # Exchange Online Protection
        Write-Progress -Activity "Creating baseline configuration for tenant '$TenantId'.." -Status "Adding EOP policies" -PercentComplete 100 -Completed
        Add-EOPPolicies -TenantId $TenantId
        
        Write-Host "Baseline configuration sucessfully created for tenant '$TenantId'." -ForegroundColor Green
        Write-Host "Please visit https://bit.ly/m365baseline to see the next steps, and to complete the configuration." -ForegroundColor Yellow

    }
    catch {
        throw "Failed to create baseline configuration: $_"
    }
}