Public/TenantConfiguration/Baseline/Add-CompliancePolicies.ps1
|
function Add-CompliancePolicies { param( [Parameter(Mandatory)] [string]$TenantId ) try { Connect-CustomerGraph -CustomerTenantId $TenantId $CompliancePolicies = (Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies").value $CompliancePolicyFiles = Get-ChildItem -Path "$PSScriptRoot\CompliancePolicies" -Filter *.json foreach ($CompliancePolicyFile in $CompliancePolicyFiles) { $CompliancePolicy = Get-Content -Path $CompliancePolicyFile.FullName | ConvertFrom-Json -AsHashtable -Depth 100 if ($CompliancePolicies.displayName -contains $CompliancePolicy.displayName) { Write-Host "Compliance policy '$($CompliancePolicy.displayName)' already exists, not creating.." -ForegroundColor Yellow } else { $CompliancePolicy = Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies" -Body $CompliancePolicy Write-Host "Created compliance policy '$($CompliancePolicy.DisplayName)'!" -ForegroundColor Green Invoke-MgGraphRequest -METHOD POST -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/$($CompliancePolicy.id)/assign" -Body @{ "assignments" = @( @{"target" = @{ "@odata.type" = "#microsoft.graph.allDevicesAssignmentTarget" } }) } | Out-Null Write-Host "Assigned Compliance policy '$($CompliancePolicy.displayName)' to all devices." -ForegroundColor Green } } } catch { throw "Failed to add compliance policy: $_" } } |