JyskIT.Automation

0.9.5

Public/TenantConfiguration/Baseline/Add-BaselinePolicy.ps1

                                function Add-BaselinePolicy {

    param(

        [Parameter(Mandatory)]

        [string]$TenantId,

        [Parameter(Mandatory)]

        [ValidateSet("ConditionalAccessPolicies", "NamedLocations", "AuthenticationStrengths", "iOSAppProtectionPolicies", "AndroidAppProtectionPolicies", "CompliancePolicies", "ConfigurationPolicies", "AuthenticationMethodPolicy", "AuthorizationPolicy", "DeviceRegistrationPolicy", "MobileDeviceManagementPolicy", "MobileDeviceManagementPolicy", "DeviceEnrollmentConfigurations", "WindowsUpdateForBusinessConfigurations", "MobileThreatDefenseConnector", "WindowsAutopilotDeploymentProfiles","MobileApps", "Groups", "ExchangeOnlineProtectionPolicies")]

        [string]$PolicyType

    )

    . ".\Public\TenantConfiguration\Baseline\PolicyTypeSettings.ps1"

    Connect-CustomerGraph -CustomerTenantId $TenantId

    $ExistingPolicies = . ($PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).GetCommand)

    $PolicyFiles = Get-ChildItem -Path $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).PolicyFilesPath -Filter *.json

    $PolicyTypeName = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).Name

    if($PolicyTypeName -eq "Exchange Online Protection Policies") {

        Add-EOPPolicies -TenantId $TenantId

        return

    }

    $PolicyFilesFormatted = $PolicyFiles | ForEach-Object {

        $Policy = Get-Content -Path $_.FullName | ConvertFrom-Json -Depth 100

        if ($Policy.Description) {

            [PSCustomObject]@{

                Name        = [System.IO.Path]::GetFileNameWithoutExtension($_.Name)

                Description = $Policy.Description

            }

        }

        else {

            [PSCustomObject]@{

                Name = [System.IO.Path]::GetFileNameWithoutExtension($_.Name)

            }

        }

    }

    $Selectable = ($PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).Selectable)

    if ($Selectable) {

        $Selected = $PolicyFilesFormatted | Out-ConsoleGridView -OutputMode Multiple -Title "Select the $($PolicyTypeName) you want to add"

    } else {

        $Selected = $PolicyFilesFormatted

    }

    $PolicyFiles = $PolicyFiles | Where-Object { $Selected.Name -contains [System.IO.Path]::GetFileNameWithoutExtension($_.Name) }

    foreach ($PolicyFile in $PolicyFiles) {

        $Policy = Read-PolicyFile -Path $PolicyFile.FullName -TenantId $TenantId

        $NameProperty = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).NameProperty

        $CheckExists = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).CheckExists

        $CheckExistsOverride = @("#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration")

        if ($Policy."@odata.type" -in $CheckExistsOverride) {

            $CheckExists = $false

        }

        if ($ExistingPolicies.$NameProperty -contains $Policy.$NameProperty -and $CheckExists) {

            Write-Host "$($PolicyTypeName) '$($Policy.$NameProperty)' already exists, not creating.." -ForegroundColor Yellow

        }

        else {

            $AddCommand = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).AddCommand

            $AddedPolicy = . $AddCommand -Body $Policy

            Write-Host "Created $($PolicyTypeName) '$($Policy.$NameProperty)'." -ForegroundColor Green

            # If the policy type has an assign command, assign the policy

            $AssignCommand = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).AssignCommand

            if ($AssignCommand) {

                . $AssignCommand -OriginalPolicy $Policy -NewPolicy $AddedPolicy

                Write-Host "Assigned $($PolicyTypeName) '$($Policy.$NameProperty)'." -ForegroundColor Green

            }

        }

    }

}