JyskIT.Automation.psm1
|
$Public = @(Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -Recurse -ErrorAction SilentlyContinue) + @(Get-ChildItem -Path $PSScriptRoot\\Private\*.ps1 -Recurse -ErrorAction SilentlyContinue) foreach ($import in @($Public)) { try { . $import.FullName } catch { Write-Error -Message "Failed to import function $($import.FullName): $_" } } New-Variable -Name PartnerTenantId -Value "b6a41db1-6b1a-4833-9b69-f8e363090e45" -Scope Script -Force New-Variable -Name SubscriptionName -Value "internal-002-mpn" -Scope Script -Force New-Variable -Name KeyVaultName -Value "KV-M365-SAM" -Scope Script -Force New-Variable -Name HuduKeyVaultName -Value "kv-hudu-integrations" -Scope Script -Force New-Variable -Name HuduBaseURL -Value "https://hudu.jlhosting.dk" -Scope Script -Force New-Variable -Name CuranetBaseURL -Value "https://reseller.curanet.dk" -Scope Script -Force New-Variable -Name SpamfilterAPIBaseURL -Value "https://spamfilter.io/api" -Scope Script -Force New-Variable -Name FirstAccessAssignmentParams -Value @{ accessContainer = @{ accessContainerId = "33546fe7-4238-40c8-9bd3-50790bd8f160" accessContainerType = "securityGroup" } accessDetails = @{ unifiedRoles = @( @{ roleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a" } @{ roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de" } @{ roleDefinitionId = "31392ffb-586c-42d1-9346-e59415a2cc4e" } @{ roleDefinitionId = "45d8d3c5-c802-45c6-b32a-1d70b5e1e86e" } @{ roleDefinitionId = "b5a8dcf3-09d5-43a9-a639-8e29ef291470" } @{ roleDefinitionId = "744ec460-397e-42ad-a462-8b3f9747a02c" } @{ roleDefinitionId = "32696413-001a-46ae-978c-ce0f6b3620d2" } @{ roleDefinitionId = "892c5842-a9a6-463a-8041-72aa08ca3cf6" } @{ roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c" } @{ roleDefinitionId = "a9ea8996-122f-4c74-9520-8edcd192826c" } @{ roleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8" } @{ roleDefinitionId = "baf37b3a-610e-45da-9e62-d9d1e5e8914b" } @{ roleDefinitionId = "3d762c5a-1b6c-493f-843e-55a3b42923d4" } @{ roleDefinitionId = "eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c" } @{ roleDefinitionId = "31e939ad-9672-4796-9c2e-873181342d2d" } @{ roleDefinitionId = "74ef975b-6605-40af-a5d2-b9539d836353" } @{ roleDefinitionId = "d37c8bed-0711-4417-ba38-b4abe66ce4c2" } @{ roleDefinitionId = "2b745bdf-0803-4d80-aa65-822c4493daac" } @{ roleDefinitionId = "11648597-926c-4cf3-9c36-bcebb0ba8dcc" } @{ roleDefinitionId = "0964bb5e-9bdb-4d7b-ac29-58e794862a40" } @{ roleDefinitionId = "8835291a-918c-4fd7-a9ce-faa49f0cf7d9" } @{ roleDefinitionId = "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" } @{ roleDefinitionId = "75941009-915a-4869-abe7-691bff18279e" } @{ roleDefinitionId = "f70938a0-fc10-4177-9e90-2178f8765737" } @{ roleDefinitionId = "fcf91098-03e3-41a9-b5ba-6f0ec8188a12" } @{ roleDefinitionId = "e3973bdf-4987-49ae-837a-ba8e231c7286" } @{ roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5" } @{ roleDefinitionId = "7698a772-787b-4ac8-901f-60d6b08affd2" } @{ roleDefinitionId = "38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4" } @{ roleDefinitionId = "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f" } @{ roleDefinitionId = "e8cef6f1-e4bd-4ea8-bc07-4b8d950f4477" } @{ roleDefinitionId = "9f06204d-73c1-4d4c-880a-6edb90606fd8" } @{ roleDefinitionId = "62e90394-69f5-4237-9190-012177145e10" } @{ roleDefinitionId = "c4e39bd9-1100-46d3-8c65-fb160da0071f" } @{ roleDefinitionId = "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9" } @{ roleDefinitionId = "729827e3-9c14-49f7-bb1b-9608f156bbb8" } @{ roleDefinitionId = "4d6ac14f-3453-41d0-bef9-a3e0c569773a" } @{ roleDefinitionId = "966707d0-3269-4727-9be2-8c3a10f19b9d" } @{ roleDefinitionId = "7be44c8a-adaf-4e2a-84d6-ab2649e08a13" } @{ roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814" } @{ roleDefinitionId = "fe930be7-5e62-47db-91af-98c3a49a38b1" } @{ roleDefinitionId = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" } @{ roleDefinitionId = "cf1c38e5-3621-4004-a7cb-879624dced7c" } @{ roleDefinitionId = "158c047a-c907-4556-b7ef-446551a6b5f7" } @{ roleDefinitionId = "95e79109-95c0-4d8e-aee3-d01accf2d47b" } @{ roleDefinitionId = "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2" } @{ roleDefinitionId = "b0f54661-2d74-4c50-afa3-1ec803f12efe" } @{ roleDefinitionId = "f023fd81-a637-4b56-95fd-791ac0226033" } @{ roleDefinitionId = "9360feb5-f418-4baa-8175-e2a00bac4301" } @{ roleDefinitionId = "8329153b-31d0-4727-b945-745eb3bc5f31" } @{ roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" } @{ roleDefinitionId = "5d6b6bb7-de71-4623-b4af-96380a352509" } @{ roleDefinitionId = "f2ef992c-3afb-46b9-b7cf-a126ee74c451" } @{ roleDefinitionId = "ac16e43d-7b2d-40e0-ac05-243ff356ab5b" } @{ roleDefinitionId = "790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b" } @{ roleDefinitionId = "4a5d8f65-41da-4de4-8968-e035b65339cf" } @{ roleDefinitionId = "75934031-6c7e-415a-99d7-48dbd49e875e" } @{ roleDefinitionId = "17315797-102d-40b4-93e0-432062caca18" } @{ roleDefinitionId = "e6d1a23a-da11-4be4-9570-befc86d067a7" } @{ roleDefinitionId = "194ae4cb-b126-40b2-bd5b-6091b380977d" } @{ roleDefinitionId = "5f2222b1-57c3-48ba-8ad5-d4759f1fde6f" } @{ roleDefinitionId = "7495fdc4-34c4-4d15-a289-98788ce399fd" } @{ roleDefinitionId = "5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91" } @{ roleDefinitionId = "0526716b-113d-4c15-b2c8-68e3c22b9f80" } @{ roleDefinitionId = "9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f" } @{ roleDefinitionId = "c430b396-e693-46cc-96f3-db01bf8bb62a" } ) } } -Scope Script -Force New-Variable -Name SecondAccessAssignmentParams -Value @{ accessContainer = @{ accessContainerId = "219a6a6f-0405-4127-8a8e-299282440134" accessContainerType = "securityGroup" } accessDetails = @{ unifiedRoles = @( @{ roleDefinitionId = "c4e39bd9-1100-46d3-8c65-fb160da0071f" } @{ roleDefinitionId = "9f06204d-73c1-4d4c-880a-6edb90606fd8" } @{ roleDefinitionId = "38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4" } @{ roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" } @{ roleDefinitionId = "9360feb5-f418-4baa-8175-e2a00bac4301" } @{ roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de" } @{ roleDefinitionId = "f2ef992c-3afb-46b9-b7cf-a126ee74c451" } @{ roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c" } @{ roleDefinitionId = "95e79109-95c0-4d8e-aee3-d01accf2d47b" } @{ roleDefinitionId = "729827e3-9c14-49f7-bb1b-9608f156bbb8" } @{ roleDefinitionId = "eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c" } @{ roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5" } @{ roleDefinitionId = "74ef975b-6605-40af-a5d2-b9539d836353" } @{ roleDefinitionId = "b5a8dcf3-09d5-43a9-a639-8e29ef291470" } @{ roleDefinitionId = "4d6ac14f-3453-41d0-bef9-a3e0c569773a" } @{ roleDefinitionId = "790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b" } @{ roleDefinitionId = "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f" } @{ roleDefinitionId = "5d6b6bb7-de71-4623-b4af-96380a352509" } @{ roleDefinitionId = "f023fd81-a637-4b56-95fd-791ac0226033" } @{ roleDefinitionId = "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" } @{ roleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8" } @{ roleDefinitionId = "fe930be7-5e62-47db-91af-98c3a49a38b1" } ) } } -Scope Script -Force New-Variable -Name ThirdAccessAssignmentParams -Value @{ accessContainer = @{ accessContainerId = "b52007af-e266-4625-9f3c-5be9942929ef" accessContainerType = "securityGroup" } accessDetails = @{ unifiedRoles = @( @{ roleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a" } @{ roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de" } @{ roleDefinitionId = "31392ffb-586c-42d1-9346-e59415a2cc4e" } @{ roleDefinitionId = "45d8d3c5-c802-45c6-b32a-1d70b5e1e86e" } @{ roleDefinitionId = "b5a8dcf3-09d5-43a9-a639-8e29ef291470" } @{ roleDefinitionId = "744ec460-397e-42ad-a462-8b3f9747a02c" } @{ roleDefinitionId = "32696413-001a-46ae-978c-ce0f6b3620d2" } @{ roleDefinitionId = "892c5842-a9a6-463a-8041-72aa08ca3cf6" } @{ roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c" } @{ roleDefinitionId = "a9ea8996-122f-4c74-9520-8edcd192826c" } @{ roleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8" } @{ roleDefinitionId = "baf37b3a-610e-45da-9e62-d9d1e5e8914b" } @{ roleDefinitionId = "3d762c5a-1b6c-493f-843e-55a3b42923d4" } @{ roleDefinitionId = "eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c" } @{ roleDefinitionId = "31e939ad-9672-4796-9c2e-873181342d2d" } @{ roleDefinitionId = "74ef975b-6605-40af-a5d2-b9539d836353" } @{ roleDefinitionId = "d37c8bed-0711-4417-ba38-b4abe66ce4c2" } @{ roleDefinitionId = "2b745bdf-0803-4d80-aa65-822c4493daac" } @{ roleDefinitionId = "11648597-926c-4cf3-9c36-bcebb0ba8dcc" } @{ roleDefinitionId = "0964bb5e-9bdb-4d7b-ac29-58e794862a40" } @{ roleDefinitionId = "8835291a-918c-4fd7-a9ce-faa49f0cf7d9" } @{ roleDefinitionId = "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" } @{ roleDefinitionId = "75941009-915a-4869-abe7-691bff18279e" } @{ roleDefinitionId = "f70938a0-fc10-4177-9e90-2178f8765737" } @{ roleDefinitionId = "fcf91098-03e3-41a9-b5ba-6f0ec8188a12" } @{ roleDefinitionId = "e3973bdf-4987-49ae-837a-ba8e231c7286" } @{ roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5" } @{ roleDefinitionId = "7698a772-787b-4ac8-901f-60d6b08affd2" } @{ roleDefinitionId = "38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4" } @{ roleDefinitionId = "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f" } @{ roleDefinitionId = "e8cef6f1-e4bd-4ea8-bc07-4b8d950f4477" } @{ roleDefinitionId = "9f06204d-73c1-4d4c-880a-6edb90606fd8" } @{ roleDefinitionId = "62e90394-69f5-4237-9190-012177145e10" } @{ roleDefinitionId = "c4e39bd9-1100-46d3-8c65-fb160da0071f" } @{ roleDefinitionId = "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9" } @{ roleDefinitionId = "729827e3-9c14-49f7-bb1b-9608f156bbb8" } @{ roleDefinitionId = "4d6ac14f-3453-41d0-bef9-a3e0c569773a" } @{ roleDefinitionId = "966707d0-3269-4727-9be2-8c3a10f19b9d" } @{ roleDefinitionId = "7be44c8a-adaf-4e2a-84d6-ab2649e08a13" } @{ roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814" } @{ roleDefinitionId = "fe930be7-5e62-47db-91af-98c3a49a38b1" } @{ roleDefinitionId = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" } @{ roleDefinitionId = "cf1c38e5-3621-4004-a7cb-879624dced7c" } @{ roleDefinitionId = "158c047a-c907-4556-b7ef-446551a6b5f7" } @{ roleDefinitionId = "95e79109-95c0-4d8e-aee3-d01accf2d47b" } @{ roleDefinitionId = "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2" } @{ roleDefinitionId = "b0f54661-2d74-4c50-afa3-1ec803f12efe" } @{ roleDefinitionId = "f023fd81-a637-4b56-95fd-791ac0226033" } @{ roleDefinitionId = "9360feb5-f418-4baa-8175-e2a00bac4301" } @{ roleDefinitionId = "8329153b-31d0-4727-b945-745eb3bc5f31" } @{ roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" } @{ roleDefinitionId = "5d6b6bb7-de71-4623-b4af-96380a352509" } @{ roleDefinitionId = "f2ef992c-3afb-46b9-b7cf-a126ee74c451" } @{ roleDefinitionId = "ac16e43d-7b2d-40e0-ac05-243ff356ab5b" } @{ roleDefinitionId = "790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b" } @{ roleDefinitionId = "4a5d8f65-41da-4de4-8968-e035b65339cf" } @{ roleDefinitionId = "75934031-6c7e-415a-99d7-48dbd49e875e" } @{ roleDefinitionId = "17315797-102d-40b4-93e0-432062caca18" } @{ roleDefinitionId = "e6d1a23a-da11-4be4-9570-befc86d067a7" } @{ roleDefinitionId = "194ae4cb-b126-40b2-bd5b-6091b380977d" } @{ roleDefinitionId = "5f2222b1-57c3-48ba-8ad5-d4759f1fde6f" } @{ roleDefinitionId = "7495fdc4-34c4-4d15-a289-98788ce399fd" } @{ roleDefinitionId = "5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91" } @{ roleDefinitionId = "0526716b-113d-4c15-b2c8-68e3c22b9f80" } @{ roleDefinitionId = "9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f" } @{ roleDefinitionId = "c430b396-e693-46cc-96f3-db01bf8bb62a" } ) } } -Scope Script -Force New-Variable -Name RelationshipParams -Value @{ displayName = "" duration = "P730D" customer = @{ tenantId = "" displayName = "" } accessDetails = @{ unifiedRoles = @( @{ roleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a" } @{ roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de" } @{ roleDefinitionId = "31392ffb-586c-42d1-9346-e59415a2cc4e" } @{ roleDefinitionId = "45d8d3c5-c802-45c6-b32a-1d70b5e1e86e" } @{ roleDefinitionId = "b5a8dcf3-09d5-43a9-a639-8e29ef291470" } @{ roleDefinitionId = "744ec460-397e-42ad-a462-8b3f9747a02c" } @{ roleDefinitionId = "32696413-001a-46ae-978c-ce0f6b3620d2" } @{ roleDefinitionId = "892c5842-a9a6-463a-8041-72aa08ca3cf6" } @{ roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c" } @{ roleDefinitionId = "a9ea8996-122f-4c74-9520-8edcd192826c" } @{ roleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8" } @{ roleDefinitionId = "baf37b3a-610e-45da-9e62-d9d1e5e8914b" } @{ roleDefinitionId = "3d762c5a-1b6c-493f-843e-55a3b42923d4" } @{ roleDefinitionId = "eb1f4a8d-243a-41f0-9fbd-c7cdf6c5ef7c" } @{ roleDefinitionId = "31e939ad-9672-4796-9c2e-873181342d2d" } @{ roleDefinitionId = "74ef975b-6605-40af-a5d2-b9539d836353" } @{ roleDefinitionId = "d37c8bed-0711-4417-ba38-b4abe66ce4c2" } @{ roleDefinitionId = "2b745bdf-0803-4d80-aa65-822c4493daac" } @{ roleDefinitionId = "11648597-926c-4cf3-9c36-bcebb0ba8dcc" } @{ roleDefinitionId = "0964bb5e-9bdb-4d7b-ac29-58e794862a40" } @{ roleDefinitionId = "8835291a-918c-4fd7-a9ce-faa49f0cf7d9" } @{ roleDefinitionId = "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" } @{ roleDefinitionId = "75941009-915a-4869-abe7-691bff18279e" } @{ roleDefinitionId = "f70938a0-fc10-4177-9e90-2178f8765737" } @{ roleDefinitionId = "fcf91098-03e3-41a9-b5ba-6f0ec8188a12" } @{ roleDefinitionId = "e3973bdf-4987-49ae-837a-ba8e231c7286" } @{ roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5" } @{ roleDefinitionId = "7698a772-787b-4ac8-901f-60d6b08affd2" } @{ roleDefinitionId = "38a96431-2bdf-4b4c-8b6e-5d3d8abac1a4" } @{ roleDefinitionId = "644ef478-e28f-4e28-b9dc-3fdde9aa0b1f" } @{ roleDefinitionId = "e8cef6f1-e4bd-4ea8-bc07-4b8d950f4477" } @{ roleDefinitionId = "9f06204d-73c1-4d4c-880a-6edb90606fd8" } @{ roleDefinitionId = "62e90394-69f5-4237-9190-012177145e10" } @{ roleDefinitionId = "c4e39bd9-1100-46d3-8c65-fb160da0071f" } @{ roleDefinitionId = "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9" } @{ roleDefinitionId = "729827e3-9c14-49f7-bb1b-9608f156bbb8" } @{ roleDefinitionId = "4d6ac14f-3453-41d0-bef9-a3e0c569773a" } @{ roleDefinitionId = "966707d0-3269-4727-9be2-8c3a10f19b9d" } @{ roleDefinitionId = "7be44c8a-adaf-4e2a-84d6-ab2649e08a13" } @{ roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814" } @{ roleDefinitionId = "fe930be7-5e62-47db-91af-98c3a49a38b1" } @{ roleDefinitionId = "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" } @{ roleDefinitionId = "cf1c38e5-3621-4004-a7cb-879624dced7c" } @{ roleDefinitionId = "158c047a-c907-4556-b7ef-446551a6b5f7" } @{ roleDefinitionId = "95e79109-95c0-4d8e-aee3-d01accf2d47b" } @{ roleDefinitionId = "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2" } @{ roleDefinitionId = "b0f54661-2d74-4c50-afa3-1ec803f12efe" } @{ roleDefinitionId = "f023fd81-a637-4b56-95fd-791ac0226033" } @{ roleDefinitionId = "9360feb5-f418-4baa-8175-e2a00bac4301" } @{ roleDefinitionId = "8329153b-31d0-4727-b945-745eb3bc5f31" } @{ roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b" } @{ roleDefinitionId = "5d6b6bb7-de71-4623-b4af-96380a352509" } @{ roleDefinitionId = "f2ef992c-3afb-46b9-b7cf-a126ee74c451" } @{ roleDefinitionId = "ac16e43d-7b2d-40e0-ac05-243ff356ab5b" } @{ roleDefinitionId = "790c1fb9-7f7d-4f88-86a1-ef1f95c05c1b" } @{ roleDefinitionId = "4a5d8f65-41da-4de4-8968-e035b65339cf" } @{ roleDefinitionId = "75934031-6c7e-415a-99d7-48dbd49e875e" } @{ roleDefinitionId = "17315797-102d-40b4-93e0-432062caca18" } @{ roleDefinitionId = "e6d1a23a-da11-4be4-9570-befc86d067a7" } @{ roleDefinitionId = "194ae4cb-b126-40b2-bd5b-6091b380977d" } @{ roleDefinitionId = "5f2222b1-57c3-48ba-8ad5-d4759f1fde6f" } @{ roleDefinitionId = "7495fdc4-34c4-4d15-a289-98788ce399fd" } @{ roleDefinitionId = "5c4f9dcd-47dc-4cf7-8c9a-9e4207cbfc91" } @{ roleDefinitionId = "0526716b-113d-4c15-b2c8-68e3c22b9f80" } @{ roleDefinitionId = "9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f" } @{ roleDefinitionId = "c430b396-e693-46cc-96f3-db01bf8bb62a" } ) } } -Scope Script -Force New-Variable -Name PolicyTypeSettings -Value @( @{ Type = "Groups" Name = "Groups" Description = "Add Groups to the tenant required for exclusion policies." NameProperty = "displayName" CheckExists = $true Selectable = $false GetCommand = { Get-MgGroup -All } AddCommand = { param($Body) $BodyWithoutMembers = $Body | Select-Object -Property * -ExcludeProperty members | ConvertTo-Json -Depth 100 New-MgGroup -Body $BodyWithoutMembers } AssignCommand = { param($OriginalPolicy, $NewPolicy) foreach ($Member in $OriginalPolicy.members) { New-MgGroupMember -GroupId $NewPolicy.id -DirectoryObjectId $Member -ErrorAction SilentlyContinue } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\Groups" }, @{ Type = "NamedLocations" Name = "Named Locations" Description = "Add named locations to the tenant for Conditional Access policies." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Get-MgIdentityConditionalAccessNamedLocation -All } AddCommand = { param($Body) New-MgIdentityConditionalAccessNamedLocation -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\NamedLocations" }, @{ Type = "AuthenticationStrengths" Name = "Authentication Strengths" Description = "Add authentication strengths to the tenant for Conditional Access policies." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Get-MgPolicyAuthenticationStrengthPolicy -All } AddCommand = { param($Body) New-MgPolicyAuthenticationStrengthPolicy -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\AuthenticationStrengths" }, @{ Type = "ConditionalAccessPolicies" Name = "Conditional Access Policies" Description = "Add conditional access policies to the tenant." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Get-MgIdentityConditionalAccessPolicy -All } AddCommand = { param($Body) $BodyWithoutDescription = $Body | Select-Object -Property * -ExcludeProperty description | ConvertTo-Json -Depth 100 New-MgIdentityConditionalAccessPolicy -Body $BodyWithoutDescription } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\ConditionalAccessPolicies" }, @{ Type = "iOSAppProtectionPolicies" Name = "iOS App Protection Policies" Description = "Add iOS app protection policies to the tenant." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Get-MgDeviceAppManagementiOSManagedAppProtection -All } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri 'https://graph.microsoft.com/beta/deviceAppmanagement/iosManagedAppProtections' -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\iOSAppProtectionPolicies" }, @{ Type = "AndroidAppProtectionPolicies" Name = "Android App Protection Policies" Description = "Add Android app protection policies to the tenant." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Get-MgDeviceAppManagementAndroidManagedAppProtection -All } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri 'https://graph.microsoft.com/beta/deviceAppmanagement/androidManagedAppProtections' -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\AndroidAppProtectionPolicies" }, @{ Type = "CompliancePolicies" Name = "Compliance Policies" Description = "Add device compliance policies to the tenant." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Invoke-MgGraphRequest -Method GET -Uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies' | Select-Object -ExpandProperty value } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies' -Body $Body } AssignCommand = { param($OriginalPolicy, $NewPolicy) Invoke-MgGraphRequest -METHOD POST -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/$($NewPolicy.id)/assign" -Body @{ assignments = $OriginalPolicy.assignments } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\CompliancePolicies" }, @{ Type = "ConfigurationPolicies" Name = "Configuration Policies" Description = "Add device configuration policies to the tenant." NameProperty = "name" CheckExists = $true Selectable = $true GetCommand = { Invoke-MgGraphRequest -Method GET -Uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=%28platforms%20eq%20%27windows10%27%20or%20platforms%20eq%20%27macOS%27%20or%20platforms%20eq%20%27iOS%27%29%20and%20%28technologies%20has%20%27mdm%27%20or%20technologies%20has%20%27windows10XManagement%27%20or%20technologies%20has%20%27appleRemoteManagement%27%29' | Select-Object -ExpandProperty value } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -Body $Body } AssignCommand = { param($OriginalPolicy, $NewPolicy) Invoke-MgGraphRequest -METHOD POST -Uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies/$($NewPolicy.id)/assign" -Body @{ assignments = $OriginalPolicy.assignments } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\ConfigurationPolicies" }, @{ Type = "AuthenticationMethodPolicy" Name = "Authentication Method Policy" Description = "Add authentication method policies to the tenant." NameProperty = "displayName" CheckExists = $false Selectable = $false GetCommand = { Get-MgPolicyAuthenticationMethodPolicy } AddCommand = { param($Body) Update-MgPolicyAuthenticationMethodPolicy -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\AuthenticationMethodsPolicy" }, @{ Type = "AuthorizationPolicy" Name = "Authorization Policy" Description = "Add Authorization Policy to the tenant. (Disallows users to accept untrusted OAUTH2 apps)" NameProperty = "displayName" CheckExists = $false Selectable = $false GetCommand = { Get-MgPolicyAuthorizationPolicy } AddCommand = { param($Body) Update-MgPolicyAuthorizationPolicy -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\AuthorizationPolicy" }, @{ Type = "DeviceRegistrationPolicy" Name = "Device Registration Policy" Description = "Add Device Registration Policy to the tenant. (Allows all users to Intune join devices)" NameProperty = "displayName" CheckExists = $false Selectable = $false GetCommand = { Get-MgPolicyDeviceRegistrationPolicy } AddCommand = { param($Body) Invoke-GraphRequest -Method PUT -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\DeviceRegistrationPolicy" }, @{ Type = "MobileDeviceManagementPolicy" Name = "Mobile Device Management Policy" Description = "Add Mobile Device Management Policy to the tenant. (Sets the MDM authority to Intune)" NameProperty = "displayName" CheckExists = $false Selectable = $false GetCommand = { Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/0000000a-0000-0000-c000-000000000000" } AddCommand = { param($Body) Invoke-GraphRequest -Method PATCH -Uri "https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/0000000a-0000-0000-c000-000000000000" -Body @{ assignments = $OriginalPolicy.assignments } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\MobileDeviceManagementPolicy" }, @{ Type = "DeviceEnrollmentConfigurations" Name = "Device Enrollment Configurations" Description = "Add Device Enrollment Configurations to the tenant. (Enrollment Status Page, Windows Hello for Business enrollment)" NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations" } AddCommand = { param($Body) switch ($Body["@odata.type"]) { "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration" { $Id = ((Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations").value | Where-Object { $_.Id -like "*_DefaultWindowsHelloForBusiness" }).Id Update-MgDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Id -Body $Body } "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration" { Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations" -Body $Body } "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" { Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles" -Body $Body } } } AssignCommand = { param($OriginalPolicy, $NewPolicy) switch ($OriginalPolicy["@odata.type"]) { "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration" { $AzureADSP = Get-MgServicePrincipal -Filter "appId eq '00000002-0000-0000-c000-000000000000'" $PINResetServicePrincipal = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Pin Reset Service Production'" if (!$PINResetServicePrincipal) { $PINResetServicePrincipal = New-MgServicePrincipal -AccountEnabled:$true -AppId "b8456c59-1230-44c7-a4a2-99b085333e84" -DisplayName "Microsoft Pin Reset Service Production" -Homepage "https://cred.microsoft.com" } $PINResetServicePermissionGrantEntraID = Get-MgOauth2PermissionGrant -Filter "clientId eq '$($PINResetServicePrincipal.Id)'" if (!$PINResetServicePermissionGrantEntraID) { $PINResetServicePermissionGrantEntraID = New-MgOauth2PermissionGrant -ClientId $PINResetServicePrincipal.Id -ConsentType "AllPrincipals" -Scope "User.Read Directory.Read.All" -ResourceId $AzureADSP.Id } $PINResetClientServicePrincipal = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Pin Reset Client Production'" if (!$PINResetClientServicePrincipal) { $PINResetClientServicePrincipal = New-MgServicePrincipal -AccountEnabled:$true -Appid "9115dd05-fad5-4f9c-acc7-305d08b1b04e" -DisplayName "Microsoft Pin Reset Client Production" } $PINResetClientPermissionGrantEntraID = Get-MgOauth2PermissionGrant -Filter "clientId eq '$($PINResetClientServicePrincipal.Id)' and resourceId eq '$($AzureADSP.Id)'" if (!$PINResetClientPermissionGrantEntraID) { $PINResetClientPermissionGrantEntraID = New-MgOauth2PermissionGrant -ClientId $PINResetClientServicePrincipal.Id -ConsentType "AllPrincipals" -Scope "User.Read" -ResourceId $AzureADSP.Id } $PINResetClientPermissionGrantResetService = Get-MgOauth2PermissionGrant -Filter "clientId eq '$($PINResetClientServicePrincipal.Id)' and resourceId eq '$($PINResetServicePrincipal.Id)'" if (!$PINResetClientPermissionGrantResetService) { $PINResetClientPermissionGrantResetService = New-MgOauth2PermissionGrant -ClientId $PINResetClientServicePrincipal.Id -ConsentType "AllPrincipals" -Scope "user_impersonation" -ResourceId $PINResetServicePrincipal.Id } Write-Host "Windows Hello for Business PIN Reset configuration created and assigned." } "#microsoft.graph.windows10EnrollmentCompletionPageConfiguration" { Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations/$($NewPolicy.id)/assign" -Body @{ enrollmentConfigurationAssignments = $OriginalPolicy.enrollmentConfigurationAssignments } } "#microsoft.graph.azureADWindowsAutopilotDeploymentProfile" { Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$($NewPolicy.id)/assignments"-Body @{ target = $OriginalPolicy.enrollmentConfigurationAssignments.target } | Out-Null } } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\DeviceEnrollmentConfigurations" }, @{ Type = "WindowsAutopilotDeploymentProfiles" Name = "Windows Autopilot Profiles" Description = "Add Windows Autopilot Profiles to the tenant." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles" } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles" -Body $Body } AssignCommand = { param($OriginalPolicy, $NewPolicy) Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeploymentProfiles/$($NewPolicy.id)/assignments"-Body @{ target = $OriginalPolicy.enrollmentConfigurationAssignments.target } | Out-Null } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\WindowsAutopilotDeploymentProfiles" }, @{ Type = "WindowsUpdateForBusinessConfigurations" Name = "Windows Update For Business Configurations" Description = "Add Windows Update For Business Configurations to the tenant." NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations" | Select-Object -ExpandProperty value } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri 'https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations' -Body $Body } AssignCommand = { param($OriginalPolicy, $NewPolicy) Invoke-MgGraphRequest -METHOD POST -Uri "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$($NewPolicy.id)/assign" -Body @{ assignments = $OriginalPolicy.assignments } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\WindowsUpdateForBusinessConfigurations" }, @{ Type = "MobileThreatDefenseConnector" Name = "Mobile Threat Defense Connector" Description = "Add Mobile Threat Defense Connector (For enabling Intune management of Defender for Endpoint devices)." NameProperty = "id" CheckExists = $false Selectable = $false GetCommand = { Invoke-GraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors" | Select-Object -ExpandProperty value } AddCommand = { param($Body) Invoke-GraphRequest -Method PATCH -Uri "https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/$($Body.id)" -Body $Body } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\MobileThreatDefenseConnector" }, @{ Type = "MobileApps" Name = "Mobile Apps" Description = "Add Mobile Apps to the tenant. (Currently only Microsoft 365 Apps)" NameProperty = "displayName" CheckExists = $true Selectable = $true GetCommand = { Invoke-MgGraphRequest -Method GET -Uri 'https://graph.microsoft.com/beta/deviceAppManagement/mobileApps?$filter=(isof(%27microsoft.graph.win32CatalogApp%27)%20or%20isof(%27microsoft.graph.windowsStoreApp%27)%20or%20isof(%27microsoft.graph.microsoftStoreForBusinessApp%27)%20or%20isof(%27microsoft.graph.officeSuiteApp%27)%20or%20(isof(%27microsoft.graph.win32LobApp%27)%20and%20not(isof(%27microsoft.graph.win32CatalogApp%27)))%20or%20isof(%27microsoft.graph.windowsMicrosoftEdgeApp%27)%20or%20isof(%27microsoft.graph.windowsPhone81AppX%27)%20or%20isof(%27microsoft.graph.windowsPhone81StoreApp%27)%20or%20isof(%27microsoft.graph.windowsPhoneXAP%27)%20or%20isof(%27microsoft.graph.windowsAppX%27)%20or%20isof(%27microsoft.graph.windowsMobileMSI%27)%20or%20isof(%27microsoft.graph.windowsUniversalAppX%27)%20or%20isof(%27microsoft.graph.webApp%27)%20or%20isof(%27microsoft.graph.windowsWebApp%27)%20or%20isof(%27microsoft.graph.winGetApp%27))%20and%20(microsoft.graph.managedApp/appAvailability%20eq%20null%20or%20microsoft.graph.managedApp/appAvailability%20eq%20%27lineOfBusiness%27%20or%20isAssigned%20eq%20true)&$orderby=displayName&' | Select-Object -ExpandProperty value } AddCommand = { param($Body) Invoke-MgGraphRequest -Method POST -Uri 'https://graph.microsoft.com/beta/deviceAppManagement/mobileApps' -Body $Body } AssignCommand = { param($OriginalPolicy, $NewPolicy) Invoke-MgGraphRequest -METHOD POST -Uri "https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/$($NewPolicy.id)/assign" -Body @{ mobileAppAssignments = $OriginalPolicy.mobileAppAssignments } } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\MobileApps" }, @{ Type = "ExchangeOnlineProtectionPolicies" Name = "Exchange Online Protection Policies" Description = "Adds the baseline Exchange Online Protection Policies to the tenant. (Quarantine Reports, Safe Links, Safe Attachments, Anti-Phishing)" NameProperty = "displayName" CheckExists = $false Selectable = $false GetCommand = { } AddCommand = { param($Body) } AssignCommand = { param($OriginalPolicy, $NewPolicy) } PolicyFilesPath = "$PSScriptRoot\Public\TenantConfiguration\Baseline\EOPPolicies" } ) -Scope Script -Force Export-ModuleMember -Function $Public.BaseName -Alias * |