Public/TenantConfiguration/Baseline/Add-BaselinePolicy.ps1
function Add-BaselinePolicy { param( [Parameter(Mandatory)] [string]$TenantId, [Parameter(Mandatory)] [ValidateSet("ConditionalAccessPolicies", "NamedLocations", "AuthenticationStrengths", "iOSAppProtectionPolicies", "AndroidAppProtectionPolicies", "CompliancePolicies", "ConfigurationPolicies", "AuthenticationMethodPolicy", "AuthorizationPolicy", "DeviceRegistrationPolicy", "MobileDeviceManagementPolicy", "MobileDeviceManagementPolicy", "DeviceEnrollmentConfigurations", "WindowsUpdateForBusinessConfigurations", "MobileThreatDefenseConnector", "WindowsAutopilotDeploymentProfiles","MobileApps", "Groups", "ExchangeOnlineProtectionPolicies")] [string]$PolicyType ) Connect-CustomerGraph -CustomerTenantId $TenantId $ExistingPolicies = . ($PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).GetCommand) $PolicyFiles = Get-ChildItem -Path $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).PolicyFilesPath -Filter *.json $PolicyTypeName = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).Name if($PolicyTypeName -eq "Exchange Online Protection Policies") { Add-EOPPolicies -TenantId $TenantId return } $PolicyFilesFormatted = $PolicyFiles | ForEach-Object { $Policy = Get-Content -Path $_.FullName | ConvertFrom-Json -Depth 100 if ($Policy.Description) { [PSCustomObject]@{ Name = [System.IO.Path]::GetFileNameWithoutExtension($_.Name) Description = $Policy.Description } } else { [PSCustomObject]@{ Name = [System.IO.Path]::GetFileNameWithoutExtension($_.Name) } } } $Selectable = ($PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).Selectable) if ($Selectable) { $Selected = $PolicyFilesFormatted | Out-ConsoleGridView -OutputMode Multiple -Title "Select the $($PolicyTypeName) you want to add" } else { $Selected = $PolicyFilesFormatted } $PolicyFiles = $PolicyFiles | Where-Object { $Selected.Name -contains [System.IO.Path]::GetFileNameWithoutExtension($_.Name) } foreach ($PolicyFile in $PolicyFiles) { $Policy = Read-PolicyFile -Path $PolicyFile.FullName -TenantId $TenantId $NameProperty = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).NameProperty if($Policy.$NameProperty -eq $null) { $Policy.$NameProperty = [System.IO.Path]::GetFileNameWithoutExtension($PolicyFile.Name) } $CheckExists = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).CheckExists $CheckExistsOverride = @("#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration") if ($Policy."@odata.type" -in $CheckExistsOverride) { $CheckExists = $false } if ($ExistingPolicies.$NameProperty -contains $Policy.$NameProperty -and $CheckExists) { Write-Host "$($PolicyTypeName) '$($Policy.$NameProperty)' already exists, not creating.." -ForegroundColor Yellow } else { $AddCommand = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).AddCommand $AddedPolicy = . $AddCommand -Body $Policy Write-Host "Created '$($Policy.$NameProperty)'." -ForegroundColor Green # If the policy type has an assign command, assign the policy $AssignCommand = $PolicyTypeSettings.Where({ $_.Type -eq $PolicyType }).AssignCommand if ($AssignCommand) { . $AssignCommand -OriginalPolicy $Policy -NewPolicy $AddedPolicy Write-Host "Assigned '$($Policy.$NameProperty)'." -ForegroundColor Green } } } } |