MemPolicyManager

0.1.3

en-US/about_MemPolicyManager.help.txt

                                TOPIC

    about_mempolicymanager

SHORT DESCRIPTION

    - A PowerShell module for managing Microsoft Endpoint Manager policies,

    including backup, import, export, and comparison using Microsoft Graph API.

LONG DESCRIPTION

    - The MemPolicyManager module provides a comprehensive set of cmdlets for

    managing Microsoft Endpoint Manager policies. This module allows

    administrators to perform various tasks such as backing up, importing,

    exporting, and comparing policies through the Microsoft Graph API. It aims

    to streamline policy management and ensure that configurations are

    consistent and easily recoverable.

EXAMPLES

    # Backup Examples

        # Backup Intune App Configuration policies to a specified directory

            PS C:\> Backup-EmMdmAppConfiguration -ExportPath "C:\Backup\AppConfigurations"

        # Import Intune App Configuration policies from a specified directory

            PS C:\> Import-EmMdmAppConfiguration -ImportPath "C:\Backup\AppConfigurations\IOSDeviceConfig.json"

        # Compare two Endpoint Manager policy classes

            PS C:\> Compare-EmMgClass -Class1 [Type1] -Class2 [Type2]

        # Retrieve Intune App Configuration policies using a specific Graph API version

            PS C:\> Get-EmMdmAppConfiguration

        # Application Auth Examples

        # Application Permissions required:

        #   DeviceManagementConfiguration.ReadWrite.All,

        #   DeviceManagementApps.ReadWrite.All,

        #   DeviceManagementManagedDevices.ReadWrite.All

        ## Client Secret Authentication ##

        # Application (client) ID, Tenant ID, and Client Secret are required.

            PS C:\> $ClientId = "12345678-1234-1234-1234-123456789012"

            PS C:\> $TenantId = "12345678-1234-1234-1234-123456789012"

        # To manually input the Client Secret value, use the following command:

        # $ClientSecretPSCredential = Get-Credential -Credential $ClientId

        # To provide the secret value in plain text, use the following command:

        # $ClientSecret = ConvertTo-SecureString "<ClientSecretValue>" -AsPlainText

        # To retrieve the secret value from a local Vault, use the following command:

            PS C:\> $ClientSecret = Get-Secret -Name "MgGraphSecret" -VaultName "EmMdmVault"

        # Create a PSAutomationCredential object with the Client ID and Client Secret.

            PS C:\> $ClientSecretPSCredential = [PsCredential]::New($ClientId,$ClientSecret)

        # Create the authentication object with the Client Secret values.

            PS C:\> $authObject = Get-EmMdmGraphAuth -ClientSecretTenantId $TenantId -ClientSecretValue $ClientSecretPSCredential

            PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject

        ## Self-Signed Certificate Authentication ##

            PS C:\> $CertName = "EmMdmMgGraphCert" # "{certificateName}"    ## Replace {certificateName}

            PS C:\> $cert = New-SelfSignedCertificate -Subject "CN=$CertName" -CertStoreLocation "Cert:\CurrentUser\My" `

            -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

            PS C:\> Export-Certificate -Cert $cert -FilePath "C:\temp\$CertName.cer"   ## Specify your preferred location

        ## Certificate Thumbprint Authentication ##

            PS C:\> $ThumbPrint = $Cert.Thumbprint

            PS C:\> $ClientCertThumbPrint = Get-Secret -Name "EmMdmMgGraphThumbprint" -Vault "EmMdmVault" -AsPlainText

            PS C:\> $authObject = Get-EmMdmGraphAuth -CertificateThumbprintClientId $ClientId -CertificateThumbprintTenantId $TenantId -CertificateThumbprint $ClientCertThumbPrint

            PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject

        ## Certificate Name Authentication ##

            PS C:\> $CertName = "CN=EmMdmMgGraphCert" # "{certificateName}"    ## Replace {certificateName}

            PS C:\> $authObject = Get-EmMdmGraphAuth -CertificateNameClientId $ClientId -CertificateNameTenantId $TenantId -CertificateName $CertName

            PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject

        ## X509 Certificate Authentication ##

            PS C:\> $ThumbPrint = Get-Secret -Name "EmMdmMgGraphThumbprint" -Vault "EmMdmVault" -AsPlainText

            PS C:\> $Cert = Get-ChildItem Cert:\CurrentUser\My\$ThumbPrint

            PS C:\> $authObject = Get-EmMdmGraphAuth -X509CertificateClientId $ClientId -X509CertificateTenantId $TenantId -X509Certificate $Cert

            PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject

NOTE

    - Only beta api is supported at the moment.

TROUBLESHOOTING NOTE

    - Look out on the Github repository for issues and new releases.

SEE ALSO

    - https://github.com/criticalsolutionsnetwork/MemPolicyManager

KEYWORDS

    - Microsoft Graph API

    - Endpoint Manager

    - Intune

    - Policy Management

    - Backup

    - Import

    - Export

    - Compare