Functions/New-MultipleIntuneDeviceConfigAssignments.ps1
|
function New-MultipleIntuneDeviceConfigAssignments { [CmdletBinding()] param ( # [Parameter()] [string] $ConfigIds, [Parameter()] [string] $GroupName, [Parameter()] [ValidateSet("Included", "Excluded", "UnassignAll")] [string] $Intent ) $Output = @() $Configs = Invoke-MSGraphRequest -Url "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations" | Get-MSGraphAllPages $GpConfigs = Invoke-MSGraphRequest -HttpMethod GET -Url "https://graph.microsoft.com/Beta/deviceManagement/groupPolicyConfigurations" | Get-MSGraphAllPages $AllConfigs += $Configs $AllConfigs += $GpConfigs <# if ($ConfigsIds) { $SelectedConfigs = @() foreach ($id in $ConfigIds) { if ($AllApps.id -contains $id) { $SelectedConfigs += $AllConfigs | Where-Object id -eq $id } } } #> # else { $SelectedConfigs = $Configs | Select-Object "@odata.type", id, DisplayName, Description | Out-GridView -OutputMode Multiple -Title "Select Device configuration policies" # } $selectedGpConfigs = $GpConfigs | Select-Object id, DisplayName, Description | Out-GridView -OutputMode Multiple -Title "Select ADMX policies" if ((!($SelectedConfigs) -and (!($selectedGpConfigs)))) { break } #$SelectedApps | Format-Table if ($GroupName) { $AADGroup = Get-AzureADGroup -Filter "(displayname eq '$($GroupName)')" } else { $AADGroup = Get-AzureADGroup -All $true | Sort-Object DisplayName | Out-GridView -OutputMode Single -Title "Select AAD group" } if (!($AADGroup)) { break } if (!($Intent)) { $Intent = "Included", "Excluded", "UnassignAll" | Out-GridView -OutputMode Single -Title "Select Intent" if (!($Intent)) { break } } foreach ($c in $SelectedConfigs) { $Assignments = Get-IntuneDeviceConfigurationPolicyAssignment -deviceConfigurationId $c.id $Assignments | ForEach-Object { if ($_.target.groupId -eq $AADGroup.ObjectId) { Write-Output "Removing previous assignment for Config: `"$($c.displayName)`" ($($c.id)), group `"$($AADGroup.displayName)`" ($($_.target.groupId))" Remove-IntuneDeviceConfigurationPolicyAssignment -deviceConfigurationId $c.id -deviceConfigurationAssignmentId $_.id } } if ($Intent -eq "Included") { $target = New-DeviceAndAppManagementAssignmentTargetObject -groupAssignmentTarget -groupId $AADGroup.ObjectId } elseif ($Intent -eq "Excluded") { $target = New-DeviceAndAppManagementAssignmentTargetObject -exclusionGroupAssignmentTarget -groupId $AADGroup.ObjectId } if ($Intent -ne "UnassignAll") { Write-Output "Assigning Device Config: `"$($c.displayName)`" ($($c.id)), group `"$($AADGroup.displayName)`" ($($AADGroup.objectId)), intent: $($Intent)" New-IntuneDeviceConfigurationPolicyAssignment -deviceConfigurationId $c.id -target $target -ea 0 | Out-Null } } foreach ($c in $selectedGpConfigs) { $Assignments = Invoke-MSGraphRequest -HttpMethod GET -Url "https://graph.microsoft.com/Beta/deviceManagement/groupPolicyConfigurations/$($c.id)/assignments" | Get-MSGraphAllPages $Assignments | ForEach-Object { if ($_.target.groupId -eq $AADGroup.ObjectId) { Write-Output "Removing previous assignment for Config: `"$($c.displayName)`" ($($c.id)), group `"$($AADGroup.displayName)`" ($($_.target.groupId))" Invoke-MSGraphRequest -HttpMethod DELETE -Url "https://graph.microsoft.com/Beta/deviceManagement/groupPolicyConfigurations/$($c.id)/assignments/$($_.id)" } } if ($Intent -eq "Included") { $JSON = @" { `"@odata.type`": `"#microsoft.graph.groupPolicyConfigurationAssignment`", `"target`": { `"@odata.type`": `"microsoft.graph.groupAssignmentTarget`", `"deviceAndAppManagementAssignmentFilterId`": null, `"deviceAndAppManagementAssignmentFilterType`": `"none`", `"groupId`": `"$($AadGroup.objectId)`" } } "@ } elseif ($Intent -eq "Excluded") { $JSON = @" { `"@odata.type`": `"#microsoft.graph.groupPolicyConfigurationAssignment`", `"target`": { `"@odata.type`": `"microsoft.graph.exclusionGroupAssignmentTarget`", `"deviceAndAppManagementAssignmentFilterId`": null, `"deviceAndAppManagementAssignmentFilterType`": `"none`", `"groupId`": `"$($AadGroup.objectId)`" } } "@ } # $JSON if ($Intent -ne "UnassignAll") { Write-Output "Assigning ADMX policy: `"$($c.displayName)`" ($($c.id)), group `"$($AADGroup.displayName)`" ($($AADGroup.objectId)), intent: $($Intent)" Invoke-MSGraphRequest -HttpMethod POST -Url "https://graph.microsoft.com/Beta/deviceManagement/groupPolicyConfigurations/$($c.id)/assignments" -Content $JSON | Out-Null } } $Output += $AADGroup $Output += $SelectedConfigs $Output += $Intent $Output += $target # return $Output | Format-Table } |