forked from iBowler1995/Functions-Intune-Graph
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-IntuneDeviceConfiguration.ps1
102 lines (82 loc) · 3.82 KB
/
Get-IntuneDeviceConfiguration.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
function Get-IntuneDeviceConfiguration {
<#
IMPORTANT:
===========================================================================
This script is provided 'as is' without any warranty. Any issues stemming
from use is on the user.
===========================================================================
.DESCRIPTION
Retrieves Intune configuration policy.
Things to change to deploy in your environment:
Line 36: replace x with clientID of your reigstered app. See https://docs.microsoft.com/en-us/graph/auth-v2-user for more info.
===========================================================================
.PARAMETER Name
Required if not using All switch - Name of the configuration policy to retrieve.
.PARAMETER All
Retrieves all Intune configuration policies.
.PARAMETER Status
Returns device status for the specified configuration policy.
===========================================================================
.EXAMPLE
Get-IntuneConfigurationPolicy -Policy BlockAllUSB <--- Retrieves BlockAllUSB configuration policy
Get-IntuneConfigurationPolicy -Policy BlockAllUSB -Status <--- Retrieves BlockAllUSB compliance policy device status
#>
[CmdletBinding()]
param (
[Parameter()]
[String]$Name,
[Parameter()]
[Switch]$All,
[Parameter()]
[Switch]$Status
)
$token = Get-MsalToken -clientid x -tenantid organizations
$global:header = @{'Authorization' = $token.createauthorizationHeader();'ConsistencyLevel' = 'eventual'}
If ($All -and !$Name){
$Uri = "https://graph.microsoft.com/beta/devicemanagement/deviceConfigurations"
Try {
(Invoke-RestMethod -Uri $Uri -Headers $Header).value
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
}
elseif ($Name -and !$All -and !$Status){
$Uri = "https://graph.microsoft.com/beta/devicemanagement/deviceConfigurations?`$filter=displayName%20eq%20'$Name'"
Try {
(Invoke-RestMethod -Uri $Uri -Headers $Header).value
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
}
elseif ($Name -and !$All -and $Status){
$Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations?`$filter=displayName%20eq%20'$Name'"
Try {
$ConfigurationPolicy = (Invoke-RestMethod -Uri $Uri -Headers $Header -Method GET).value
$ConfigurationPolicyId = $ConfigurationPolicy | select -expand id
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
Try {
$Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$ConfigurationPolicyId/deviceStatuses"
(Invoke-RestMethod -Uri $Uri -Headers $Header).value | select id,deviceDisplayName,LastReportedDateTime,status,userPrincipalName
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
}
}