cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

3.9.5

Browse Source
This commit is contained in:
Mikael Karlsson
2024-01-24 21:25:53 +11:00
parent 6ac211a2bf
commit 47968b4219
30 changed files with 4643 additions and 2534 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Extensions/Documentation.psm1
View File

@@ -20,7 +20,7 @@ $global:documentationProviders = @()
function Get-ModuleVersion
{
'2.0.3'
'2.1.0'
}
function Invoke-InitializeModule
@@ -1056,6 +1056,11 @@ function Invoke-TranslateSettingsObject
#>
$cfgSettings = (Invoke-GraphRequest "/deviceManagement/configurationPolicies('$($obj.Id)')/settings?`$expand=settingDefinitions&top=1000" -ODataMetadata "minimal" @params).Value
if($obj.'@ObjectFromFile')
{
$cfgSettings = $obj.Settings
}
if(-not $global:cfgCategories)
{
$global:cfgCategories = (Invoke-GraphRequest "/deviceManagement/configurationCategories?`$filter=platforms has 'windows10' and technologies has 'mdm'" -ODataMetadata "minimal" @params).Value
@@ -1064,7 +1069,14 @@ function Invoke-TranslateSettingsObject
$script:settingCatalogasCategories = @{}
foreach($cfgSetting in $cfgSettings)
{
$defObj = $cfgSetting.settingDefinitions | Where id -eq $cfgSetting.settingInstance.settingDefinitionId
if($obj.'@ObjectFromFile' -and -not $cfgSetting.settingDefinitions)
{
$defObj = Invoke-GraphRequest "/deviceManagement/configurationSettings/$($cfgSetting.settingInstance.settingDefinitionId)"
}
else
{
$defObj = $cfgSetting.settingDefinitions | Where id -eq $cfgSetting.settingInstance.settingDefinitionId
}
#$defObj = $cfgSetting.settingDefinitions | Where { $_.id -eq $cfgSetting.settingInstance.settingDefinitionId -or $_.id -eq $cfgSettings.settingInstanceTemplate.settingDefinitionId }
if(-not $defObj -or $script:settingCatalogasCategories.ContainsKey($defObj.categoryId)) { continue }
@@ -1111,6 +1123,10 @@ function Add-SettingsSetting
$childSettings = @()
$settingsDef = $settingsDefs | Where id -eq $settingInstance.settingDefinitionId
if(-not $settingsDef -and $settingInstance.settingDefinitionId)
{
$settingsDef = Invoke-GraphRequest "/deviceManagement/configurationSettings/$($settingInstance.settingDefinitionId)"
}
$categoryDef = $global:cfgCategories | Where Id -eq $settingsDef.categoryId #$script:settingCatalogasCategories[$settingsDef.categoryId]
if($settingsDef.categoryId -ne $categoryDef.rootCategoryId)
@@ -2092,6 +2108,7 @@ function Invoke-TranslateSection
if($prop.dataType -eq 8)
{
if($prop.nameResourceKey -eq "LearnMore") { continue }
elseif($prop.nameResourceKey -eq "Empty") { $script:CurrentSubCategory = $null }
elseif($prop.nameResourceKey -in $script:categoriesToIgnore) { continue }
elseif($prop.nameResourceKey)
{

86
Extensions/DocumentationCustom.psm1
View File

@@ -10,7 +10,7 @@ This module will also document some objects based on PowerShell functions
function Get-ModuleVersion
{
'1.6.3'
'1.6.4'
}
function Invoke-InitializeModule
@@ -35,6 +35,7 @@ function Initialize-CDDocumentation
{
$script:allTenantApps = $null
$script:allTermsOfUse = $null
$script:allAuthenticationStrength = $null
$script:allAuthenticationContextClasses = $null
$script:allCustomCompliancePolicies = $null
}
@@ -760,9 +761,10 @@ function Add-CDDocumentCustomProfileProperty
}
elseif($obj.'@OData.Type' -eq "#microsoft.graph.androidManagedAppProtection")
{
$obj | Add-Member Noteproperty -Name "overrideFingerprint" -Value ($obj.pinRequiredInsteadOfBiometricTimeout -ne $null)
$obj | Add-Member Noteproperty -Name "pinReset" -Value ($obj.pinRequiredInsteadOfBiometricTimeout -ne $null)
$obj | Add-Member Noteproperty -Name "overrideFingerprint" -Value ($obj.pinRequiredInsteadOfBiometricTimeout -ne $null -and $obj.pinRequiredInsteadOfBiometricTimeout -ne "PT0S")
$obj | Add-Member Noteproperty -Name "pinReset" -Value ($obj.periodBeforePinReset -ne $null -and $obj.periodBeforePinReset -ne "PT0S")
$obj | Add-Member Noteproperty -Name "managedBrowserSelection" -Value (?: $obj.customBrowserPackageId "unmanagedBrowser" $obj.managedBrowser)
$obj | Add-Member Noteproperty -Name "encryptOrgData" -Value ($obj.appDataEncryptionType -ne "useDeviceSettings")
$retValue = $true
}
@@ -785,10 +787,11 @@ function Add-CDDocumentCustomProfileProperty
$obj | Add-Member Noteproperty -Name "sendDataSelector" -Value $sendDataOption
$obj | Add-Member Noteproperty -Name "overrideFingerprint" -Value ($obj.pinRequiredInsteadOfBiometricTimeout -ne $null)
$obj | Add-Member Noteproperty -Name "pinReset" -Value ($obj.pinRequiredInsteadOfBiometricTimeout -ne $null)
$obj | Add-Member Noteproperty -Name "overrideFingerprint" -Value ($obj.pinRequiredInsteadOfBiometricTimeout -ne $null -and $obj.pinRequiredInsteadOfBiometricTimeout -ne "PT0S")
$obj | Add-Member Noteproperty -Name "pinReset" -Value ($obj.periodBeforePinReset -ne $null -and $obj.periodBeforePinReset -ne "PT0S")
$obj | Add-Member Noteproperty -Name "managedBrowserSelection" -Value (?: $obj.customBrowserPackageId "unmanagedBrowser" $obj.managedBrowser)
$obj | Add-Member Noteproperty -Name "encryptOrgData" -Value ($obj.appDataEncryptionType -ne "useDeviceSettings")
$retValue = $true
}
elseif($obj.'@OData.Type' -eq "#microsoft.graph.windowsUpdateForBusinessConfiguration")
@@ -2759,6 +2762,19 @@ function Invoke-CDDocumentConditionalAccess
elseif($script:allTermsOfUse -isnot [Object[]]) { $script:allTermsOfUse = @($script:allTermsOfUse ) }
}
<#
if(-not $script:allAuthenticationStrength -and (($obj.grantControls.authenticationStrength | measure).Count -gt 0))
{
$script:allAuthenticationStrength = Get-DocOfflineObjects "AuthenticationStrengths"
if(-not $script:allAuthenticationStrength)
{
$script:allAuthenticationStrength = (Invoke-GraphRequest -url "/identity/conditionalAccess/authenticationStrengths/policies?`$select=displayName,Id" -ODataMetadata "minimal").value
}
if(-not $script:allAuthenticationStrength ) { $script:allAuthenticationStrength = @()}
elseif($script:allAuthenticationStrength -isnot [Object[]]) { $script:allAuthenticationStrength = @($script:allAuthenticationStrength ) }
}
#>
if($obj.conditions.locations.includeLocations.Count -gt 0)
{
$tmpObjs = @()
@@ -2998,6 +3014,34 @@ function Invoke-CDDocumentConditionalAccess
EntityKey = "termsOfUse"
})
}
if(($obj.grantControls.authenticationStrength | measure).Count -gt 0)
{
$authenticationStrngth = @()
foreach($tmpId in $obj.grantControls.authenticationStrength)
{
$authenticationStrngth += ?? $obj.grantControls.authenticationStrength.displayName $tmpId
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.WhatIfBlade.authenticationStrength"
Value = $termsOfUse -join $script:objectSeparator
Category = $category
SubCategory = ""
EntityKey = "authenticationStrength"
})
}
if(($obj.grantControls.customAuthenticationFactors | measure).Count -gt 0)
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.menuItemClaimProviderControls"
Value = $obj.grantControls.customAuthenticationFactors -join $script:objectSeparator
Category = $category
SubCategory = ""
EntityKey = "customAuthenticationFactors"
})
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.descriptionContentForControlsAndOr"
@@ -3042,10 +3086,6 @@ function Invoke-CDDocumentConditionalAccess
if($obj.sessionControls.signInFrequency.isEnabled -eq $true)
{
if($obj.sessionControls.cloudAppSecurity.cloudAppSecurityType -eq "mcasConfigured") { $strId = "useCustomControls" }
elseif($obj.sessionControls.cloudAppSecurity.cloudAppSecurityType -eq "monitorOnly") { $strId = "monitorOnly" }
elseif($obj.sessionControls.cloudAppSecurity.cloudAppSecurityType -eq "blockDownloads") { $strId = "blockDownloads" }
if($obj.sessionControls.signInFrequency.type -eq "hours")
{
if($obj.sessionControls.signInFrequency.value -gt 1)
@@ -3057,7 +3097,7 @@ function Invoke-CDDocumentConditionalAccess
$value = Get-LanguageString "AzureCA.SessionLifetime.SignInFrequency.Option.Hour.singular"
}
}
else
elseif($obj.sessionControls.signInFrequency.type -eq "days")
{
if($obj.sessionControls.signInFrequency.value -gt 1)
{
@@ -3068,6 +3108,10 @@ function Invoke-CDDocumentConditionalAccess
$value = Get-LanguageString "AzureCA.SessionLifetime.SignInFrequency.Option.Day.singular"
}
}
else
{
$value = Get-LanguageString "AzureCA.SessionControls.SignInFrequency.everytime"
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.SessionLifetime.SignInFrequency.Option.label"
@@ -3077,6 +3121,26 @@ function Invoke-CDDocumentConditionalAccess
EntityKey = "SignInFrequency"
})
}
if($null -ne $obj.sessionControls.continuousAccessEvaluation)
{
if($obj.sessionControls.continuousAccessEvaluation.mode -eq "strictLocation")
{
$value = Get-LanguageString "AzureCA.SessionControls.Cae.strictLocation"
}
else
{
$value = Get-LanguageString "AzureCA.SessionControls.Cae.disable"
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.SessionControls.Cae.checkboxLabel"
Value = $value
Category = $category
SubCategory = ""
EntityKey = "continuousAccessEvaluation"
})
}
if($obj.sessionControls.persistentBrowser.isEnabled -eq $true)
{

15
Extensions/EndpointManager.psm1
View File

@@ -10,7 +10,7 @@ This module is for the Endpoint Manager/Intune View. It manages Export/Import/Co
#>
function Get-ModuleVersion
{
'3.9.3'
'3.9.5'
}
function Invoke-InitializeModule
@@ -1131,7 +1131,7 @@ function Start-PostExportEndpointSecurity
{
param($obj, $objectType, $path)
$fileName = (Get-GraphObjectName $obj $objectType)
$fileName = (Get-GraphObjectName $obj $objectType).Trim('.')
if((Get-SettingValue "AddIDToExportFile") -eq $true -and $obj.Id)
{
$fileName = ($fileName + "_" + $obj.Id)
@@ -2144,6 +2144,9 @@ function Add-DetailExtensionApplications
$dlgSave = [System.Windows.Forms.SaveFileDialog]::new()
$dlgSave.InitialDirectory = $pkgPath
$dlgSave.FileName = ($obj.FileName + ".encrypted")
$dlgSave.DefaultExt = "*.encrypted"
$dlgSave.Filter = "Encrypted intunewin (*.encrypted)|*.encrypted|All files (*.*)|*.*"
if($dlgSave.ShowDialog() -eq [System.Windows.Forms.DialogResult]::OK -and $dlgSave.Filename)
{
$contentFileObj = Start-DownloadAppContent $obj $dlgSave.FileName
@@ -2158,7 +2161,7 @@ function Add-DetailExtensionApplications
$of = [System.Windows.Forms.OpenFileDialog]::new()
$of.InitialDirectory = $pkgPath
$of.DefaultExt = "*.json"
$of.Filter = "Json (*.json)|*.*"
$of.Filter = "Json (*.json)|*.json"
$of.Multiselect = $false
if($of.ShowDialog() -eq "OK")
@@ -2745,7 +2748,7 @@ function Start-PostExportAdministrativeTemplate
{
param($obj, $objectType, $path)
$fileName = (Get-GraphObjectName $obj $objectType)
$fileName = (Get-GraphObjectName $obj $objectType).Trim('.')
if((Get-SettingValue "AddIDToExportFile") -eq $true -and $obj.Id)
{
$fileName = ($fileName + "_" + $obj.Id)
@@ -3009,7 +3012,7 @@ function Start-PostExportRoleDefinitions
{
param($obj, $objectType, $path)
$fileName = (Get-GraphObjectName $obj $objectType)
$fileName = (Get-GraphObjectName $obj $objectType).Trim('.')
if((Get-SettingValue "AddIDToExportFile") -eq $true -and $obj.Id)
{
$fileName = ($fileName + "_" + $obj.Id)
@@ -3511,7 +3514,7 @@ function Add-EMAssignmentsToExportFile
if($global:chkExportAssignments.IsChecked -ne $true) { return }
$fileName = (Get-GraphObjectName $obj $objectType)
$fileName = (Get-GraphObjectName $obj $objectType).Trim('.')
if((Get-SettingValue "AddIDToExportFile") -eq $true -and $obj.Id)
{
$fileName = ($fileName + "_" + $obj.Id)

8
Extensions/IntuneFilterUsage.psm1
View File

@@ -9,7 +9,7 @@ Module for listing Intune assignment filter usage
#>
function Get-ModuleVersion
{
'1.1.0'
'1.1.1'
}
function Invoke-InitializeModule
@@ -109,7 +109,7 @@ function Get-EMIntuneFilterUsage
$batchObjs = @()
foreach($payload in $payloads)
{
$guid = (New-Guid).Guid
$guid = [Guid]::NewGuid().Guid
$payloadsObj = @{
Payload = $payload
@@ -208,7 +208,7 @@ function Get-EMIntuneFilterUsage
if($batchObjs.Count -gt 0)
{
$objName = Get-GraphObjectName $filter $objectType
$responses = Invoke-GraphBatchRequest $batchObjs.Requests $objName -SkipWarnings
$responses = Invoke-GraphBatchRequest @($batchObjs.Requests) $objName -SkipWarnings
foreach($response in ($responses | Where Status -lt 300))
{
@@ -312,7 +312,7 @@ function Get-EMIntuneFilterUsage
if($groupIDs.Count -gt 0)
{
$guid = (New-Guid).Guid
$guid = [Guid]::NewGuid().Guid
$groupObjs = @()
$x = 1
foreach($groupID in $groupIDs)

54
Extensions/MSGraph.psm1
View File

@@ -10,7 +10,7 @@ This module manages Microsoft Grap fuctions like calling APIs, managing graph ob
#>
function Get-ModuleVersion
{
'3.9.3'
'3.9.5'
}
$global:MSGraphGlobalApps = @(
@@ -584,7 +584,7 @@ function Get-GraphObjects
if($SinglePage -eq $true)
{
#Use default page size or use below for a specific page size for testing
#$params.Add("pageSize",10) #!!!
#$params.Add("pageSize",5) #!!!
}
elseif($SingleObject -ne $true -and $SinglePage -ne $true)
{
@@ -1055,7 +1055,7 @@ function Get-GraphMetaData
$fi = [IO.FileInfo]$fileFullPath
$maxAge = (Get-Date).AddDays(-14)
if($fi.Exists -and ($fi.LastWriteTime -gt $maxAge -or $fi.CreationTime -gt $maxAge))
{
{
try
{
[xml]$global:metaDataXML = Get-Content $fi.FullName
@@ -1070,13 +1070,14 @@ function Get-GraphMetaData
$wc = New-Object System.Net.WebClient
$wc.Encoding = [System.Text.Encoding]::UTF8
$proxyURI = Get-ProxyURI
if($proxyURI)
{
$wc.Proxy = $proxyURI
}
try
{
if($proxyURI)
{
$wc.Proxy = [System.Net.WebProxy]::new($proxyURI)
}
[xml]$global:metaDataXML = $wc.DownloadString($url)
# Download to string and then use Save to format the XML output
$global:metaDataXML.Save($fi.FullName)
@@ -1090,6 +1091,16 @@ function Get-GraphMetaData
$wc.Dispose()
}
}
if(-not $global:metaDataXML -and $fi.Exists)
{
Write-Log "Using old version of Graph MetaData file" 2
try
{
[xml]$global:metaDataXML = Get-Content $fi.FullName
}
catch { }
}
}
}
@@ -1410,8 +1421,8 @@ function Start-GraphObjectExport
Write-Log "Start bulk export"
Write-Log "****************************************************************"
$tmpFolder = Expand-FileName (Get-XamlProperty $script:exportForm "txtExportPath" "Text")
Write-Log "Export root folder: $tmpFolder"
$script:exportRoot = Expand-FileName (Get-XamlProperty $script:exportForm "txtExportPath" "Text")
Write-Log "Export root folder: $script:exportRoot"
$global:AADObjectCache = $null
@@ -1425,10 +1436,11 @@ function Start-GraphObjectExport
$txtNameFilter = $global:txtExportNameFilter.Text.Trim()
Save-Setting "" "ExportNameFilter" $txtNameFilter
if($txtNameFilter) { Write-Log "Name filter: $txtNameFilter" }
try
{
$folder = Get-GraphObjectFolder $item.ObjectType (Get-XamlProperty $script:exportForm "txtExportPath" "Text") (Get-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked") (Get-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked")
$folder = Get-GraphObjectFolder $item.ObjectType $script:exportRoot (Get-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked") (Get-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked")
$folder = Expand-FileName $folder
@@ -2690,7 +2702,7 @@ function Add-GroupMigrationObject
if(-not $groupId) { return }
$path = Get-GraphMigrationTableFile $global:txtExportPath.Text
$path = Get-GraphMigrationTableFile $script:ExportRoot
if(-not $path) { return }
@@ -2731,7 +2743,7 @@ function Add-GraphMigrationObject
if(-not $objId) { return }
$path = Get-GraphMigrationTableFile $global:txtExportPath.Text
$path = Get-GraphMigrationTableFile $script:ExportRoot
if(-not $path) { return }
@@ -3072,7 +3084,7 @@ function Add-GraphDependencyObjects
$url = "$($url.Trim())&$($depObjectType.QUERYLIST.Trim())"
}
$depObjects = (Invoke-GraphRequest $url -ODataMetadata "none").Value
$depObjects = (Invoke-GraphRequest $url -ODataMetadata "none" -AllPages).Value
$arrDepObjects = @()
foreach($depObject in $depObjects)
{
@@ -3126,8 +3138,8 @@ function Export-GraphObjects
$objectType = $global:curObjectType
Write-Status "Export $($objectType.Title)"
$global:ExportRoot = (Get-XamlProperty $script:exportForm "txtExportPath" "Text")
$folder = Get-GraphObjectFolder $objectType $global:ExportRoot (Get-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked") (Get-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked")
$script:ExportRoot = (Get-XamlProperty $script:exportForm "txtExportPath" "Text")
$folder = Get-GraphObjectFolder $objectType $script:ExportRoot (Get-XamlProperty $script:exportForm "chkAddObjectType" "IsChecked") (Get-XamlProperty $script:exportForm "chkAddCompanyName" "IsChecked")
$folder = Expand-FileName $folder
@@ -3158,7 +3170,7 @@ function Export-GraphObjects
}
Save-Setting "" "LastUsedFullPath" $folder
Save-Setting "" "LastUsedRoot" $global:ExportRoot
Save-Setting "" "LastUsedRoot" $script:ExportRoot
Write-Status ""
}
@@ -3466,14 +3478,14 @@ function Get-GraphBatchObjects
if($batchArr.Count -eq 0) { return }
$batchResults = (Invoke-GraphBatchRequest $batchArr $objectType.Title).body
$batchResults = @((Invoke-GraphBatchRequest $batchArr $objectType.Title).body)
if($batchResults.Count -ne ($objects.Count - $skipped))
if(($batchResults | measure).Count -ne ($objects.Count - $skipped))
{
Write-Log "Not all batch objects returned. Expected $($objects.Count - $skipped) but only got $($batchResults.Count)"
Write-Log "Not all batch objects returned. Expected $($objects.Count - $skipped) but only got $(($batchResults | measure).Count)"
}
if($objectType -and $batchResults.Count -gt 0)
if($objectType -and ($batchResults | measure).Count -gt 0)
{
$batchResultsTmp = $batchResults
$batchResults = Add-GraphObjectProperties $batchResultsTmp $objectType -property $objectType.ViewProperties
@@ -4397,7 +4409,7 @@ function Save-GraphObjectToFile
function Get-GraphObjectFile
{
param($obj, $objectType, $path)
$fileName = (Get-GraphObjectName $obj $objectType)
$fileName = (Get-GraphObjectName $obj $objectType).Trim('.')
if((Get-SettingValue "AddIDToExportFile") -eq $true -and $obj.Id)
{