3.9.4
This commit is contained in:
Mikael Karlsson
@@ -12,7 +12,7 @@
|
||||
RootModule = 'CloudAPIPowerShellManagement.psm1'
|
||||
|
||||
# Version number of this module.
|
||||
ModuleVersion = '3.9.3'
|
||||
ModuleVersion = '3.9.4'
|
||||
|
||||
# Supported PSEditions
|
||||
# CompatiblePSEditions = @()
|
||||
|
||||
@@ -10,7 +10,7 @@ This module will also document some objects based on PowerShell functions
|
||||
|
||||
function Get-ModuleVersion
|
||||
{
|
||||
'1.6.2'
|
||||
'1.6.3'
|
||||
}
|
||||
|
||||
function Invoke-InitializeModule
|
||||
@@ -2241,96 +2241,272 @@ function Invoke-CDDocumentConditionalAccess
|
||||
|
||||
Add-BasicAdditionalValues $obj $objectType
|
||||
|
||||
###################################################
|
||||
# User and groups
|
||||
###################################################
|
||||
|
||||
$ids = @()
|
||||
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups + $obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
|
||||
{
|
||||
if($id -in $ids) { continue }
|
||||
elseif($id -eq "GuestsOrExternalUsers") { continue }
|
||||
elseif($id -eq "All") { continue }
|
||||
elseif($id -eq "None") { continue }
|
||||
|
||||
$ids += $id
|
||||
}
|
||||
|
||||
$roleIds = @()
|
||||
foreach($id in ($obj.conditions.users.includeRoles + $obj.conditions.users.excludeRoles))
|
||||
{
|
||||
if($id -in $ids) { continue }
|
||||
$roleIds += $id
|
||||
}
|
||||
|
||||
$idInfo = $null
|
||||
|
||||
if($ids.Count -gt 0)
|
||||
{
|
||||
$ht = @{}
|
||||
$ht.Add("ids", @($ids | Unique))
|
||||
|
||||
$body = $ht | ConvertTo-Json
|
||||
|
||||
# ToDo: Get from MigFile for Offline
|
||||
$idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
|
||||
}
|
||||
|
||||
if($roleIds.Count -gt 0 -and -not $script:allAadRoles)
|
||||
{
|
||||
$script:allAadRoles =(Invoke-GraphRequest -url "/directoryRoleTemplates?`$select=Id,displayName" -ODataMetadata "minimal").value
|
||||
}
|
||||
|
||||
$includeLabel = Get-LanguageString "AzureCA.userSelectionBladeIncludeTabTitle"
|
||||
$excludeLabel = Get-LanguageString "AzureCA.userSelectionBladeExcludeTabTitle"
|
||||
|
||||
$category = Get-LanguageString "AzureCA.usersGroupsLabel"
|
||||
if($obj.conditions.clientApplications.includeServicePrincipals -or $obj.conditions.clientApplications.excludeServicePrincipals)
|
||||
{
|
||||
###################################################
|
||||
# Workload
|
||||
###################################################
|
||||
|
||||
if((($obj.conditions.users.includeUsers | Where { $_ -eq "All"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.allUsersString"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsers"
|
||||
})
|
||||
}
|
||||
elseif((($obj.conditions.users.includeUsers | Where { $_ -eq "None"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsers"
|
||||
})
|
||||
$ids = @()
|
||||
foreach($id in ($obj.conditions.clientApplications.includeServicePrincipals + $obj.conditions.clientApplications.excludeServicePrincipals))
|
||||
{
|
||||
if($id -in $ids) { continue }
|
||||
elseif($id -eq "ServicePrincipalsInMyTenant") { continue }
|
||||
|
||||
$ids += $id
|
||||
}
|
||||
|
||||
$category = Get-LanguageString "AzureCA.workloadIdentities"
|
||||
|
||||
$idInfo = $null
|
||||
|
||||
if($ids.Count -gt 0)
|
||||
{
|
||||
$ht = @{}
|
||||
$ht.Add("ids", @($ids | Unique))
|
||||
|
||||
$body = $ht | ConvertTo-Json
|
||||
|
||||
# ToDo: Get from MigFile for Offline
|
||||
$idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
|
||||
}
|
||||
|
||||
if((($obj.conditions.clientApplications.includeServicePrincipals | Where { $_ -eq "ServicePrincipalsInMyTenant"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.servicePrincipalRadioAll"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeServicePrincipals"
|
||||
})
|
||||
}
|
||||
elseif((($obj.conditions.clientApplications.includeServicePrincipals | Where { $_ -eq "None"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeServicePrincipals"
|
||||
})
|
||||
}
|
||||
elseif($ids.Count -gt 0 -and $obj.conditions.clientApplications.includeServicePrincipals)
|
||||
{
|
||||
#$category = Get-LanguageString "AzureCA.selectedSP"
|
||||
$tmpObjs = @()
|
||||
foreach($id in ($obj.conditions.clientApplications.includeServicePrincipals))
|
||||
{
|
||||
$idObj = $idInfo | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
|
||||
if($tmpObjs.count -gt 0)
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $category
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeServicePrincipals"
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
if($obj.conditions.clientApplications.servicePrincipalFilter)
|
||||
{
|
||||
if($obj.conditions.clientApplications.servicePrincipalFilter.mode -eq "include")
|
||||
{
|
||||
$filterMode = "included"
|
||||
}
|
||||
else
|
||||
{
|
||||
$filterMode = "excluded"
|
||||
}
|
||||
|
||||
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade
|
||||
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.title
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = Get-LanguageString "AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.AppliesTo.$filterMode"
|
||||
Value = $obj.conditions.clientApplications.servicePrincipalFilter.rule
|
||||
Category = $category
|
||||
SubCategory = Get-LanguageString "AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.title"
|
||||
EntityKey = "excludeServicePrincipalDevices"
|
||||
})
|
||||
}
|
||||
|
||||
if((($obj.conditions.clientApplications.excludeServicePrincipals | Where { $_ -eq "ServicePrincipalsInMyTenant"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.servicePrincipalRadioAll"
|
||||
Category = $category
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeServicePrincipals"
|
||||
})
|
||||
}
|
||||
elseif($ids.Count -gt 0)
|
||||
{
|
||||
#$category = Get-LanguageString "AzureCA.selectedSP"
|
||||
$tmpObjs = @()
|
||||
foreach($id in ($obj.conditions.clientApplications.excludeServicePrincipals))
|
||||
{
|
||||
$idObj = $idInfo | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
|
||||
if($tmpObjs.count -gt 0)
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $category
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeServicePrincipals"
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.userSelectionBladeSelectedUsers"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsers"
|
||||
})
|
||||
###################################################
|
||||
# User and groups
|
||||
###################################################
|
||||
|
||||
if((($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
|
||||
$ids = @()
|
||||
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups + $obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
|
||||
{
|
||||
if($id -in $ids) { continue }
|
||||
elseif($id -eq "GuestsOrExternalUsers") { continue }
|
||||
elseif($id -eq "All") { continue }
|
||||
elseif($id -eq "None") { continue }
|
||||
|
||||
$ids += $id
|
||||
}
|
||||
|
||||
$roleIds = @()
|
||||
foreach($id in ($obj.conditions.users.includeRoles + $obj.conditions.users.excludeRoles))
|
||||
{
|
||||
if($id -in $ids) { continue }
|
||||
$roleIds += $id
|
||||
}
|
||||
|
||||
$idInfo = $null
|
||||
|
||||
if($ids.Count -gt 0)
|
||||
{
|
||||
$ht = @{}
|
||||
$ht.Add("ids", @($ids | Unique))
|
||||
|
||||
$body = $ht | ConvertTo-Json
|
||||
|
||||
# ToDo: Get from MigFile for Offline
|
||||
$idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
|
||||
}
|
||||
|
||||
if($roleIds.Count -gt 0 -and -not $script:allAadRoles)
|
||||
{
|
||||
$script:allAadRoles =(Invoke-GraphRequest -url "/directoryRoleTemplates?`$select=Id,displayName" -ODataMetadata "minimal").value
|
||||
}
|
||||
|
||||
$category = Get-LanguageString "AzureCA.usersGroupsLabel"
|
||||
|
||||
if((($obj.conditions.users.includeUsers | Where { $_ -eq "All"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.allUsersString"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsers"
|
||||
})
|
||||
}
|
||||
elseif((($obj.conditions.users.includeUsers | Where { $_ -eq "None"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsers"
|
||||
})
|
||||
}
|
||||
else
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $includeLabel
|
||||
Value = Get-LanguageString "AzureCA.userSelectionBladeSelectedUsers"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsers"
|
||||
})
|
||||
|
||||
if((($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = Get-LanguageString "AzureCA.allGuestUserLabel"
|
||||
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeGuestsOrExternalUsers"
|
||||
})
|
||||
}
|
||||
|
||||
if($obj.conditions.users.includeRoles.Count -gt 0)
|
||||
{
|
||||
$tmpObjs = @()
|
||||
foreach($id in $obj.conditions.users.includeRoles)
|
||||
{
|
||||
$idObj = $script:allAadRoles | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = Get-LanguageString "AzureCA.directoryRolesLabel"
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeRoles"
|
||||
})
|
||||
}
|
||||
|
||||
if(($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups).Count -gt 0)
|
||||
{
|
||||
$tmpObjs = @()
|
||||
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups))
|
||||
{
|
||||
if($id -eq "GuestsOrExternalUsers") { continue }
|
||||
$idObj = $idInfo | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $category
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsersGroups"
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
if((($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = Get-LanguageString "AzureCA.allGuestUserLabel"
|
||||
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
|
||||
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeGuestsOrExternalUsers"
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeGuestsOrExternalUsers"
|
||||
})
|
||||
}
|
||||
|
||||
if($obj.conditions.users.includeRoles.Count -gt 0)
|
||||
if($obj.conditions.users.excludeRoles.Count -gt 0)
|
||||
{
|
||||
$tmpObjs = @()
|
||||
foreach($id in $obj.conditions.users.includeRoles)
|
||||
foreach($id in $obj.conditions.users.excludeRoles)
|
||||
{
|
||||
$idObj = $script:allAadRoles | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
@@ -2340,77 +2516,30 @@ function Invoke-CDDocumentConditionalAccess
|
||||
Name = Get-LanguageString "AzureCA.directoryRolesLabel"
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeRoles"
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeRoles"
|
||||
})
|
||||
}
|
||||
|
||||
if(($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups).Count -gt 0)
|
||||
if(($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups).Count -gt 0)
|
||||
{
|
||||
$tmpObjs = @()
|
||||
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups))
|
||||
foreach($id in ($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
|
||||
{
|
||||
if($id -eq "GuestsOrExternalUsers") { continue }
|
||||
$idObj = $idInfo | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $category
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $includeLabel
|
||||
EntityKey = "includeUsersGroups"
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeUsersGroups"
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
if((($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
|
||||
{
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = Get-LanguageString "AzureCA.allGuestUserLabel"
|
||||
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
|
||||
Category = $category
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeGuestsOrExternalUsers"
|
||||
})
|
||||
}
|
||||
|
||||
if($obj.conditions.users.excludeRoles.Count -gt 0)
|
||||
{
|
||||
$tmpObjs = @()
|
||||
foreach($id in $obj.conditions.users.excludeRoles)
|
||||
{
|
||||
$idObj = $script:allAadRoles | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = Get-LanguageString "AzureCA.directoryRolesLabel"
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeRoles"
|
||||
})
|
||||
}
|
||||
|
||||
if(($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups).Count -gt 0)
|
||||
{
|
||||
$tmpObjs = @()
|
||||
foreach($id in ($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
|
||||
{
|
||||
if($id -eq "GuestsOrExternalUsers") { continue }
|
||||
$idObj = $idInfo | Where Id -eq $id
|
||||
$tmpObjs += ?? $idObj.displayName $id
|
||||
}
|
||||
|
||||
Add-CustomSettingObject ([PSCustomObject]@{
|
||||
Name = $category
|
||||
Value = $tmpObjs -join $script:objectSeparator
|
||||
Category = $category
|
||||
SubCategory = $excludeLabel
|
||||
EntityKey = "excludeUsersGroups"
|
||||
})
|
||||
}
|
||||
|
||||
###################################################
|
||||
# Cloud apps or actions
|
||||
@@ -2753,7 +2882,7 @@ function Invoke-CDDocumentConditionalAccess
|
||||
}
|
||||
else
|
||||
{
|
||||
$filterMode = "included"
|
||||
$filterMode = "excluded"
|
||||
}
|
||||
|
||||
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade
|
||||
|
||||
@@ -9,7 +9,7 @@ Module for listing Intune assignment filter usage
|
||||
#>
|
||||
function Get-ModuleVersion
|
||||
{
|
||||
'1.0.0'
|
||||
'1.1.0'
|
||||
}
|
||||
|
||||
function Invoke-InitializeModule
|
||||
@@ -102,6 +102,8 @@ function Get-EMIntuneFilterUsage
|
||||
{
|
||||
Write-Status "Get payloads for filter $($filter.displayName)"
|
||||
|
||||
$payloadsManual = @()
|
||||
|
||||
$payloads = (Invoke-GraphRequest -Url "$($objectType.API)/$($filter.ID)/payloads").value
|
||||
|
||||
$batchObjs = @()
|
||||
@@ -136,10 +138,48 @@ function Get-EMIntuneFilterUsage
|
||||
$payloadsObj.Requests += [ordered]@{
|
||||
id = "$($guid)_mobileApps"
|
||||
method = "GET"
|
||||
url = "//deviceAppManagement/mobileApps/$($payload.payloadId)/?`$select=displayName"
|
||||
url = "/deviceAppManagement/mobileApps/$($payload.payloadId)/?`$select=displayName"
|
||||
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif($payload.payloadType -eq "deviceManagmentConfigurationAndCompliancePolicy")
|
||||
{
|
||||
$payloadsObj.Requests += [ordered]@{
|
||||
id = "$($guid)_configurationPolicies"
|
||||
method = "GET"
|
||||
url = "/deviceManagement/configurationPolicies/$($payload.payloadId)/?`$select=name,platforms,technologies,templateReference"
|
||||
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
|
||||
}
|
||||
}
|
||||
elseif($payload.payloadType -eq "groupPolicyConfiguration")
|
||||
{
|
||||
$payloadsObj.Requests += [ordered]@{
|
||||
id = "$($guid)_groupPolicyConfigurations"
|
||||
method = "GET"
|
||||
url = "/deviceManagement/groupPolicyConfigurations/$($payload.payloadId)/?`$select=displayName"
|
||||
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
|
||||
}
|
||||
}
|
||||
elseif($payload.payloadType -eq "enrollmentConfiguration")
|
||||
{
|
||||
if(-not $script:enrolmentConfigurations)
|
||||
{
|
||||
$script:enrolmentConfigurations = @()
|
||||
$script:enrolmentConfigurations += (Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations?`$select=displayName,id,deviceEnrollmentConfigurationType").value
|
||||
$script:enrolmentConfigurations += (Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations?`$select=displayName,id,deviceEnrollmentConfigurationType&`$filter=deviceEnrollmentConfigurationType eq 'EnrollmentNotificationsConfiguration'").value
|
||||
}
|
||||
|
||||
$payloadsManual += $payload
|
||||
|
||||
<#
|
||||
$payloadsObj.Requests += [ordered]@{
|
||||
id = "$($guid)_enrollmentConfiguration"
|
||||
method = "GET"
|
||||
url = "/deviceManagement/deviceEnrollmentConfigurations/$($enrolmentConfig.Id)/?`$select=displayName"
|
||||
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
|
||||
}
|
||||
#>
|
||||
}
|
||||
else
|
||||
{
|
||||
$payloadsObj.Requests += [ordered]@{
|
||||
@@ -169,14 +209,8 @@ function Get-EMIntuneFilterUsage
|
||||
{
|
||||
$objName = Get-GraphObjectName $filter $objectType
|
||||
$responses = Invoke-GraphBatchRequest $batchObjs.Requests $objName -SkipWarnings
|
||||
<#
|
||||
$batchObj = [ordered]@{
|
||||
requests = @($batchObjs.Requests)
|
||||
}
|
||||
|
||||
$responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses
|
||||
#>
|
||||
foreach($response in ($responses | Where Status -eq 200))
|
||||
foreach($response in ($responses | Where Status -lt 300))
|
||||
{
|
||||
$payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload
|
||||
|
||||
@@ -198,6 +232,14 @@ function Get-EMIntuneFilterUsage
|
||||
{
|
||||
$typeStr = "Proactive Remediations"
|
||||
}
|
||||
elseif($payload.payloadType -eq "groupPolicyConfiguration")
|
||||
{
|
||||
$typeStr = "Settings Catalog"
|
||||
}
|
||||
elseif($payload.payloadType -eq "deviceManagmentConfigurationAndCompliancePolicy")
|
||||
{
|
||||
$typeStr = "Administrative Templates"
|
||||
}
|
||||
else
|
||||
{
|
||||
$typeStr = (Get-PolicyTypeName $response.body.'@odata.type' $payload.payloadType)
|
||||
@@ -209,7 +251,7 @@ function Get-EMIntuneFilterUsage
|
||||
FiterObject = $filter
|
||||
PayloadObject = $payload
|
||||
FilterName = $filter.displayName
|
||||
PolicyName = $response.body.displayName
|
||||
PolicyName = ?? $response.body.Name $response.body.displayName
|
||||
Type = $response.body.'@odata.type'
|
||||
PayloadType = $typeStr
|
||||
Mode = $filterType
|
||||
@@ -217,6 +259,54 @@ function Get-EMIntuneFilterUsage
|
||||
GroupName = $payload.groupId
|
||||
}
|
||||
}
|
||||
|
||||
foreach($response in ($responses | Where Status -ge 300))
|
||||
{
|
||||
$payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload
|
||||
Write-Log "Failed to get info for payload with id $($payload.payloadId) of type $($payload.payloadType). Might be deleted or not supported." 2
|
||||
}
|
||||
}
|
||||
|
||||
foreach($payload in $payloadsManual)
|
||||
{
|
||||
$payloadPolicy = $script:enrolmentConfigurations | Where Id -like "$($payload.payloadId)*" | Select -First 1
|
||||
|
||||
if($payloadPolicy)
|
||||
{
|
||||
if($payloadPolicy.deviceEnrollmentConfigurationType -eq "enrollmentNotificationsConfiguration")
|
||||
{
|
||||
$typeStr = "Enrollment notifications"
|
||||
}
|
||||
elseif($payloadPolicy.deviceEnrollmentConfigurationType -eq "windows10EnrollmentCompletionPageConfiguration")
|
||||
{
|
||||
$typeStr = "Enrollment Status Page"
|
||||
}
|
||||
else
|
||||
{
|
||||
$typeStr = (Get-PolicyTypeName $payloadPolicy.body.'@odata.type' $payload.payloadType)
|
||||
}
|
||||
|
||||
if($payload.assignmentFilterType -eq "Include")
|
||||
{
|
||||
$filterType = "Include"
|
||||
}
|
||||
else
|
||||
{
|
||||
$filterType = "Exclude"
|
||||
}
|
||||
|
||||
$script:objFilterUsage += [PSCustomObject]@{
|
||||
FiterObject = $filter
|
||||
PayloadObject = $payload
|
||||
FilterName = $filter.displayName
|
||||
PolicyName = ?? $payloadPolicy.Name $payloadPolicy.displayName
|
||||
Type = $payloadPolicy.'@odata.type'
|
||||
PayloadType = $typeStr
|
||||
Mode = $filterType
|
||||
GroupID = $payload.groupId
|
||||
GroupName = $payload.groupId
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -240,13 +330,13 @@ function Get-EMIntuneFilterUsage
|
||||
if($groupObjs.Count -gt 0)
|
||||
{
|
||||
$responses = Invoke-GraphBatchRequest $groupObjs "Groups"
|
||||
<#
|
||||
|
||||
$batchObj = [ordered]@{
|
||||
requests = @($groupObjs)
|
||||
}
|
||||
|
||||
$responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses
|
||||
#>
|
||||
|
||||
foreach($response in ($responses | Where Status -eq 200))
|
||||
{
|
||||
if($response.body.displayName -and $response.body.id -and $loadedGroups.ContainsKey($response.body.id) -eq $false)
|
||||
@@ -258,12 +348,15 @@ function Get-EMIntuneFilterUsage
|
||||
|
||||
foreach($groupID in $loadedGroups.Keys)
|
||||
{
|
||||
$filterObj = $script:objFilterUsage | WHere GroupID -eq $groupID
|
||||
if($filterObj -and $loadedGroups[$groupID])
|
||||
$filterObjs = $script:objFilterUsage | WHere GroupID -eq $groupID
|
||||
if($filterObjs -and $loadedGroups[$groupID])
|
||||
{
|
||||
$filterObj.GroupName = $loadedGroups[$groupID]
|
||||
foreach($filterObj in $filterObjs) {
|
||||
$filterObj.GroupName = $loadedGroups[$groupID]
|
||||
}
|
||||
}
|
||||
}
|
||||
$script:enrolmentConfigurations = $null
|
||||
}
|
||||
|
||||
Add-XamlEvent $script:frmIntuneFilterUsage "txtIntuneFilterUsageFilter" "Add_LostFocus" ({
|
||||
|
||||
@@ -1,4 +1,18 @@
|
||||
# Release Notes
|
||||
## 3.9.4 - 2023-12-18
|
||||
|
||||
**Fixes**
|
||||
- **Get Assignment Filter usage**<br />
|
||||
- All policies that supports filter should now be collected<br />
|
||||
Please create an issue if not all expected filters are listed<br />
|
||||
Based on [Issue 141](https://github.com/Micke-K/IntuneManagement/issues/141)<br />
|
||||
**NOTE:** Start the tool from: Views -> Intune Tools -> Intune Filter Usage<br />
|
||||
|
||||
- **Documentation**<br />
|
||||
- Added support for documenting Conditional Access policies based on Workloads<br />
|
||||
Not 100% tested. Please report if not documented correctly<br />
|
||||
<br />
|
||||
|
||||
## 3.9.3 - 2023-12-11
|
||||
|
||||
**New features**
|
||||
|
||||
Reference in New Issue
Block a user