From 6ac211a2bf74d2dac2b2677cd187bb936cec26b1 Mon Sep 17 00:00:00 2001
From: Mikael Karlsson <43226266+Micke-K@users.noreply.github.com>
Date: Mon, 18 Dec 2023 19:37:17 +1100
Subject: [PATCH] 3.9.4
---
CloudAPIPowerShellManagement.psd1 | 2 +-
Extensions/DocumentationCustom.psm1 | 387 ++++++++++++++++++----------
Extensions/IntuneFilterUsage.psm1 | 125 +++++++--
ReleaseNotes.md | 14 +
4 files changed, 382 insertions(+), 146 deletions(-)
diff --git a/CloudAPIPowerShellManagement.psd1 b/CloudAPIPowerShellManagement.psd1
index 91d7a57..1dd1809 100644
--- a/CloudAPIPowerShellManagement.psd1
+++ b/CloudAPIPowerShellManagement.psd1
@@ -12,7 +12,7 @@
RootModule = 'CloudAPIPowerShellManagement.psm1'
# Version number of this module.
-ModuleVersion = '3.9.3'
+ModuleVersion = '3.9.4'
# Supported PSEditions
# CompatiblePSEditions = @()
diff --git a/Extensions/DocumentationCustom.psm1 b/Extensions/DocumentationCustom.psm1
index c1402b0..35f33a0 100644
--- a/Extensions/DocumentationCustom.psm1
+++ b/Extensions/DocumentationCustom.psm1
@@ -10,7 +10,7 @@ This module will also document some objects based on PowerShell functions
function Get-ModuleVersion
{
- '1.6.2'
+ '1.6.3'
}
function Invoke-InitializeModule
@@ -2241,96 +2241,272 @@ function Invoke-CDDocumentConditionalAccess
Add-BasicAdditionalValues $obj $objectType
- ###################################################
- # User and groups
- ###################################################
-
- $ids = @()
- foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups + $obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
- {
- if($id -in $ids) { continue }
- elseif($id -eq "GuestsOrExternalUsers") { continue }
- elseif($id -eq "All") { continue }
- elseif($id -eq "None") { continue }
-
- $ids += $id
- }
-
- $roleIds = @()
- foreach($id in ($obj.conditions.users.includeRoles + $obj.conditions.users.excludeRoles))
- {
- if($id -in $ids) { continue }
- $roleIds += $id
- }
-
- $idInfo = $null
-
- if($ids.Count -gt 0)
- {
- $ht = @{}
- $ht.Add("ids", @($ids | Unique))
-
- $body = $ht | ConvertTo-Json
-
- # ToDo: Get from MigFile for Offline
- $idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
- }
-
- if($roleIds.Count -gt 0 -and -not $script:allAadRoles)
- {
- $script:allAadRoles =(Invoke-GraphRequest -url "/directoryRoleTemplates?`$select=Id,displayName" -ODataMetadata "minimal").value
- }
-
$includeLabel = Get-LanguageString "AzureCA.userSelectionBladeIncludeTabTitle"
$excludeLabel = Get-LanguageString "AzureCA.userSelectionBladeExcludeTabTitle"
- $category = Get-LanguageString "AzureCA.usersGroupsLabel"
+ if($obj.conditions.clientApplications.includeServicePrincipals -or $obj.conditions.clientApplications.excludeServicePrincipals)
+ {
+ ###################################################
+ # Workload
+ ###################################################
- if((($obj.conditions.users.includeUsers | Where { $_ -eq "All"}) -ne $null))
- {
- Add-CustomSettingObject ([PSCustomObject]@{
- Name = $includeLabel
- Value = Get-LanguageString "AzureCA.allUsersString"
- Category = $category
- SubCategory = $includeLabel
- EntityKey = "includeUsers"
- })
- }
- elseif((($obj.conditions.users.includeUsers | Where { $_ -eq "None"}) -ne $null))
- {
- Add-CustomSettingObject ([PSCustomObject]@{
- Name = $includeLabel
- Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
- Category = $category
- SubCategory = $includeLabel
- EntityKey = "includeUsers"
- })
+ $ids = @()
+ foreach($id in ($obj.conditions.clientApplications.includeServicePrincipals + $obj.conditions.clientApplications.excludeServicePrincipals))
+ {
+ if($id -in $ids) { continue }
+ elseif($id -eq "ServicePrincipalsInMyTenant") { continue }
+
+ $ids += $id
+ }
+
+ $category = Get-LanguageString "AzureCA.workloadIdentities"
+
+ $idInfo = $null
+
+ if($ids.Count -gt 0)
+ {
+ $ht = @{}
+ $ht.Add("ids", @($ids | Unique))
+
+ $body = $ht | ConvertTo-Json
+
+ # ToDo: Get from MigFile for Offline
+ $idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
+ }
+
+ if((($obj.conditions.clientApplications.includeServicePrincipals | Where { $_ -eq "ServicePrincipalsInMyTenant"}) -ne $null))
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $includeLabel
+ Value = Get-LanguageString "AzureCA.servicePrincipalRadioAll"
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeServicePrincipals"
+ })
+ }
+ elseif((($obj.conditions.clientApplications.includeServicePrincipals | Where { $_ -eq "None"}) -ne $null))
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $includeLabel
+ Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeServicePrincipals"
+ })
+ }
+ elseif($ids.Count -gt 0 -and $obj.conditions.clientApplications.includeServicePrincipals)
+ {
+ #$category = Get-LanguageString "AzureCA.selectedSP"
+ $tmpObjs = @()
+ foreach($id in ($obj.conditions.clientApplications.includeServicePrincipals))
+ {
+ $idObj = $idInfo | Where Id -eq $id
+ $tmpObjs += ?? $idObj.displayName $id
+ }
+
+ if($tmpObjs.count -gt 0)
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $category
+ Value = $tmpObjs -join $script:objectSeparator
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeServicePrincipals"
+ })
+ }
+ }
+
+ if($obj.conditions.clientApplications.servicePrincipalFilter)
+ {
+ if($obj.conditions.clientApplications.servicePrincipalFilter.mode -eq "include")
+ {
+ $filterMode = "included"
+ }
+ else
+ {
+ $filterMode = "excluded"
+ }
+
+ #AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade
+ #AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.title
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = Get-LanguageString "AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.AppliesTo.$filterMode"
+ Value = $obj.conditions.clientApplications.servicePrincipalFilter.rule
+ Category = $category
+ SubCategory = Get-LanguageString "AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.title"
+ EntityKey = "excludeServicePrincipalDevices"
+ })
+ }
+
+ if((($obj.conditions.clientApplications.excludeServicePrincipals | Where { $_ -eq "ServicePrincipalsInMyTenant"}) -ne $null))
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $includeLabel
+ Value = Get-LanguageString "AzureCA.servicePrincipalRadioAll"
+ Category = $category
+ SubCategory = $excludeLabel
+ EntityKey = "excludeServicePrincipals"
+ })
+ }
+ elseif($ids.Count -gt 0)
+ {
+ #$category = Get-LanguageString "AzureCA.selectedSP"
+ $tmpObjs = @()
+ foreach($id in ($obj.conditions.clientApplications.excludeServicePrincipals))
+ {
+ $idObj = $idInfo | Where Id -eq $id
+ $tmpObjs += ?? $idObj.displayName $id
+ }
+
+ if($tmpObjs.count -gt 0)
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $category
+ Value = $tmpObjs -join $script:objectSeparator
+ Category = $category
+ SubCategory = $excludeLabel
+ EntityKey = "excludeServicePrincipals"
+ })
+ }
+ }
}
else
{
- Add-CustomSettingObject ([PSCustomObject]@{
- Name = $includeLabel
- Value = Get-LanguageString "AzureCA.userSelectionBladeSelectedUsers"
- Category = $category
- SubCategory = $includeLabel
- EntityKey = "includeUsers"
- })
+ ###################################################
+ # User and groups
+ ###################################################
- if((($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
+ $ids = @()
+ foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups + $obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
+ {
+ if($id -in $ids) { continue }
+ elseif($id -eq "GuestsOrExternalUsers") { continue }
+ elseif($id -eq "All") { continue }
+ elseif($id -eq "None") { continue }
+
+ $ids += $id
+ }
+
+ $roleIds = @()
+ foreach($id in ($obj.conditions.users.includeRoles + $obj.conditions.users.excludeRoles))
+ {
+ if($id -in $ids) { continue }
+ $roleIds += $id
+ }
+
+ $idInfo = $null
+
+ if($ids.Count -gt 0)
+ {
+ $ht = @{}
+ $ht.Add("ids", @($ids | Unique))
+
+ $body = $ht | ConvertTo-Json
+
+ # ToDo: Get from MigFile for Offline
+ $idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
+ }
+
+ if($roleIds.Count -gt 0 -and -not $script:allAadRoles)
+ {
+ $script:allAadRoles =(Invoke-GraphRequest -url "/directoryRoleTemplates?`$select=Id,displayName" -ODataMetadata "minimal").value
+ }
+
+ $category = Get-LanguageString "AzureCA.usersGroupsLabel"
+
+ if((($obj.conditions.users.includeUsers | Where { $_ -eq "All"}) -ne $null))
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $includeLabel
+ Value = Get-LanguageString "AzureCA.allUsersString"
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeUsers"
+ })
+ }
+ elseif((($obj.conditions.users.includeUsers | Where { $_ -eq "None"}) -ne $null))
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $includeLabel
+ Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeUsers"
+ })
+ }
+ else
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $includeLabel
+ Value = Get-LanguageString "AzureCA.userSelectionBladeSelectedUsers"
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeUsers"
+ })
+
+ if((($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
+ {
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = Get-LanguageString "AzureCA.allGuestUserLabel"
+ Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeGuestsOrExternalUsers"
+ })
+ }
+
+ if($obj.conditions.users.includeRoles.Count -gt 0)
+ {
+ $tmpObjs = @()
+ foreach($id in $obj.conditions.users.includeRoles)
+ {
+ $idObj = $script:allAadRoles | Where Id -eq $id
+ $tmpObjs += ?? $idObj.displayName $id
+ }
+
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = Get-LanguageString "AzureCA.directoryRolesLabel"
+ Value = $tmpObjs -join $script:objectSeparator
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeRoles"
+ })
+ }
+
+ if(($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups).Count -gt 0)
+ {
+ $tmpObjs = @()
+ foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups))
+ {
+ if($id -eq "GuestsOrExternalUsers") { continue }
+ $idObj = $idInfo | Where Id -eq $id
+ $tmpObjs += ?? $idObj.displayName $id
+ }
+ Add-CustomSettingObject ([PSCustomObject]@{
+ Name = $category
+ Value = $tmpObjs -join $script:objectSeparator
+ Category = $category
+ SubCategory = $includeLabel
+ EntityKey = "includeUsersGroups"
+ })
+ }
+ }
+
+ if((($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.allGuestUserLabel"
- Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
+ Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
Category = $category
- SubCategory = $includeLabel
- EntityKey = "includeGuestsOrExternalUsers"
+ SubCategory = $excludeLabel
+ EntityKey = "excludeGuestsOrExternalUsers"
})
}
- if($obj.conditions.users.includeRoles.Count -gt 0)
+ if($obj.conditions.users.excludeRoles.Count -gt 0)
{
$tmpObjs = @()
- foreach($id in $obj.conditions.users.includeRoles)
+ foreach($id in $obj.conditions.users.excludeRoles)
{
$idObj = $script:allAadRoles | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
@@ -2340,77 +2516,30 @@ function Invoke-CDDocumentConditionalAccess
Name = Get-LanguageString "AzureCA.directoryRolesLabel"
Value = $tmpObjs -join $script:objectSeparator
Category = $category
- SubCategory = $includeLabel
- EntityKey = "includeRoles"
+ SubCategory = $excludeLabel
+ EntityKey = "excludeRoles"
})
}
- if(($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups).Count -gt 0)
+ if(($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups).Count -gt 0)
{
$tmpObjs = @()
- foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups))
+ foreach($id in ($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
{
if($id -eq "GuestsOrExternalUsers") { continue }
$idObj = $idInfo | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
+
Add-CustomSettingObject ([PSCustomObject]@{
Name = $category
Value = $tmpObjs -join $script:objectSeparator
Category = $category
- SubCategory = $includeLabel
- EntityKey = "includeUsersGroups"
+ SubCategory = $excludeLabel
+ EntityKey = "excludeUsersGroups"
})
}
}
-
- if((($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
- {
- Add-CustomSettingObject ([PSCustomObject]@{
- Name = Get-LanguageString "AzureCA.allGuestUserLabel"
- Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
- Category = $category
- SubCategory = $excludeLabel
- EntityKey = "excludeGuestsOrExternalUsers"
- })
- }
-
- if($obj.conditions.users.excludeRoles.Count -gt 0)
- {
- $tmpObjs = @()
- foreach($id in $obj.conditions.users.excludeRoles)
- {
- $idObj = $script:allAadRoles | Where Id -eq $id
- $tmpObjs += ?? $idObj.displayName $id
- }
-
- Add-CustomSettingObject ([PSCustomObject]@{
- Name = Get-LanguageString "AzureCA.directoryRolesLabel"
- Value = $tmpObjs -join $script:objectSeparator
- Category = $category
- SubCategory = $excludeLabel
- EntityKey = "excludeRoles"
- })
- }
-
- if(($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups).Count -gt 0)
- {
- $tmpObjs = @()
- foreach($id in ($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
- {
- if($id -eq "GuestsOrExternalUsers") { continue }
- $idObj = $idInfo | Where Id -eq $id
- $tmpObjs += ?? $idObj.displayName $id
- }
-
- Add-CustomSettingObject ([PSCustomObject]@{
- Name = $category
- Value = $tmpObjs -join $script:objectSeparator
- Category = $category
- SubCategory = $excludeLabel
- EntityKey = "excludeUsersGroups"
- })
- }
###################################################
# Cloud apps or actions
@@ -2753,7 +2882,7 @@ function Invoke-CDDocumentConditionalAccess
}
else
{
- $filterMode = "included"
+ $filterMode = "excluded"
}
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade
diff --git a/Extensions/IntuneFilterUsage.psm1 b/Extensions/IntuneFilterUsage.psm1
index 5336d27..27d6c42 100644
--- a/Extensions/IntuneFilterUsage.psm1
+++ b/Extensions/IntuneFilterUsage.psm1
@@ -9,7 +9,7 @@ Module for listing Intune assignment filter usage
#>
function Get-ModuleVersion
{
- '1.0.0'
+ '1.1.0'
}
function Invoke-InitializeModule
@@ -102,6 +102,8 @@ function Get-EMIntuneFilterUsage
{
Write-Status "Get payloads for filter $($filter.displayName)"
+ $payloadsManual = @()
+
$payloads = (Invoke-GraphRequest -Url "$($objectType.API)/$($filter.ID)/payloads").value
$batchObjs = @()
@@ -136,10 +138,48 @@ function Get-EMIntuneFilterUsage
$payloadsObj.Requests += [ordered]@{
id = "$($guid)_mobileApps"
method = "GET"
- url = "//deviceAppManagement/mobileApps/$($payload.payloadId)/?`$select=displayName"
+ url = "/deviceAppManagement/mobileApps/$($payload.payloadId)/?`$select=displayName"
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
}
- }
+ }
+ elseif($payload.payloadType -eq "deviceManagmentConfigurationAndCompliancePolicy")
+ {
+ $payloadsObj.Requests += [ordered]@{
+ id = "$($guid)_configurationPolicies"
+ method = "GET"
+ url = "/deviceManagement/configurationPolicies/$($payload.payloadId)/?`$select=name,platforms,technologies,templateReference"
+ headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
+ }
+ }
+ elseif($payload.payloadType -eq "groupPolicyConfiguration")
+ {
+ $payloadsObj.Requests += [ordered]@{
+ id = "$($guid)_groupPolicyConfigurations"
+ method = "GET"
+ url = "/deviceManagement/groupPolicyConfigurations/$($payload.payloadId)/?`$select=displayName"
+ headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
+ }
+ }
+ elseif($payload.payloadType -eq "enrollmentConfiguration")
+ {
+ if(-not $script:enrolmentConfigurations)
+ {
+ $script:enrolmentConfigurations = @()
+ $script:enrolmentConfigurations += (Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations?`$select=displayName,id,deviceEnrollmentConfigurationType").value
+ $script:enrolmentConfigurations += (Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations?`$select=displayName,id,deviceEnrollmentConfigurationType&`$filter=deviceEnrollmentConfigurationType eq 'EnrollmentNotificationsConfiguration'").value
+ }
+
+ $payloadsManual += $payload
+
+ <#
+ $payloadsObj.Requests += [ordered]@{
+ id = "$($guid)_enrollmentConfiguration"
+ method = "GET"
+ url = "/deviceManagement/deviceEnrollmentConfigurations/$($enrolmentConfig.Id)/?`$select=displayName"
+ headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
+ }
+ #>
+ }
else
{
$payloadsObj.Requests += [ordered]@{
@@ -169,14 +209,8 @@ function Get-EMIntuneFilterUsage
{
$objName = Get-GraphObjectName $filter $objectType
$responses = Invoke-GraphBatchRequest $batchObjs.Requests $objName -SkipWarnings
- <#
- $batchObj = [ordered]@{
- requests = @($batchObjs.Requests)
- }
- $responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses
- #>
- foreach($response in ($responses | Where Status -eq 200))
+ foreach($response in ($responses | Where Status -lt 300))
{
$payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload
@@ -198,6 +232,14 @@ function Get-EMIntuneFilterUsage
{
$typeStr = "Proactive Remediations"
}
+ elseif($payload.payloadType -eq "groupPolicyConfiguration")
+ {
+ $typeStr = "Settings Catalog"
+ }
+ elseif($payload.payloadType -eq "deviceManagmentConfigurationAndCompliancePolicy")
+ {
+ $typeStr = "Administrative Templates"
+ }
else
{
$typeStr = (Get-PolicyTypeName $response.body.'@odata.type' $payload.payloadType)
@@ -209,7 +251,7 @@ function Get-EMIntuneFilterUsage
FiterObject = $filter
PayloadObject = $payload
FilterName = $filter.displayName
- PolicyName = $response.body.displayName
+ PolicyName = ?? $response.body.Name $response.body.displayName
Type = $response.body.'@odata.type'
PayloadType = $typeStr
Mode = $filterType
@@ -217,6 +259,54 @@ function Get-EMIntuneFilterUsage
GroupName = $payload.groupId
}
}
+
+ foreach($response in ($responses | Where Status -ge 300))
+ {
+ $payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload
+ Write-Log "Failed to get info for payload with id $($payload.payloadId) of type $($payload.payloadType). Might be deleted or not supported." 2
+ }
+ }
+
+ foreach($payload in $payloadsManual)
+ {
+ $payloadPolicy = $script:enrolmentConfigurations | Where Id -like "$($payload.payloadId)*" | Select -First 1
+
+ if($payloadPolicy)
+ {
+ if($payloadPolicy.deviceEnrollmentConfigurationType -eq "enrollmentNotificationsConfiguration")
+ {
+ $typeStr = "Enrollment notifications"
+ }
+ elseif($payloadPolicy.deviceEnrollmentConfigurationType -eq "windows10EnrollmentCompletionPageConfiguration")
+ {
+ $typeStr = "Enrollment Status Page"
+ }
+ else
+ {
+ $typeStr = (Get-PolicyTypeName $payloadPolicy.body.'@odata.type' $payload.payloadType)
+ }
+
+ if($payload.assignmentFilterType -eq "Include")
+ {
+ $filterType = "Include"
+ }
+ else
+ {
+ $filterType = "Exclude"
+ }
+
+ $script:objFilterUsage += [PSCustomObject]@{
+ FiterObject = $filter
+ PayloadObject = $payload
+ FilterName = $filter.displayName
+ PolicyName = ?? $payloadPolicy.Name $payloadPolicy.displayName
+ Type = $payloadPolicy.'@odata.type'
+ PayloadType = $typeStr
+ Mode = $filterType
+ GroupID = $payload.groupId
+ GroupName = $payload.groupId
+ }
+ }
}
}
@@ -240,13 +330,13 @@ function Get-EMIntuneFilterUsage
if($groupObjs.Count -gt 0)
{
$responses = Invoke-GraphBatchRequest $groupObjs "Groups"
- <#
+
$batchObj = [ordered]@{
requests = @($groupObjs)
}
$responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses
- #>
+
foreach($response in ($responses | Where Status -eq 200))
{
if($response.body.displayName -and $response.body.id -and $loadedGroups.ContainsKey($response.body.id) -eq $false)
@@ -258,12 +348,15 @@ function Get-EMIntuneFilterUsage
foreach($groupID in $loadedGroups.Keys)
{
- $filterObj = $script:objFilterUsage | WHere GroupID -eq $groupID
- if($filterObj -and $loadedGroups[$groupID])
+ $filterObjs = $script:objFilterUsage | WHere GroupID -eq $groupID
+ if($filterObjs -and $loadedGroups[$groupID])
{
- $filterObj.GroupName = $loadedGroups[$groupID]
+ foreach($filterObj in $filterObjs) {
+ $filterObj.GroupName = $loadedGroups[$groupID]
+ }
}
}
+ $script:enrolmentConfigurations = $null
}
Add-XamlEvent $script:frmIntuneFilterUsage "txtIntuneFilterUsageFilter" "Add_LostFocus" ({
diff --git a/ReleaseNotes.md b/ReleaseNotes.md
index 2f5b9c8..b2d0728 100644
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -1,4 +1,18 @@
# Release Notes
+## 3.9.4 - 2023-12-18
+
+**Fixes**
+- **Get Assignment Filter usage**
+ - All policies that supports filter should now be collected
+ Please create an issue if not all expected filters are listed
+ Based on [Issue 141](https://github.com/Micke-K/IntuneManagement/issues/141)
+ **NOTE:** Start the tool from: Views -> Intune Tools -> Intune Filter Usage
+
+- **Documentation**
+ - Added support for documenting Conditional Access policies based on Workloads
+ Not 100% tested. Please report if not documented correctly
+
+
## 3.9.3 - 2023-12-11
**New features**