cqrenet/macOS_IntuneManagement
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

3.9.4

Browse Source
This commit is contained in:
Mikael Karlsson
2023-12-18 19:37:17 +11:00
parent 83c845fc33
commit 6ac211a2bf
4 changed files with 382 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CloudAPIPowerShellManagement.psd1
View File

@@ -12,7 +12,7 @@
RootModule = 'CloudAPIPowerShellManagement.psm1' RootModule = 'CloudAPIPowerShellManagement.psm1'
# Version number of this module. # Version number of this module.
ModuleVersion = '3.9.3' ModuleVersion = '3.9.4'
# Supported PSEditions # Supported PSEditions
# CompatiblePSEditions = @() # CompatiblePSEditions = @()

387
Extensions/DocumentationCustom.psm1
View File

@@ -10,7 +10,7 @@ This module will also document some objects based on PowerShell functions
function Get-ModuleVersion function Get-ModuleVersion
{ {
'1.6.2' '1.6.3'
} }
function Invoke-InitializeModule function Invoke-InitializeModule
@@ -2241,96 +2241,272 @@ function Invoke-CDDocumentConditionalAccess
Add-BasicAdditionalValues $obj $objectType Add-BasicAdditionalValues $obj $objectType
###################################################
# User and groups
###################################################
$ids = @()
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups + $obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
{
if($id -in $ids) { continue }
elseif($id -eq "GuestsOrExternalUsers") { continue }
elseif($id -eq "All") { continue }
elseif($id -eq "None") { continue }
$ids += $id
}
$roleIds = @()
foreach($id in ($obj.conditions.users.includeRoles + $obj.conditions.users.excludeRoles))
{
if($id -in $ids) { continue }
$roleIds += $id
}
$idInfo = $null
if($ids.Count -gt 0)
{
$ht = @{}
$ht.Add("ids", @($ids | Unique))
$body = $ht | ConvertTo-Json
# ToDo: Get from MigFile for Offline
$idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
}
if($roleIds.Count -gt 0 -and -not $script:allAadRoles)
{
$script:allAadRoles =(Invoke-GraphRequest -url "/directoryRoleTemplates?`$select=Id,displayName" -ODataMetadata "minimal").value
}
$includeLabel = Get-LanguageString "AzureCA.userSelectionBladeIncludeTabTitle" $includeLabel = Get-LanguageString "AzureCA.userSelectionBladeIncludeTabTitle"
$excludeLabel = Get-LanguageString "AzureCA.userSelectionBladeExcludeTabTitle" $excludeLabel = Get-LanguageString "AzureCA.userSelectionBladeExcludeTabTitle"
$category = Get-LanguageString "AzureCA.usersGroupsLabel" if($obj.conditions.clientApplications.includeServicePrincipals -or $obj.conditions.clientApplications.excludeServicePrincipals)
{
###################################################
# Workload
###################################################
if((($obj.conditions.users.includeUsers | Where { $_ -eq "All"}) -ne $null)) $ids = @()
{ foreach($id in ($obj.conditions.clientApplications.includeServicePrincipals + $obj.conditions.clientApplications.excludeServicePrincipals))
Add-CustomSettingObject ([PSCustomObject]@{ {
Name = $includeLabel if($id -in $ids) { continue }
Value = Get-LanguageString "AzureCA.allUsersString" elseif($id -eq "ServicePrincipalsInMyTenant") { continue }
Category = $category
SubCategory = $includeLabel $ids += $id
EntityKey = "includeUsers" }
})
} $category = Get-LanguageString "AzureCA.workloadIdentities"
elseif((($obj.conditions.users.includeUsers | Where { $_ -eq "None"}) -ne $null))
{ $idInfo = $null
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel if($ids.Count -gt 0)
Value = Get-LanguageString "AzureCA.chooseApplicationsNone" {
Category = $category $ht = @{}
SubCategory = $includeLabel $ht.Add("ids", @($ids | Unique))
EntityKey = "includeUsers"
}) $body = $ht | ConvertTo-Json
# ToDo: Get from MigFile for Offline
$idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
}
if((($obj.conditions.clientApplications.includeServicePrincipals | Where { $_ -eq "ServicePrincipalsInMyTenant"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel
Value = Get-LanguageString "AzureCA.servicePrincipalRadioAll"
Category = $category
SubCategory = $includeLabel
EntityKey = "includeServicePrincipals"
})
}
elseif((($obj.conditions.clientApplications.includeServicePrincipals | Where { $_ -eq "None"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel
Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
Category = $category
SubCategory = $includeLabel
EntityKey = "includeServicePrincipals"
})
}
elseif($ids.Count -gt 0 -and $obj.conditions.clientApplications.includeServicePrincipals)
{
#$category = Get-LanguageString "AzureCA.selectedSP"
$tmpObjs = @()
foreach($id in ($obj.conditions.clientApplications.includeServicePrincipals))
{
$idObj = $idInfo | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
if($tmpObjs.count -gt 0)
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $category
Value = $tmpObjs -join $script:objectSeparator
Category = $category
SubCategory = $includeLabel
EntityKey = "includeServicePrincipals"
})
}
}
if($obj.conditions.clientApplications.servicePrincipalFilter)
{
if($obj.conditions.clientApplications.servicePrincipalFilter.mode -eq "include")
{
$filterMode = "included"
}
else
{
$filterMode = "excluded"
}
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.title
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.AppliesTo.$filterMode"
Value = $obj.conditions.clientApplications.servicePrincipalFilter.rule
Category = $category
SubCategory = Get-LanguageString "AzureCA.PolicyBlade.Conditions.DeviceAttributes.Blade.title"
EntityKey = "excludeServicePrincipalDevices"
})
}
if((($obj.conditions.clientApplications.excludeServicePrincipals | Where { $_ -eq "ServicePrincipalsInMyTenant"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel
Value = Get-LanguageString "AzureCA.servicePrincipalRadioAll"
Category = $category
SubCategory = $excludeLabel
EntityKey = "excludeServicePrincipals"
})
}
elseif($ids.Count -gt 0)
{
#$category = Get-LanguageString "AzureCA.selectedSP"
$tmpObjs = @()
foreach($id in ($obj.conditions.clientApplications.excludeServicePrincipals))
{
$idObj = $idInfo | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
if($tmpObjs.count -gt 0)
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $category
Value = $tmpObjs -join $script:objectSeparator
Category = $category
SubCategory = $excludeLabel
EntityKey = "excludeServicePrincipals"
})
}
}
} }
else else
{ {
Add-CustomSettingObject ([PSCustomObject]@{ ###################################################
Name = $includeLabel # User and groups
Value = Get-LanguageString "AzureCA.userSelectionBladeSelectedUsers" ###################################################
Category = $category
SubCategory = $includeLabel
EntityKey = "includeUsers"
})
if((($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null)) $ids = @()
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups + $obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
{
if($id -in $ids) { continue }
elseif($id -eq "GuestsOrExternalUsers") { continue }
elseif($id -eq "All") { continue }
elseif($id -eq "None") { continue }
$ids += $id
}
$roleIds = @()
foreach($id in ($obj.conditions.users.includeRoles + $obj.conditions.users.excludeRoles))
{
if($id -in $ids) { continue }
$roleIds += $id
}
$idInfo = $null
if($ids.Count -gt 0)
{
$ht = @{}
$ht.Add("ids", @($ids | Unique))
$body = $ht | ConvertTo-Json
# ToDo: Get from MigFile for Offline
$idInfo = (Invoke-GraphRequest -Url "/directoryObjects/getByIds?`$select=displayName,id" -Content $body -Method "Post").Value
}
if($roleIds.Count -gt 0 -and -not $script:allAadRoles)
{
$script:allAadRoles =(Invoke-GraphRequest -url "/directoryRoleTemplates?`$select=Id,displayName" -ODataMetadata "minimal").value
}
$category = Get-LanguageString "AzureCA.usersGroupsLabel"
if((($obj.conditions.users.includeUsers | Where { $_ -eq "All"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel
Value = Get-LanguageString "AzureCA.allUsersString"
Category = $category
SubCategory = $includeLabel
EntityKey = "includeUsers"
})
}
elseif((($obj.conditions.users.includeUsers | Where { $_ -eq "None"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel
Value = Get-LanguageString "AzureCA.chooseApplicationsNone"
Category = $category
SubCategory = $includeLabel
EntityKey = "includeUsers"
})
}
else
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = $includeLabel
Value = Get-LanguageString "AzureCA.userSelectionBladeSelectedUsers"
Category = $category
SubCategory = $includeLabel
EntityKey = "includeUsers"
})
if((($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.allGuestUserLabel"
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
Category = $category
SubCategory = $includeLabel
EntityKey = "includeGuestsOrExternalUsers"
})
}
if($obj.conditions.users.includeRoles.Count -gt 0)
{
$tmpObjs = @()
foreach($id in $obj.conditions.users.includeRoles)
{
$idObj = $script:allAadRoles | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.directoryRolesLabel"
Value = $tmpObjs -join $script:objectSeparator
Category = $category
SubCategory = $includeLabel
EntityKey = "includeRoles"
})
}
if(($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups).Count -gt 0)
{
$tmpObjs = @()
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups))
{
if($id -eq "GuestsOrExternalUsers") { continue }
$idObj = $idInfo | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = $category
Value = $tmpObjs -join $script:objectSeparator
Category = $category
SubCategory = $includeLabel
EntityKey = "includeUsersGroups"
})
}
}
if((($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
{ {
Add-CustomSettingObject ([PSCustomObject]@{ Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.allGuestUserLabel" Name = Get-LanguageString "AzureCA.allGuestUserLabel"
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.includeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))" Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
Category = $category Category = $category
SubCategory = $includeLabel SubCategory = $excludeLabel
EntityKey = "includeGuestsOrExternalUsers" EntityKey = "excludeGuestsOrExternalUsers"
}) })
} }
if($obj.conditions.users.includeRoles.Count -gt 0) if($obj.conditions.users.excludeRoles.Count -gt 0)
{ {
$tmpObjs = @() $tmpObjs = @()
foreach($id in $obj.conditions.users.includeRoles) foreach($id in $obj.conditions.users.excludeRoles)
{ {
$idObj = $script:allAadRoles | Where Id -eq $id $idObj = $script:allAadRoles | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id $tmpObjs += ?? $idObj.displayName $id
@@ -2340,77 +2516,30 @@ function Invoke-CDDocumentConditionalAccess
Name = Get-LanguageString "AzureCA.directoryRolesLabel" Name = Get-LanguageString "AzureCA.directoryRolesLabel"
Value = $tmpObjs -join $script:objectSeparator Value = $tmpObjs -join $script:objectSeparator
Category = $category Category = $category
SubCategory = $includeLabel SubCategory = $excludeLabel
EntityKey = "includeRoles" EntityKey = "excludeRoles"
}) })
} }
if(($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups).Count -gt 0) if(($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups).Count -gt 0)
{ {
$tmpObjs = @() $tmpObjs = @()
foreach($id in ($obj.conditions.users.includeUsers + $obj.conditions.users.includeGroups)) foreach($id in ($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
{ {
if($id -eq "GuestsOrExternalUsers") { continue } if($id -eq "GuestsOrExternalUsers") { continue }
$idObj = $idInfo | Where Id -eq $id $idObj = $idInfo | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id $tmpObjs += ?? $idObj.displayName $id
} }
Add-CustomSettingObject ([PSCustomObject]@{ Add-CustomSettingObject ([PSCustomObject]@{
Name = $category Name = $category
Value = $tmpObjs -join $script:objectSeparator Value = $tmpObjs -join $script:objectSeparator
Category = $category Category = $category
SubCategory = $includeLabel SubCategory = $excludeLabel
EntityKey = "includeUsersGroups" EntityKey = "excludeUsersGroups"
}) })
} }
} }
if((($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null))
{
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.allGuestUserLabel"
Value = Get-LanguageString "Inputs.enabled" #$((?: (($obj.conditions.users.excludeUsers | Where { $_ -eq "GuestsOrExternalUsers"}) -ne $null) "enabled" "disabled"))"
Category = $category
SubCategory = $excludeLabel
EntityKey = "excludeGuestsOrExternalUsers"
})
}
if($obj.conditions.users.excludeRoles.Count -gt 0)
{
$tmpObjs = @()
foreach($id in $obj.conditions.users.excludeRoles)
{
$idObj = $script:allAadRoles | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = Get-LanguageString "AzureCA.directoryRolesLabel"
Value = $tmpObjs -join $script:objectSeparator
Category = $category
SubCategory = $excludeLabel
EntityKey = "excludeRoles"
})
}
if(($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups).Count -gt 0)
{
$tmpObjs = @()
foreach($id in ($obj.conditions.users.excludeUsers + $obj.conditions.users.excludeGroups))
{
if($id -eq "GuestsOrExternalUsers") { continue }
$idObj = $idInfo | Where Id -eq $id
$tmpObjs += ?? $idObj.displayName $id
}
Add-CustomSettingObject ([PSCustomObject]@{
Name = $category
Value = $tmpObjs -join $script:objectSeparator
Category = $category
SubCategory = $excludeLabel
EntityKey = "excludeUsersGroups"
})
}
################################################### ###################################################
# Cloud apps or actions # Cloud apps or actions
@@ -2753,7 +2882,7 @@ function Invoke-CDDocumentConditionalAccess
} }
else else
{ {
$filterMode = "included" $filterMode = "excluded"
} }
#AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade #AzureCA.PolicyBlade.Conditions.DeviceAttributes.AssignmentFilter.Blade

125
Extensions/IntuneFilterUsage.psm1
View File

@@ -9,7 +9,7 @@ Module for listing Intune assignment filter usage
#> #>
function Get-ModuleVersion function Get-ModuleVersion
{ {
'1.0.0' '1.1.0'
} }
function Invoke-InitializeModule function Invoke-InitializeModule
@@ -102,6 +102,8 @@ function Get-EMIntuneFilterUsage
{ {
Write-Status "Get payloads for filter $($filter.displayName)" Write-Status "Get payloads for filter $($filter.displayName)"
$payloadsManual = @()
$payloads = (Invoke-GraphRequest -Url "$($objectType.API)/$($filter.ID)/payloads").value $payloads = (Invoke-GraphRequest -Url "$($objectType.API)/$($filter.ID)/payloads").value
$batchObjs = @() $batchObjs = @()
@@ -136,10 +138,48 @@ function Get-EMIntuneFilterUsage
$payloadsObj.Requests += [ordered]@{ $payloadsObj.Requests += [ordered]@{
id = "$($guid)_mobileApps" id = "$($guid)_mobileApps"
method = "GET" method = "GET"
url = "//deviceAppManagement/mobileApps/$($payload.payloadId)/?`$select=displayName" url = "/deviceAppManagement/mobileApps/$($payload.payloadId)/?`$select=displayName"
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"} headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
} }
} }
elseif($payload.payloadType -eq "deviceManagmentConfigurationAndCompliancePolicy")
{
$payloadsObj.Requests += [ordered]@{
id = "$($guid)_configurationPolicies"
method = "GET"
url = "/deviceManagement/configurationPolicies/$($payload.payloadId)/?`$select=name,platforms,technologies,templateReference"
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
}
}
elseif($payload.payloadType -eq "groupPolicyConfiguration")
{
$payloadsObj.Requests += [ordered]@{
id = "$($guid)_groupPolicyConfigurations"
method = "GET"
url = "/deviceManagement/groupPolicyConfigurations/$($payload.payloadId)/?`$select=displayName"
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
}
}
elseif($payload.payloadType -eq "enrollmentConfiguration")
{
if(-not $script:enrolmentConfigurations)
{
$script:enrolmentConfigurations = @()
$script:enrolmentConfigurations += (Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations?`$select=displayName,id,deviceEnrollmentConfigurationType").value
$script:enrolmentConfigurations += (Invoke-GraphRequest -Url "/deviceManagement/deviceEnrollmentConfigurations?`$select=displayName,id,deviceEnrollmentConfigurationType&`$filter=deviceEnrollmentConfigurationType eq 'EnrollmentNotificationsConfiguration'").value
}
$payloadsManual += $payload
<#
$payloadsObj.Requests += [ordered]@{
id = "$($guid)_enrollmentConfiguration"
method = "GET"
url = "/deviceManagement/deviceEnrollmentConfigurations/$($enrolmentConfig.Id)/?`$select=displayName"
headers = @{"x-ms-command-name"="AssignmentFilterPayloadProxy_resolvePayloadNames_BatchItem"}
}
#>
}
else else
{ {
$payloadsObj.Requests += [ordered]@{ $payloadsObj.Requests += [ordered]@{
@@ -169,14 +209,8 @@ function Get-EMIntuneFilterUsage
{ {
$objName = Get-GraphObjectName $filter $objectType $objName = Get-GraphObjectName $filter $objectType
$responses = Invoke-GraphBatchRequest $batchObjs.Requests $objName -SkipWarnings $responses = Invoke-GraphBatchRequest $batchObjs.Requests $objName -SkipWarnings
<#
$batchObj = [ordered]@{
requests = @($batchObjs.Requests)
}
$responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses foreach($response in ($responses | Where Status -lt 300))
#>
foreach($response in ($responses | Where Status -eq 200))
{ {
$payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload $payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload
@@ -198,6 +232,14 @@ function Get-EMIntuneFilterUsage
{ {
$typeStr = "Proactive Remediations" $typeStr = "Proactive Remediations"
} }
elseif($payload.payloadType -eq "groupPolicyConfiguration")
{
$typeStr = "Settings Catalog"
}
elseif($payload.payloadType -eq "deviceManagmentConfigurationAndCompliancePolicy")
{
$typeStr = "Administrative Templates"
}
else else
{ {
$typeStr = (Get-PolicyTypeName $response.body.'@odata.type' $payload.payloadType) $typeStr = (Get-PolicyTypeName $response.body.'@odata.type' $payload.payloadType)
@@ -209,7 +251,7 @@ function Get-EMIntuneFilterUsage
FiterObject = $filter FiterObject = $filter
PayloadObject = $payload PayloadObject = $payload
FilterName = $filter.displayName FilterName = $filter.displayName
PolicyName = $response.body.displayName PolicyName = ?? $response.body.Name $response.body.displayName
Type = $response.body.'@odata.type' Type = $response.body.'@odata.type'
PayloadType = $typeStr PayloadType = $typeStr
Mode = $filterType Mode = $filterType
@@ -217,6 +259,54 @@ function Get-EMIntuneFilterUsage
GroupName = $payload.groupId GroupName = $payload.groupId
} }
} }
foreach($response in ($responses | Where Status -ge 300))
{
$payload = ($batchObjs | Where { $response.id -like "$($_.ID)*"}).Payload
Write-Log "Failed to get info for payload with id $($payload.payloadId) of type $($payload.payloadType). Might be deleted or not supported." 2
}
}
foreach($payload in $payloadsManual)
{
$payloadPolicy = $script:enrolmentConfigurations | Where Id -like "$($payload.payloadId)*" | Select -First 1
if($payloadPolicy)
{
if($payloadPolicy.deviceEnrollmentConfigurationType -eq "enrollmentNotificationsConfiguration")
{
$typeStr = "Enrollment notifications"
}
elseif($payloadPolicy.deviceEnrollmentConfigurationType -eq "windows10EnrollmentCompletionPageConfiguration")
{
$typeStr = "Enrollment Status Page"
}
else
{
$typeStr = (Get-PolicyTypeName $payloadPolicy.body.'@odata.type' $payload.payloadType)
}
if($payload.assignmentFilterType -eq "Include")
{
$filterType = "Include"
}
else
{
$filterType = "Exclude"
}
$script:objFilterUsage += [PSCustomObject]@{
FiterObject = $filter
PayloadObject = $payload
FilterName = $filter.displayName
PolicyName = ?? $payloadPolicy.Name $payloadPolicy.displayName
Type = $payloadPolicy.'@odata.type'
PayloadType = $typeStr
Mode = $filterType
GroupID = $payload.groupId
GroupName = $payload.groupId
}
}
} }
} }
@@ -240,13 +330,13 @@ function Get-EMIntuneFilterUsage
if($groupObjs.Count -gt 0) if($groupObjs.Count -gt 0)
{ {
$responses = Invoke-GraphBatchRequest $groupObjs "Groups" $responses = Invoke-GraphBatchRequest $groupObjs "Groups"
<#
$batchObj = [ordered]@{ $batchObj = [ordered]@{
requests = @($groupObjs) requests = @($groupObjs)
} }
$responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses $responses = (Invoke-GraphRequest -Url "`$batch" -Body ($batchObj | ConvertTo-Json -Depth 50 -Compress) -Method "POST").responses
#>
foreach($response in ($responses | Where Status -eq 200)) foreach($response in ($responses | Where Status -eq 200))
{ {
if($response.body.displayName -and $response.body.id -and $loadedGroups.ContainsKey($response.body.id) -eq $false) if($response.body.displayName -and $response.body.id -and $loadedGroups.ContainsKey($response.body.id) -eq $false)
@@ -258,12 +348,15 @@ function Get-EMIntuneFilterUsage
foreach($groupID in $loadedGroups.Keys) foreach($groupID in $loadedGroups.Keys)
{ {
$filterObj = $script:objFilterUsage | WHere GroupID -eq $groupID $filterObjs = $script:objFilterUsage | WHere GroupID -eq $groupID
if($filterObj -and $loadedGroups[$groupID]) if($filterObjs -and $loadedGroups[$groupID])
{ {
$filterObj.GroupName = $loadedGroups[$groupID] foreach($filterObj in $filterObjs) {
$filterObj.GroupName = $loadedGroups[$groupID]
}
} }
} }
$script:enrolmentConfigurations = $null
} }
Add-XamlEvent $script:frmIntuneFilterUsage "txtIntuneFilterUsageFilter" "Add_LostFocus" ({ Add-XamlEvent $script:frmIntuneFilterUsage "txtIntuneFilterUsageFilter" "Add_LostFocus" ({

14
ReleaseNotes.md
View File

@@ -1,4 +1,18 @@
# Release Notes # Release Notes
## 3.9.4 - 2023-12-18
**Fixes**
- **Get Assignment Filter usage**<br />
- All policies that supports filter should now be collected<br />
Please create an issue if not all expected filters are listed<br />
Based on [Issue 141](https://github.com/Micke-K/IntuneManagement/issues/141)<br />
**NOTE:** Start the tool from: Views -> Intune Tools -> Intune Filter Usage<br />
- **Documentation**<br />
- Added support for documenting Conditional Access policies based on Workloads<br />
Not 100% tested. Please report if not documented correctly<br />
<br />
## 3.9.3 - 2023-12-11 ## 3.9.3 - 2023-12-11
**New features** **New features**