312 lines
8.0 KiB
PowerShell
312 lines
8.0 KiB
PowerShell
function Get-DefaultIntunePolicyObjectTypes
|
|
{
|
|
@(
|
|
"DeviceConfiguration",
|
|
"SettingsCatalog",
|
|
"AdministrativeTemplates",
|
|
"CompliancePolicies",
|
|
"EndpointSecurity",
|
|
"PolicySets"
|
|
)
|
|
}
|
|
|
|
function Get-IntuneManagementProjectRoot
|
|
{
|
|
Split-Path -Parent $PSScriptRoot
|
|
}
|
|
|
|
function Resolve-HeadlessSettingsPath
|
|
{
|
|
param([string]$SettingsFile)
|
|
|
|
if($SettingsFile)
|
|
{
|
|
return $SettingsFile
|
|
}
|
|
|
|
Join-Path ([IO.Path]::GetTempPath()) "IntuneManagement.Settings.json"
|
|
}
|
|
|
|
function New-TemporaryBatchFile
|
|
{
|
|
param([string]$Prefix)
|
|
|
|
Join-Path ([IO.Path]::GetTempPath()) ("IntuneManagement.{0}.{1}.json" -f $Prefix, [guid]::NewGuid().ToString())
|
|
}
|
|
|
|
function Test-AuthParameters
|
|
{
|
|
param(
|
|
[string]$Secret,
|
|
[string]$Certificate
|
|
)
|
|
|
|
if((-not $Secret) -and (-not $Certificate))
|
|
{
|
|
throw "Specify -Secret or -Certificate."
|
|
}
|
|
}
|
|
|
|
function Invoke-IntuneHeadlessBatch
|
|
{
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$TenantId,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$AppId,
|
|
|
|
[string]$Secret,
|
|
|
|
[string]$Certificate,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[psobject]$BatchConfig,
|
|
|
|
[string]$SettingsFile,
|
|
|
|
[string]$BatchFile
|
|
)
|
|
|
|
Test-AuthParameters -Secret $Secret -Certificate $Certificate
|
|
|
|
$projectRoot = Get-IntuneManagementProjectRoot
|
|
$startScript = Join-Path $projectRoot "Start-IntuneManagement.ps1"
|
|
|
|
if(-not (Test-Path $startScript))
|
|
{
|
|
throw "Could not find Start-IntuneManagement.ps1 in $projectRoot"
|
|
}
|
|
|
|
$settingsPath = Resolve-HeadlessSettingsPath $SettingsFile
|
|
|
|
$deleteBatchFile = $false
|
|
if(-not $BatchFile)
|
|
{
|
|
$BatchFile = New-TemporaryBatchFile "Batch"
|
|
$deleteBatchFile = $true
|
|
}
|
|
|
|
try
|
|
{
|
|
$BatchConfig | ConvertTo-Json -Depth 20 | Out-File -LiteralPath $BatchFile -Encoding utf8 -Force
|
|
|
|
$invokeParams = @{
|
|
Silent = $true
|
|
JSonSettings = $true
|
|
JSonFile = $settingsPath
|
|
TenantId = $TenantId
|
|
AppId = $AppId
|
|
SilentBatchFile = $BatchFile
|
|
}
|
|
|
|
if($Secret)
|
|
{
|
|
$invokeParams.Secret = $Secret
|
|
}
|
|
else
|
|
{
|
|
$invokeParams.Certificate = $Certificate
|
|
}
|
|
|
|
& $startScript @invokeParams
|
|
}
|
|
finally
|
|
{
|
|
if($deleteBatchFile -and (Test-Path $BatchFile))
|
|
{
|
|
Remove-Item -LiteralPath $BatchFile -Force -ErrorAction SilentlyContinue
|
|
}
|
|
}
|
|
}
|
|
|
|
function Export-IntunePolicies
|
|
{
|
|
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$TenantId,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$AppId,
|
|
|
|
[string]$Secret,
|
|
|
|
[string]$Certificate,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$ExportPath,
|
|
|
|
[string]$SettingsFile,
|
|
|
|
[string]$BatchFile,
|
|
|
|
[string]$NameFilter = "",
|
|
|
|
[string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
|
|
|
|
[switch]$IncludeAssignments,
|
|
|
|
[switch]$AddCompanyName
|
|
)
|
|
|
|
$batchConfig = [PSCustomObject]@{
|
|
BulkExport = @(
|
|
[PSCustomObject]@{ Name = "txtExportPath"; Value = $ExportPath },
|
|
[PSCustomObject]@{ Name = "txtExportNameFilter"; Value = $NameFilter },
|
|
[PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
|
|
[PSCustomObject]@{ Name = "chkExportAssignments"; Value = $IncludeAssignments.IsPresent },
|
|
[PSCustomObject]@{ Name = "chkAddCompanyName"; Value = $AddCompanyName.IsPresent },
|
|
[PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
|
|
)
|
|
}
|
|
|
|
Invoke-IntuneHeadlessBatch `
|
|
-TenantId $TenantId `
|
|
-AppId $AppId `
|
|
-Secret $Secret `
|
|
-Certificate $Certificate `
|
|
-BatchConfig $batchConfig `
|
|
-SettingsFile $SettingsFile `
|
|
-BatchFile $BatchFile
|
|
}
|
|
|
|
function Import-IntunePolicies
|
|
{
|
|
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$TenantId,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$AppId,
|
|
|
|
[string]$Secret,
|
|
|
|
[string]$Certificate,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$ImportPath,
|
|
|
|
[string]$SettingsFile,
|
|
|
|
[string]$BatchFile,
|
|
|
|
[string]$NameFilter = "",
|
|
|
|
[ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
|
|
[string]$ImportType = "alwaysImport",
|
|
|
|
[string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
|
|
|
|
[switch]$IncludeAssignments,
|
|
|
|
[switch]$IncludeScopeTags,
|
|
|
|
[switch]$ReplaceDependencyIds
|
|
)
|
|
|
|
$batchConfig = [PSCustomObject]@{
|
|
BulkImport = @(
|
|
[PSCustomObject]@{ Name = "txtImportPath"; Value = $ImportPath },
|
|
[PSCustomObject]@{ Name = "txtImportNameFilter"; Value = $NameFilter },
|
|
[PSCustomObject]@{ Name = "chkAddObjectType"; Value = $true },
|
|
[PSCustomObject]@{ Name = "chkImportScopes"; Value = $IncludeScopeTags.IsPresent },
|
|
[PSCustomObject]@{ Name = "chkImportAssignments"; Value = $IncludeAssignments.IsPresent },
|
|
[PSCustomObject]@{ Name = "chkReplaceDependencyIDs"; Value = $ReplaceDependencyIds.IsPresent },
|
|
[PSCustomObject]@{ Name = "cbImportType"; Value = $ImportType },
|
|
[PSCustomObject]@{ Name = "ObjectTypes"; Type = "Custom"; ObjectTypes = @($ObjectTypes) }
|
|
)
|
|
}
|
|
|
|
Invoke-IntuneHeadlessBatch `
|
|
-TenantId $TenantId `
|
|
-AppId $AppId `
|
|
-Secret $Secret `
|
|
-Certificate $Certificate `
|
|
-BatchConfig $batchConfig `
|
|
-SettingsFile $SettingsFile `
|
|
-BatchFile $BatchFile
|
|
}
|
|
|
|
function Invoke-IntunePolicyAction
|
|
{
|
|
[CmdletBinding(DefaultParameterSetName = 'Export')]
|
|
param(
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateSet("Export","Import")]
|
|
[string]$Action,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$TenantId,
|
|
|
|
[Parameter(Mandatory = $true)]
|
|
[string]$AppId,
|
|
|
|
[string]$Secret,
|
|
|
|
[string]$Certificate,
|
|
|
|
[string]$SettingsFile,
|
|
|
|
[string]$BatchFile,
|
|
|
|
[string]$NameFilter = "",
|
|
|
|
[string[]]$ObjectTypes = (Get-DefaultIntunePolicyObjectTypes),
|
|
|
|
[string]$ExportPath,
|
|
|
|
[string]$ImportPath,
|
|
|
|
[ValidateSet("alwaysImport","skipIfExist","replace","replace_with_assignments","update")]
|
|
[string]$ImportType = "alwaysImport",
|
|
|
|
[switch]$IncludeAssignments,
|
|
|
|
[switch]$AddCompanyName,
|
|
|
|
[switch]$IncludeScopeTags,
|
|
|
|
[switch]$ReplaceDependencyIds
|
|
)
|
|
|
|
switch($Action)
|
|
{
|
|
"Export"
|
|
{
|
|
if(-not $ExportPath) { throw "Export requires -ExportPath." }
|
|
Export-IntunePolicies `
|
|
-TenantId $TenantId `
|
|
-AppId $AppId `
|
|
-Secret $Secret `
|
|
-Certificate $Certificate `
|
|
-ExportPath $ExportPath `
|
|
-SettingsFile $SettingsFile `
|
|
-BatchFile $BatchFile `
|
|
-NameFilter $NameFilter `
|
|
-ObjectTypes $ObjectTypes `
|
|
-IncludeAssignments:$IncludeAssignments `
|
|
-AddCompanyName:$AddCompanyName
|
|
}
|
|
"Import"
|
|
{
|
|
if(-not $ImportPath) { throw "Import requires -ImportPath." }
|
|
Import-IntunePolicies `
|
|
-TenantId $TenantId `
|
|
-AppId $AppId `
|
|
-Secret $Secret `
|
|
-Certificate $Certificate `
|
|
-ImportPath $ImportPath `
|
|
-SettingsFile $SettingsFile `
|
|
-BatchFile $BatchFile `
|
|
-NameFilter $NameFilter `
|
|
-ImportType $ImportType `
|
|
-ObjectTypes $ObjectTypes `
|
|
-IncludeAssignments:$IncludeAssignments `
|
|
-IncludeScopeTags:$IncludeScopeTags `
|
|
-ReplaceDependencyIds:$ReplaceDependencyIds
|
|
}
|
|
}
|
|
}
|