Tomas Kracmar
c4b8f4aaf6
- Add Deploy-IntuneBaseline.ps1 for YAML-driven policy + assignment deployment - Add ConvertTo-IntuneBaseline.ps1 to convert export folders to baseline manifests - Add example OpenIntuneBaseline YAML in Baselines/ - Supports mutations, group auto-creation, idempotency, and WhatIf mode
82 lines
2.5 KiB
YAML
82 lines
2.5 KiB
YAML
baseline:
|
|
name: OpenIntuneBaseline-v3-Example
|
|
conflictResolution: Skip # Skip | Update | Error
|
|
whatIf: false
|
|
|
|
# Global name mutation applied to every policy (optional)
|
|
tenantMutation:
|
|
search: "OIB-"
|
|
replace: "CONTOSO-"
|
|
# Alternatively use prefix instead of search/replace:
|
|
# prefix: "CONTOSO-"
|
|
|
|
# Cloud-only security groups to create if they do not exist
|
|
groups:
|
|
- displayName: "Baseline - Windows Devices"
|
|
mailNickname: "BaselineWinDevices"
|
|
securityEnabled: true
|
|
- displayName: "Baseline - macOS Devices"
|
|
mailNickname: "BaselineMacDevices"
|
|
securityEnabled: true
|
|
- displayName: "Baseline - Pilot Users"
|
|
mailNickname: "BaselinePilotUsers"
|
|
securityEnabled: true
|
|
|
|
policies:
|
|
# Device Configuration
|
|
- sourcePath: ./policies/OIB-Windows-Defender-ASR.json
|
|
type: DeviceConfiguration
|
|
assignments:
|
|
- targetType: Group
|
|
groupName: "Baseline - Windows Devices"
|
|
|
|
# Settings Catalog (uses 'name' instead of displayName)
|
|
- sourcePath: ./policies/OIB-SettingsCatalog-LoginWindow.json
|
|
type: SettingsCatalog
|
|
# Per-policy mutation override
|
|
mutation:
|
|
search: "OIB-"
|
|
replace: "CONTOSO-"
|
|
assignments:
|
|
- targetType: Group
|
|
groupName: "Baseline - macOS Devices"
|
|
- targetType: AllDevices
|
|
|
|
# Compliance Policy
|
|
- sourcePath: ./policies/OIB-Compliance-Windows.json
|
|
type: CompliancePolicies
|
|
assignments:
|
|
- targetType: Group
|
|
groupName: "Baseline - Windows Devices"
|
|
|
|
# Endpoint Security (DeviceManagementIntents)
|
|
# If a sibling file *_Settings.json exists, it will be imported automatically.
|
|
- sourcePath: ./policies/OIB-EndpointSecurity-Defender.json
|
|
type: EndpointSecurity
|
|
assignments:
|
|
- targetType: Group
|
|
groupName: "Baseline - Windows Devices"
|
|
|
|
# Administrative Templates
|
|
- sourcePath: ./policies/OIB-ADMX-OfficeSettings.json
|
|
type: AdministrativeTemplates
|
|
assignments:
|
|
- targetType: Group
|
|
groupName: "Baseline - Pilot Users"
|
|
|
|
# macOS Script
|
|
- sourcePath: ./policies/OIB-MacScript-CompanyBranding.json
|
|
type: MacScripts
|
|
assignments:
|
|
- targetType: Group
|
|
groupName: "Baseline - macOS Devices"
|
|
|
|
# Application (metadata JSON only; .intunewin binary upload is NOT handled here)
|
|
- sourcePath: ./apps/OIB-CompanyPortal.json
|
|
type: Applications
|
|
assignments:
|
|
- targetType: AllUsers
|
|
intent: Available
|
|
- targetType: AllDevices
|
|
intent: Required
|