forked from iBowler1995/Functions-Intune-Graph
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-IntuneCompliancePolicy.ps1
101 lines (82 loc) · 3.82 KB
/
Get-IntuneCompliancePolicy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
function Get-IntuneCompliancePolicy {
<#
IMPORTANT:
===========================================================================
This script is provided 'as is' without any warranty. Any issues stemming
from use is on the user.
===========================================================================
.DESCRIPTION
Retrieves Intune compliancy policy.
Things to change to deploy in your environment:
Line 36: replace x with clientID of your reigstered app. See https://docs.microsoft.com/en-us/graph/auth-v2-user for more info.
===========================================================================
.PARAMETER Policy
Required if not using All switch - Name of the compliance policy to retrieve.
.PARAMETER All
Retrieves all Intune compliance policies.
.PARAMETER Status
Returns device status for the specified compliance policy.
===========================================================================
.EXAMPLE
Get-IntuneCompliancePolicy -Policy StandardUser <--- Retrieves StandardUser compliance policy
Get-IntuneCompliancePolicy -Policy StandardUser -Status <--- Retrieves StandardUser compliance policy device status
#>
[CmdletBinding()]
param (
[Parameter()]
[String]$Policy,
[Parameter()]
[Switch]$All,
[Parameter()]
[Switch]$Status
)
$token = Get-MsalToken -clientid x -tenantid organizations
$global:header = @{'Authorization' = $token.createauthorizationHeader();'ConsistencyLevel' = 'eventual'}
If (!$Policy -and $All){
$Uri = "https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies"
Try {
(Invoke-RestMethod -Uri $Uri -Headers $Header).value
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
}
elseif ($Policy -and !$All -and !$Status){
$Uri = "https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies?`$filter=displayName%20eq%20'$Policy'"
Try {
(Invoke-RestMethod -Uri $Uri -Headers $Header).value
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
}
elseif ($Policy -and !$All -and $Status){
$Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?`$filter=displayName%20eq%20'$Policy'"
Try {
$CompliancePolicy = (Invoke-RestMethod -Uri $Uri -Headers $Header -Method GET).value
$CompliancePolicyId = $CompliancePolicy | select -expand id
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
Try {
$Uri = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/$CompliancePolicyId/deviceStatuses"
(Invoke-RestMethod -Uri $Uri -Headers $Header).value | select id,deviceDisplayName,LastReportedDateTime,status,userPrincipalName
}
catch{
$ResponseResult = $_.Exception.Response.GetResponseStream()
$ResponseReader = New-Object System.IO.StreamReader($ResponseResult)
$ResponseBody = $ResponseReader.ReadToEnd()
$ResponseBody
}
}
}