Techcommunity.microsoft.com
$Settings = Import-LocalizedData -BaseDirectory "C:\Scripts\" -FileName Settings.psd1 -UICulture "en-US"$User = $Settings.User$AADGroup = $Settings.AADGroup$Applications = $Settings.Applications$ExportPath = $Settings.ExportPathfunction Get-AuthToken {<#.SYNOPSISThis function is used to authenticate with the Graph API REST interface.DESCRIPTIONThe function authenticate with the Graph API Interface with the tenant name.EXAMPLEGet-AuthTokenAuthenticates you with the Graph API interface.NOTESNAME: Get-AuthToken#>[cmdletbinding()]param( [Parameter(Mandatory=$true)] $User)$userUpn = New-Object ".Mail.MailAddress" -ArgumentList $User$tenant = $userUpn.HostWrite-Host "Checking for AzureAD module..." $AadModule = Get-Module -Name "AzureAD" -ListAvailable if ($AadModule -eq $null) { Write-Host "AzureAD PowerShell module not found, looking for AzureADPreview" $AadModule = Get-Module -Name "AzureADPreview" -ListAvailable } if ($AadModule -eq $null) { write-host write-host "AzureAD Powershell module not installed..." -f Red write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow write-host "Script can't continue..." -f Red write-host exit }# Getting path to ActiveDirectory Assemblies# If the module count is greater than 1 find the latest version if($AadModule.count -gt 1){ $Latest_Version = ($AadModule | Select-Object version | Sort-Object)[-1] $aadModule = $AadModule | Where-Object { $_.version -eq $Latest_Version.version } # Checking if there are multiple versions of the same module found if($AadModule.count -gt 1){ $aadModule = $AadModule | Select-Object -Unique } $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll" } else { $adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll" $adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll" }[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"$redirectUri = "urn:ietf:wg:oauth:2.0:oob"$resourceAppIdURI = ""$authority = "$Tenant" try { $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority # # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession $platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto" $userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId") $authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$clientId,$redirectUri,$platformParameters,$userId).Result # If the accesstoken is valid then create the authentication header if($authResult.AccessToken){ # Creating header for Authorization token $authHeader = @{ 'Content-Type'='application/json' 'Authorization'="Bearer " + $authResult.AccessToken 'ExpiresOn'=$authResult.ExpiresOn } return $authHeader } else { Write-Host Write-Host "Authorization Access Token is null, please re-run authentication..." -ForegroundColor Red Write-Host break } } catch { write-host $_.Exception.Message -f Red write-host $_.Exception.ItemName -f Red write-host break }}####################################################Function Add-ApplicationAssignment(){<#.SYNOPSISThis function is used to add an application assignment using the Graph API REST interface.DESCRIPTIONThe function connects to the Graph API Interface and adds a application assignment.EXAMPLEAdd-ApplicationAssignment -ApplicationId $ApplicationId -TargetGroupId $TargetGroupId -InstallIntent $InstallIntentAdds an application assignment in Intune.NOTESNAME: Add-ApplicationAssignment#>[cmdletbinding()]param( $ApplicationId, $TargetGroupId, $InstallIntent)$graphApiVersion = "Beta"$Resource = "deviceAppManagement/mobileApps/$ApplicationId/assign" try { if(!$ApplicationId){ write-host "No Application Id specified, specify a valid Application Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } if(!$InstallIntent){ write-host "No Install Intent specified, specify a valid Install Intent - available, notApplicable, required, uninstall, availableWithoutEnrollment" -f Red break }$JSON = @"{ "mobileAppAssignments": [ { "@odata.type": "#microsoft.graph.mobileAppAssignment", "target": { "@odata.type": "#microsoft.graph.groupAssignmentTarget", "groupId": "$TargetGroupId" }, "intent": "$InstallIntent" } ]}"@ $uri = "$graphApiVersion/$($Resource)" Invoke-RestMethod -Uri $uri -Headers $authToken -Method POST -Body $JSON -ContentType "application/json" } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break }}####################################################Function Get-ApplicationAssignment(){ <# .SYNOPSIS This function is used to get an application assignment from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets an application assignment .EXAMPLE Get-ApplicationAssignment Returns an Application Assignment configured in Intune .NOTES NAME: Get-ApplicationAssignment #> [cmdletbinding()] param ( $ApplicationId ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps/$ApplicationId/assignments" try { if(!$ApplicationId){ write-host "No Application Id specified, specify a valid Application Id" -f Red break } else { $uri = "$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } ####################################################Function Get-AADGroup(){ <# .SYNOPSIS This function is used to get AAD Groups from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any Groups registered with AAD .EXAMPLE Get-AADGroup Returns all users registered with Azure AD .NOTES NAME: Get-AADGroup #> [cmdletbinding()] param ( $GroupName, $id, [switch]$Members ) # Defining Variables $graphApiVersion = "v1.0" $Group_resource = "groups" try { if($id){ $uri = "$graphApiVersion/$($Group_resource)?`$filter=id eq '$id'" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } elseif($GroupName -eq "" -or $GroupName -eq $null){ $uri = "$graphApiVersion/$($Group_resource)" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } else { if(!$Members){ $uri = "$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } elseif($Members){ $uri = "$graphApiVersion/$($Group_resource)?`$filter=displayname eq '$GroupName'" $Group = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value if($Group){ $GID = $Group.id $Group.displayName write-host $uri = "$graphApiVersion/$($Group_resource)/$GID/Members" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value } } } } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } ####################################################Function Get-IntuneApplication(){ <# .SYNOPSIS This function is used to get applications from the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and gets any applications added .EXAMPLE Get-IntuneApplication Returns any applications configured in Intune .NOTES NAME: Get-IntuneApplication #> [cmdletbinding()] param ( $Name ) $graphApiVersion = "Beta" $Resource = "deviceAppManagement/mobileApps" try { if($Name){ $uri = "$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") -and (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } else { $uri = "$graphApiVersion/$($Resource)" (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value | Where-Object { (!($_.'@odata.type').Contains("managed")) -and (!($_.'@odata.type').Contains("#microsoft.graph.iosVppApp")) } } } catch { $ex = $_.Exception Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } ####################################################Function Test-JSON(){ <# .SYNOPSIS This function is used to test if the JSON passed to a REST Post request is valid .DESCRIPTION The function tests if the JSON passed to the REST Post is valid .EXAMPLE Test-JSON -JSON $JSON Test if the JSON is valid before calling the Graph REST interface .NOTES NAME: Test-JSON #> param ( $JSON ) try { $TestJSON = ConvertFrom-Json $JSON -ErrorAction Stop $validJson = $true } catch { $validJson = $false $_.Exception } if (!$validJson){ Write-Host "Provided JSON isn't in valid JSON format" -f Red break } } #################################################### Function Export-JSONData(){ <# .SYNOPSIS This function is used to export JSON data returned from Graph .DESCRIPTION This function is used to export JSON data returned from Graph .EXAMPLE Export-JSONData -JSON $JSON Export the JSON inputted on the function .NOTES NAME: Export-JSONData #> param ( $JSON, $ExportPath ) try { if($JSON -eq "" -or $JSON -eq $null){ write-host "No JSON specified, please specify valid JSON..." -f Red } elseif(!$ExportPath){ write-host "No export path parameter set, please provide a path to export the file" -f Red } elseif(!(Test-Path $ExportPath)){ write-host "$ExportPath doesn't exist, can't export JSON Data" -f Red } else { $JSON1 = ConvertTo-Json $JSON $JSON_Convert = $JSON1 | ConvertFrom-Json $displayName = $JSON_Convert.displayName $Properties = ($JSON_Convert | Get-Member | ? { $_.MemberType -eq "NoteProperty" }).Name $displayName = $JSON_Convert.displayName $FileName_CSV = "$DisplayName" + "_" + $(get-date -f dd-MM-yyyy-H-mm-ss) + ".csv" $FileName_JSON = "$DisplayName" + "_" + $(get-date -f dd-MM-yyyy-H-mm-ss) + ".json" $Object = New-Object System.Object foreach($Property in $Properties){ $Object | Add-Member -MemberType NoteProperty -Name $Property -Value $JSON_Convert.$Property } write-host "Export Path:" "$ExportPath" $Object | Export-Csv -LiteralPath "$ExportPath\$FileName_CSV" -Delimiter "," -NoTypeInformation -Append $JSON1 | Set-Content -LiteralPath "$ExportPath\$FileName_JSON" write-host "CSV created in $ExportPath\$FileName_CSV..." -f cyan write-host "JSON created in $ExportPath\$FileName_JSON..." -f cyan } } catch { $_.Exception } } #################################################### #region Authenticationwrite-host# Checking if authToken exists before running authenticationif($global:authToken){ # Setting DateTime to Universal time to work in all timezones $DateTime = (Get-Date).ToUniversalTime() # If the authToken exists checking when it expires $TokenExpires = ($authToken.ExpiresOn.datetime - $DateTime).Minutes if($TokenExpires -le 0){ write-host "Authentication Token expired" $TokenExpires "minutes ago" -ForegroundColor Yellow write-host # Defining User Principal Name if not present if($User -eq $null -or $User -eq ""){ $User = Read-Host -Prompt "Please specify your user principal name for Azure Authentication" Write-Host } $global:authToken = Get-AuthToken -User $User }}# Authentication doesn't exist, calling Get-AuthToken functionelse { if($User -eq $null -or $User -eq ""){ $User = Read-Host -Prompt "Please specify your user principal name for Azure Authentication" Write-Host }# Getting the authorization token$global:authToken = Get-AuthToken -User $User}#endregion# Get the TargetGroupID for assigment of Apps$TargetGroupId = (get-AADGroup -GroupName "$AADGroup").id if($TargetGroupId -eq $null -or $TargetGroupId -eq ""){ Write-Host "AAD Group - '$AADGroup' doesn't exist, please specify a valid AAD Group..." -ForegroundColor Red Write-Host exit } $TargetGroupId # Assign Apps to Groupforeach($Application in $Applications){ $Intune_Apps = Get-IntuneApplication $Application | Select-Object displayName,id,'@odata.type' foreach($Intune_App in $Intune_Apps){ $Assignment = Get-ApplicationAssignment $Intune_App.id Export-JSONData -JSON $Assignment -ExportPath "$ExportPath" } $Intune_Apps | ForEach-Object { write-host $_.displayName -ForegroundColor Yellow write-host $_.id write-host $_.'@odata.type' Add-ApplicationAssignment -ApplicationId $_.Id -TargetGroupId $TargetGroupId -InstallIntent "Required" } } ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- getroman com reviews
- acurafinancialservices.com account management
- acurafinancialservices.com account ma
- getroman.com tv
- http cashier.95516.com bing
- http cashier.95516.com bingprivacy notice.pdf
- connected mcgraw hill com lausd
- education.com games play
- rushmorelm.com one time payment
- autotrader.com used cars
- b com 2nd year syllabus
- gmail.com sign in