Public/Add-DeviceConfigurationPolicyAssignment.ps1
|
Function Add-DeviceConfigurationPolicyAssignment(){ <# .SYNOPSIS This function is used to add a device configuration policy assignment using the Graph API REST interface .DESCRIPTION The function connects to the Graph API Interface and adds a device configuration policy assignment .EXAMPLE Add-DeviceConfigurationPolicyAssignment -ConfigurationPolicyId $ConfigurationPolicyId -TargetGroupId $TargetGroupId -AssignmentType Included Adds a device configuration policy assignment in Intune .NOTES NAME: Add-DeviceConfigurationPolicyAssignment #> [cmdletbinding()] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $ConfigurationPolicyId, [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $TargetGroupId, [parameter(Mandatory=$true)] [ValidateSet("Included","Excluded")] [ValidateNotNullOrEmpty()] [string]$AssignmentType ) $graphApiVersion = "Beta" $Resource = "deviceManagement/deviceConfigurations/$ConfigurationPolicyId/assign" try { if(!$ConfigurationPolicyId){ write-host "No Configuration Policy Id specified, specify a valid Configuration Policy Id" -f Red break } if(!$TargetGroupId){ write-host "No Target Group Id specified, specify a valid Target Group Id" -f Red break } # Checking if there are Assignments already configured in the Policy $DCPA = Get-DeviceConfigurationPolicyAssignment -id $ConfigurationPolicyId $TargetGroups = @() if(@($DCPA).count -ge 1){ if($DCPA.targetGroupId -contains $TargetGroupId){ Write-Host "Group with Id '$TargetGroupId' already assigned to Policy..." -ForegroundColor Red Write-Host break } # Looping through previously configured assignements $DCPA | foreach { $TargetGroup = New-Object -TypeName psobject if($_.excludeGroup -eq $true){ $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } else { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value $_.targetGroupId $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target } # Adding new group to psobject $TargetGroup = New-Object -TypeName psobject if($AssignmentType -eq "Excluded"){ $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif($AssignmentType -eq "Included") { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value "$TargetGroupId" $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups += $Target } else { # No assignments configured creating new JSON object of group assigned $TargetGroup = New-Object -TypeName psobject if($AssignmentType -eq "Excluded"){ $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.exclusionGroupAssignmentTarget' } elseif($AssignmentType -eq "Included") { $TargetGroup | Add-Member -MemberType NoteProperty -Name '@odata.type' -Value '#microsoft.graph.groupAssignmentTarget' } $TargetGroup | Add-Member -MemberType NoteProperty -Name 'groupId' -Value "$TargetGroupId" $Target = New-Object -TypeName psobject $Target | Add-Member -MemberType NoteProperty -Name 'target' -Value $TargetGroup $TargetGroups = $Target } # Creating JSON object to pass to Graph $Output = New-Object -TypeName psobject $Output | Add-Member -MemberType NoteProperty -Name 'assignments' -Value @($TargetGroups) $JSON = $Output | ConvertTo-Json -Depth 3 # POST to Graph Service $uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)" $Method = "POST" Invoke-MgGraphRequest -Method $Method -uri $uri -Body $JSON } catch { $ex = $_.Exception $errorResponse = $ex.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); Write-Host "Response content:`n$responseBody" -f Red Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)" write-host break } } |