DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $True)]
        [System.String]
        $Identity,

        [Parameter()]
        [System.String]
        $DisplayName,

        [Parameter()]
        [System.String]
        $Description,

        [Parameter()]
        [System.String[]]
        $AttackSurfaceReductionOnlyExclusions,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $AttackSurfaceReductionRules,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAbuseOfExploitedVulnerableSignedDrivers,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAdobeReaderFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAllOfficeApplicationsFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutableContentFromEmailClientAndWebmail,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutionOfPotentiallyObfuscatedScripts,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeApplicationsFromCreatingExecutableContent,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeCommunicationAppFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockPersistenceThroughWMIEventSubscription,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockProcessCreationsFromPSExecAndWMICommands,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockUntrustedUnsignedProcessesThatRunFromUSB,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockWin32APICallsFromOfficeMacros,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $UseAdvancedProtectionAgainstRansomware,

        [Parameter()]
        [System.String[]]
        $ControlledFolderAccessProtectedFolders,

        [Parameter()]
        [System.String[]]
        $ControlledFolderAccessAllowedApplications,

        [Parameter()]
        [ValidateSet("0", "1","2")]
        [System.String]
        $EnableControlledFolderAccess,

        [Parameter(Mandatory = $True)]
        [System.String]
        [ValidateSet('Absent', 'Present')]
        $Ensure = $true,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $ApplicationSecret,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )

    Write-Verbose -Message "Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"

    $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
        -InboundParameters $PSBoundParameters `
        -ProfileName 'beta' -ErrorAction Stop

    $context=Get-MgContext
    if($null -eq $context)
    {
        $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
            -InboundParameters $PSBoundParameters -ErrorAction Stop -ProfileName 'beta'
    }

    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
    $CommandName  = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    $nullResult = $PSBoundParameters
    $nullResult.Ensure = 'Absent'

    try
    {
        #Retrieve policy general settings
        $policy = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop

        if ($null -eq $policy)
        {
            Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy {$Identity} was found"
            return $nullResult
        }

        #Retrieve policy specific settings
        [array]$settings = Get-MgDeviceManagementConfigurationPolicySetting `
            -DeviceManagementConfigurationPolicyId $Identity `
            -ErrorAction Stop

        $settingDefinitionIdBase="device_vendor_msft_policy_config_defender_"
        $returnHashtable=@{}
        $returnHashtable.Add("Identity",$Identity)
        $returnHashtable.Add("DisplayName",$policy.name)
        $returnHashtable.Add("Description",$policy.description)

        #write-host ($settings|out-string)
        foreach ($setting in $settings.SettingInstance.AdditionalProperties)
        {
            switch ($setting."@odata.type")
            {
                "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance" {
                    foreach($settingInstance in $setting.groupSettingCollectionValue.children)
                    {
                        $prefix="attacksurfacereductionrules_"
                        $settingDefinitionIdPrefix=$settingDefinitionIdBase+$prefix
                        $settingName=$settingInstance.settingDefinitionId.replace("$settingDefinitionIdPrefix","")
                        $settingValue= $settingInstance.choiceSettingValue.value.replace("$settingDefinitionIdPrefix$settingName`_","")
                        $returnHashtable.Add($settingName,$settingValue)
                    }
                }
                "#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance"
                {
                    $settingName=$setting.settingDefinitionId.replace("$settingDefinitionIdBase","")
                    [String]$settingValue= $setting.choiceSettingValue.value.replace("$settingDefinitionIdBase$settingName`_","")
                    $returnHashtable.Add($settingName,$settingValue)
                }
                "#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance"
                {
                    $settingName=$setting.settingDefinitionId.replace("$settingDefinitionIdBase","")
                    [Array]$settingValue= $setting.simpleSettingCollectionValue.value
                    $returnHashtable.Add($settingName,$settingValue)
                }
                Default {}
            }

        }

        Write-Verbose -Message "Found Endpoint Protection Attack Surface Protection rules Policy {$($policy.name)}"

        $returnHashtable.Add("Ensure","Present")
        $returnHashtable.Add("Credential",$Credential)
        $returnHashtable.Add("ApplicationId",$ApplicationId)
        $returnHashtable.Add("TenantId",$TenantId)
        $returnHashtable.Add("ApplicationSecret",$ApplicationSecret)
        $returnHashtable.Add("CertificateThumbprint",$CertificateThumbprint)

        return $returnHashtable
    }
    catch
    {
        try
        {
            Write-Verbose -Message $_
            $tenantIdValue = ""
            $tenantIdValue = $Credential.UserName.Split('@')[1]
            Add-M365DSCEvent -Message $_ -EntryType 'Error' `
                -EventID 1 -Source $($MyInvocation.MyCommand.Source) `
                -TenantId $tenantIdValue
        }
        catch
        {
            Write-Verbose -Message $_
        }
        return $nullResult
    }
}

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $True)]
        [System.String]
        $Identity,

        [Parameter()]
        [System.String]
        $DisplayName,

        [Parameter()]
        [System.String]
        $Description,

        [Parameter()]
        [System.String[]]
        $AttackSurfaceReductionOnlyExclusions,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $AttackSurfaceReductionRules,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAbuseOfExploitedVulnerableSignedDrivers,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAdobeReaderFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAllOfficeApplicationsFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutableContentFromEmailClientAndWebmail,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutionOfPotentiallyObfuscatedScripts,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeApplicationsFromCreatingExecutableContent,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeCommunicationAppFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockPersistenceThroughWMIEventSubscription,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockProcessCreationsFromPSExecAndWMICommands,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockUntrustedUnsignedProcessesThatRunFromUSB,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockWin32APICallsFromOfficeMacros,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $UseAdvancedProtectionAgainstRansomware,

        [Parameter()]
        [System.String[]]
        $ControlledFolderAccessProtectedFolders,

        [Parameter()]
        [System.String[]]
        $ControlledFolderAccessAllowedApplications,

        [Parameter()]
        [ValidateSet("0", "1","2")]
        [System.String]
        $EnableControlledFolderAccess,

        [Parameter(Mandatory = $True)]
        [System.String]
        [ValidateSet('Absent', 'Present')]
        $Ensure = $true,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $ApplicationSecret,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )

    $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
        -InboundParameters $PSBoundParameters `
        -ProfileName 'beta'

    Select-MgProfile -Name 'beta'
    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
    $CommandName  = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    $currentPolicy = Get-TargetResource @PSBoundParameters
    $PSBoundParameters.Remove("Ensure") | Out-Null
    $PSBoundParameters.Remove("Credential") | Out-Null
    $PSBoundParameters.Remove("ApplicationId") | Out-Null
    $PSBoundParameters.Remove("TenantId") | Out-Null
    $PSBoundParameters.Remove("ApplicationSecret") | Out-Null
    $PSBoundParameters.Remove("CertificateThumbprint") | Out-Null

    if ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Absent')
    {
        Write-Verbose -Message "Creating new Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"

        $settings= Format-M365DSCIntuneSettingCatalogASRRulesPolicySettings `
            -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) `
            -SettingDefinitionIDBase "device_vendor_msft_policy_config_defender_"

        $Template = Get-MgDeviceManagementConfigurationPolicyTemplate -DeviceManagementConfigurationPolicyTemplateId 'e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1'

        New-MgDeviceManagementConfigurationPolicy `
            -Name $DisplayName `
            -Description $Description `
            -TemplateReference $Template `
            -Platforms "windows10" `
            -Technologies "mdm,microsoftSense" `
            -Settings $settings

    }
    elseif ($Ensure -eq 'Present' -and $currentPolicy.Ensure -eq 'Present')
    {
        Write-Verbose -Message "Updating existing Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"

        $settings= Format-M365DSCIntuneSettingCatalogASRRulesPolicySettings `
            -DSCParams ([System.Collections.Hashtable]$PSBoundParameters) `
            -SettingDefinitionIDBase "device_vendor_msft_policy_config_defender_"

        $Template = Get-MgDeviceManagementConfigurationPolicyTemplate -DeviceManagementConfigurationPolicyTemplateId 'e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1'

        Update-MgDeviceManagementConfigurationPolicy `
            -DeviceManagementConfigurationPolicyId $Identity `
            -Name $DisplayName `
            -Description $Description `
            -TemplateReference $Template `
            -Platforms "windows10" `
            -Technologies "mdm,microsoftSense" `
            -Settings $settings

    }
    elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present')
    {
        Write-Verbose -Message "Removing Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"
        Remove-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity
    }
}

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter(Mandatory = $True)]
        [System.String]
        $Identity,

        [Parameter()]
        [System.String]
        $DisplayName,

        [Parameter()]
        [System.String]
        $Description,

        [Parameter()]
        [System.String[]]
        $AttackSurfaceReductionOnlyExclusions,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $AttackSurfaceReductionRules,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAbuseOfExploitedVulnerableSignedDrivers,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAdobeReaderFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockAllOfficeApplicationsFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutableContentFromEmailClientAndWebmail,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockExecutionOfPotentiallyObfuscatedScripts,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeApplicationsFromCreatingExecutableContent,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockOfficeCommunicationAppFromCreatingChildProcesses,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockPersistenceThroughWMIEventSubscription,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockProcessCreationsFromPSExecAndWMICommands,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockUntrustedUnsignedProcessesThatRunFromUSB,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $BlockWin32APICallsFromOfficeMacros,

        [Parameter()]
        [ValidateSet("off", "block","audit", "warn")]
        [System.String]
        $UseAdvancedProtectionAgainstRansomware,

        [Parameter()]
        [System.String[]]
        $ControlledFolderAccessProtectedFolders,

        [Parameter()]
        [System.String[]]
        $ControlledFolderAccessAllowedApplications,

        [Parameter()]
        [ValidateSet("0", "1","2")]
        [System.String]
        $EnableControlledFolderAccess,

        [Parameter(Mandatory = $True)]
        [System.String]
        [ValidateSet('Absent', 'Present')]
        $Ensure = $true,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $ApplicationSecret,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
    $CommandName  = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion
    Write-Verbose -Message "Testing configuration of Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"

    $CurrentValues = Get-TargetResource @PSBoundParameters

    Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
    Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"

    $ValuesToCheck = $PSBoundParameters
    $ValuesToCheck.Remove('Credential') | Out-Null
    $ValuesToCheck.Remove('ApplicationId') | Out-Null
    $ValuesToCheck.Remove('TenantId') | Out-Null
    $ValuesToCheck.Remove('ApplicationSecret') | Out-Null

    $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
        -Source $($MyInvocation.MyCommand.Source) `
        -DesiredValues $PSBoundParameters `
        -ValuesToCheck $ValuesToCheck.Keys

    Write-Verbose -Message "Test-TargetResource returned $TestResult"

    return $TestResult
}

function Export-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.String])]
    param
    (
        [Parameter()]
        [System.String]
        $Filter,

        [Parameter()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $ApplicationSecret,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )

    $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
        -InboundParameters $PSBoundParameters `
        -SkipModuleReload:$true

    Select-MgProfile -Name 'Beta'
    #Ensure the proper dependencies are installed in the current environment.
    Confirm-M365DSCDependencies

    #region Telemetry
    $ResourceName = $MyInvocation.MyCommand.ModuleName -replace "MSFT_", ""
    $CommandName  = $MyInvocation.MyCommand
    $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
        -CommandName $CommandName `
        -Parameters $PSBoundParameters
    Add-M365DSCTelemetryEvent -Data $data
    #endregion

    $dscContent = ''
    $i = 1

    try
    {
        $policyTemplateID='e8c053d6-9f95-42b1-a7f1-ebfd71c67a4b_1'
        [array]$policies = Get-MgDeviceManagementConfigurationPolicy `
            -ErrorAction Stop `
            -All:$true `
            -Filter $Filter
        $policies = $policies | Where-Object -FilterScript {$_.TemplateReference.TemplateId -eq $policyTemplateId}

        if ($policies.Length -eq 0)
        {
            Write-Host $Global:M365DSCEmojiGreenCheckMark
        }
        else
        {
            Write-Host "`r`n" -NoNewLine
        }
        foreach ($policy in $policies)
        {
            Write-Host " |---[$i/$($policies.Count)] $($policy.Name)" -NoNewline

            $params = @{
                Identity                            = $policy.id
                Ensure                              = 'Present'
                Credential                          = $Credential
                ApplicationId                       = $ApplicationId
                TenantId                            = $TenantId
                ApplicationSecret                   = $ApplicationSecret
                CertificateThumbprint               = $CertificateThumbprint
            }

            $Results = Get-TargetResource @params

            if ($Results.Ensure -eq 'Present')
            {
                $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
                    -Results $Results
                $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
                    -ConnectionMode $ConnectionMode `
                    -ModulePath $PSScriptRoot `
                    -Results $Results `
                    -Credential $Credential
                $dscContent += $currentDSCBlock
                Save-M365DSCPartialExport -Content $currentDSCBlock `
                    -FileName $Global:PartialExportFileName

                Write-Host $Global:M365DSCEmojiGreenCheckMark
                $i++
            }
        }
        return $dscContent
    }
    catch
    {
        Write-Host $Global:M365DSCEmojiRedX
        if ($_.Exception -like '*401*')
        {
            Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune."
        }
        try
        {
            Write-Verbose -Message $_
            $tenantIdValue = $Credential.UserName.Split('@')[1]

            Add-M365DSCEvent -Message $_ -EntryType 'Error' `
                -EventID 1 -Source $($MyInvocation.MyCommand.Source) `
                -TenantId $tenantIdValue
        }
        catch
        {
            Write-Verbose -Message $_
        }
        return ""
    }
}

function Format-M365DSCParamsToSettingInstance
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param(
        [Parameter(Mandatory = 'true')]
        [System.Collections.Hashtable]
        $DSCParams,

        [Parameter()]
        [System.String]
        $SettingDefinitionIdBase,

        [Parameter(
            ParameterSetName='GroupSettingCollectionInstance'
        )]
        [System.String]
        $GroupSettingDefinitionIdName,

        [Parameter()]
        [System.String]
        $SettingInstanceTemplateId,

        [Parameter()]
        [System.String]
        $SettingValueTemplateId
    )

    $DSCParams.Remove("Verbose") | Out-Null
    $results = @()

    if(-Not[string]::IsNullOrEmpty($GroupSettingDefinitionIdName))
    {
        $settingInstance=[ordered]@{}
        $settingInstance.add("@odata.type","#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance")
        $settingInstance.add("settingDefinitionId",$GroupSettingDefinitionIdName)
        $settingInstance.add("settingInstanceTemplateReference",@{"settingInstanceTemplateId"=$settingInstanceTemplateId})
        $groupSettingCollectionValues=@()

        $groupSettingCollectionValueChildren= Format-M365DSCParamsToSettingInstance `
            -DSCParams $DSCParams `
            -SettingDefinitionIdBase "$GroupSettingDefinitionIdName`_"

        $groupSettingCollectionValue=@{}
        $groupSettingCollectionValue.add("children",$groupSettingCollectionValueChildren)
        $groupSettingCollectionValues+=$groupSettingCollectionValue
        $settingInstance.add("groupSettingCollectionValue",$groupSettingCollectionValues)
        $results += $settingInstance
        return $results
    }

    foreach ($param in $DSCParams.Keys)
    {
        $settingName= $param
        $settingIdentity=($SettingDefinitionIdBase+$settingName).ToLower()

        $settingDefinition= Get-MgDeviceManagementConfigurationPolicySetting -DeviceManagementConfigurationPolicyId $settingIdentity

        $settingInstance=[ordered]@{}

        switch ($settingDefinition."@odata.type")
        {
            "#microsoft.graph.deviceManagementConfigurationChoiceSettingDefinition"
            {
                $settingInstance.add("@odata.type","#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance")
                $settingInstance.add("settingDefinitionId",$settingIdentity)
                if(-Not [string]::IsNullOrEmpty($settingInstanceTemplateId))
                {
                    $settingInstance.add("settingInstanceTemplateReference",@{"settingInstanceTemplateId"=$SettingInstanceTemplateId})
                }
                $choiceSettingValue=[ordered]@{}
                $choiceSettingValue.add("children",@())
                if(-Not [string]::IsNullOrEmpty($settingValueTemplateId))
                {
                    $choiceSettingValue.add("settingValueTemplateReference",@{"settingValueTemplateId"=$SettingValueTemplateId})
                }
                $choiceSettingValue.add("value","$settingIdentity`_$($DSCParams.$param)")
                $settingInstance.add("choiceSettingValue",$choiceSettingValue)
                $results+=$settingInstance
            }
            "#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionDefinition"
            {
                $settingInstance.add("@odata.type","#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance")
                $settingInstance.add("settingDefinitionId",$settingIdentity)
                if(-Not [string]::IsNullOrEmpty($settingInstanceTemplateId))
                {
                    $settingInstance.add("settingInstanceTemplateReference",@{"settingInstanceTemplateId"=$SettingInstanceTemplateId})
                }
                $simpleSettingCollectionValues=@()
                foreach($value in $DSCParams.$param)
                {
                    $simpleSettingCollectionValue=@{}
                    $simpleSettingCollectionValue.add("@odata.type","#microsoft.graph.deviceManagementConfigurationStringSettingValue")
                    $simpleSettingCollectionValue.add("value",$value)
                    $simpleSettingCollectionValues+=$simpleSettingCollectionValue
                }
                $settingInstance.add("simpleSettingCollectionValue",$simpleSettingCollectionValues)
                $results+=$settingInstance
            }
            Default {}
        }
    }
    return $results
}

function Format-M365DSCIntuneSettingCatalogASRRulesPolicySettings
{
    [CmdletBinding()]
    [OutputType([System.Array])]
    param(
        [Parameter(Mandatory = 'true')]
        [System.Collections.Hashtable]
        $DSCParams,

        [Parameter(Mandatory = 'true')]
        [System.String]
        $SettingDefinitionIdBase

    )

    $DSCParams.Remove('Identity') | Out-Null
    $DSCParams.Remove('DisplayName') | Out-Null
    $DSCParams.Remove('Description') | Out-Null

    $settings=@()

    #Prepare settings other than attacksurfacereductionrules
    $otherSettings=@(
        'AttackSurfaceReductionOnlyExclusions'
        'ControlledFolderAccessProtectedFolders'
        'ControlledFolderAccessAllowedApplications'
        'EnableControlledFolderAccess'
    )

    foreach ($settingKey in $otherSettings)
    {
        $settingInstanceTemplateId=""
        $settingValueTemplateId=""

        switch ($settingKey)
        {
            "AttackSurfaceReductionOnlyExclusions"{$settingInstanceTemplateId="0eaea6bb-736e-44ed-a450-b2ef5bea1377"}
            "ControlledFolderAccessProtectedFolders"{$settingInstanceTemplateId="8f2096a7-d4f0-430c-9287-b08db7139163"}
            "ControlledFolderAccessAllowedApplications"{$settingInstanceTemplateId="e10f2cf5-121a-4890-af23-d4e91e0fab5f"}
            "EnableControlledFolderAccess"
            {
                $settingInstanceTemplateId="78c83b32-56c0-445a-932a-872d69af6e49"
                $settingValueTemplateId="e57db701-c3c6-4264-ab50-7896cb90dfd6"
            }

        }

        $setting=@{}
        if($null -ne ($DSCParams."$settingKey"))
        {
            $setting.add("@odata.type","#microsoft.graph.deviceManagementConfigurationSetting")
            $formatParams=@{}
            $formatParams.Add('DSCParams',@{$settingKey=$DSCParams."$settingKey"})
            $formatParams.Add('SettingDefinitionIdBase',$settingDefinitionIdBase)
            $formatParams.Add('SettingInstanceTemplateId',$settingInstanceTemplateId)
            if(-Not [string]::IsNullOrEmpty($settingValueTemplateId))
            {
                $formatParams.Add('SettingValueTemplateId',$settingValueTemplateId)
            }
            $myFormattedSetting= Format-M365DSCParamsToSettingInstance @formatParams

            $setting.add('settingInstance',$myFormattedSetting)
            $settings+=$setting
        }
    }

    $DSCParams.Remove('ControlledFolderAccessProtectedFolders') | Out-Null
    $DSCParams.Remove('ControlledFolderAccessAllowedApplications') | Out-Null
    $DSCParams.Remove('EnableControlledFolderAccess') | Out-Null
    $DSCParams.Remove('AttackSurfaceReductionOnlyExclusions') | Out-Null

    #Prepare attacksurfacereductionrules
    $setting=@{}
    $setting.add("@odata.type","#microsoft.graph.deviceManagementConfigurationSetting")
    $ASRSettings = Format-M365DSCParamsToSettingInstance `
        -DSCParams $DSCParams `
        -GroupSettingDefinitionIdName "device_vendor_msft_policy_config_defender_attacksurfacereductionrules" `
        -SettingInstanceTemplateId "19600663-e264-4c02-8f55-f2983216d6d7"
    $setting.add('settingInstance',$ASRSettings)
    $settings+=$setting

    return $settings
}

Export-ModuleMember -Function *-TargetResource