Functions/New-MultipleIntuneDeviceManagementScriptsAssignments.ps1
|
function New-MultipleIntuneDeviceManagementScriptsAssignments { [CmdletBinding()] param ( [Parameter()] [string[]] $ScriptIds, [Parameter()] [string] $OS, [Parameter()] [string] $GroupName, [Parameter()] [ValidateSet("Included", "Excluded", "UnassignAll")] [string] $Intent ) $Scripts = Invoke-MSGraphRequest -Url "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts" | Get-MSGraphAllPages | Sort-Object displayName if ($ScriptIds) { $SelectedScripts = @() foreach ($id in $ScriptIds) { if ($Scripts.id -contains $id) { $SelectedScripts += $Scripts | Where-Object id -eq $id } } } else { $SelectedScripts = $Scripts | Out-GridView -OutputMode Multiple -Title "Select Scripts" } if (!($SelectedScripts)) { break } if ($GroupName) { $AADGroup = Get-AzureADGroup -Filter "(displayname eq '$($GroupName)')" } else { $AADGroup = Get-AzureADGroup -All $true | Sort-Object DisplayName | Out-GridView -OutputMode Single -Title "Select AAD Group" } if (!($AADGroup)) { break } # $target = New-DeviceAndAppManagementAssignmentTargetObject -groupAssignmentTarget -groupId $AADGroup.ObjectId if (!($Intent)) { $Intent = "Included", "Excluded", "UnassignAll" | Out-GridView -OutputMode Single -Title "Select Intent" if (!($Intent)) { break } } $AADGroup | Format-Table $Intent Write-Host "`n`n###############################`n`n`n" foreach ($s in $SelectedScripts) { $s $Assignments = Invoke-MSGraphRequest -HttpMethod GET -Url "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($s.id)/assignments" | Get-MSGraphAllPages $Assignments $Assignments | ForEach-Object { if ($_.target.groupId -eq $AADGroup.ObjectId) { Write-Output "Removing previous assignment for Script: `"$($s.displayName)`" ($($s.id)), group `"$($AADGroup.displayName)`" ($($_.target.groupId))" "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($s.id)/assignments/$($_.id)" Invoke-MSGraphRequest -HttpMethod DELETE -Url "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($s.id)/assignments/$($_.id)" } } if ($Intent -eq "Included") { $JSON = @" { `"@odata.type`": `"#microsoft.graph.deviceManagementScriptAssignment`", `"target`": { `"@odata.type`": `"microsoft.graph.groupAssignmentTarget`", `"deviceAndAppManagementAssignmentFilterId`": null, `"deviceAndAppManagementAssignmentFilterType`": `"none`", `"groupId`": `"$($AadGroup.objectId)`" } } "@ } elseif ($Intent -eq "Excluded") { $JSON = @" { `"@odata.type`": `"#microsoft.graph.deviceManagementScriptAssignment`", `"target`": { `"@odata.type`": `"microsoft.graph.exclusionGroupAssignmentTarget`", `"deviceAndAppManagementAssignmentFilterId`": null, `"deviceAndAppManagementAssignmentFilterType`": `"none`", `"groupId`": `"$($AadGroup.objectId)`" } } "@ } if ($Intent -ne "UnassignAll") { Write-Output "Assigning Script: `"$($s.displayName)`" ($($s.id)), group `"$($AADGroup.displayName)`" ($($AADGroup.objectId)), intent: $($Intent)" Invoke-MSGraphRequest -HttpMethod POST -Url "https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/$($s.id)/assign" -Content $JSON | Out-Null } "`n`n################`n`n" } } |