Skip to content

Commit 5baa057

Browse files
KelvinTegelaarKelvinTegelaar
committed
clean up legacy stuff around intune template management.
1 parent 8d76ec6 commit 5baa057

1 file changed

Lines changed: 88 additions & 121 deletions

File tree

Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1

Lines changed: 88 additions & 121 deletions
Original file line numberDiff line numberDiff line change
@@ -36,150 +36,117 @@ function Invoke-CIPPStandardIntuneTemplate {
3636
https://docs.cipp.app/user-documentation/tenant/standards/list-standards
3737
#>
3838
param($Tenant, $Settings)
39-
$TestResult = Test-CIPPStandardLicense -StandardName 'IntuneTemplate_general' -TenantFilter $Tenant -RequiredCapabilities @('INTUNE_A', 'MDM_Services', 'EMS', 'SCCM', 'MICROSOFTINTUNEPLAN1')
4039

41-
if ($TestResult -eq $false) {
42-
#writing to each item that the license is not present.
43-
foreach ($Template in $settings.TemplateList) {
44-
Set-CIPPStandardsCompareField -FieldName "standards.IntuneTemplate.$($Template.value)" -FieldValue 'This tenant does not have the required license for this standard.' -Tenant $Tenant
45-
}
46-
return $true
47-
} #we're done.
4840
$Table = Get-CippTable -tablename 'templates'
4941
$Filter = "PartitionKey eq 'IntuneTemplate'"
50-
$Request = @{body = $null }
51-
$CompareList = foreach ($Template in $Settings) {
52-
$Request.body = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Where-Object -Property RowKey -Like "$($Template.TemplateList.value)*").JSON | ConvertFrom-Json -ErrorAction SilentlyContinue
53-
if ($null -eq $Request.body) {
54-
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to find template $($Template.TemplateList.value). Has this Intune Template been deleted?" -sev 'Error'
55-
continue
56-
}
5742

58-
$displayname = $request.body.Displayname
59-
$description = $request.body.Description
60-
$RawJSON = $Request.body.RawJSON
43+
$Template = (Get-CIPPAzDataTableEntity @Table -Filter $Filter | Where-Object -Property RowKey -Like "$($Settings.TemplateList.value)*").JSON | ConvertFrom-Json -ErrorAction SilentlyContinue
44+
if ($null -eq $Template) {
45+
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to find template $($Settings.TemplateList.value). Has this Intune Template been deleted?" -sev 'Error'
46+
return $true
47+
}
48+
49+
$displayname = $Template.Displayname
50+
$description = $Template.Description
51+
$RawJSON = $Template.RawJSON
52+
$TemplateType = $Template.Type
53+
54+
try {
55+
$ExistingPolicy = Get-CIPPIntunePolicy -tenantFilter $Tenant -DisplayName $displayname -TemplateType $TemplateType
56+
} catch {
57+
$ExistingPolicy = $null
58+
}
59+
60+
if ($ExistingPolicy) {
6161
try {
62-
$ExistingPolicy = Get-CIPPIntunePolicy -tenantFilter $Tenant -DisplayName $displayname -TemplateType $Request.body.Type
62+
$RawJSON = Get-CIPPTextReplacement -Text $RawJSON -TenantFilter $Tenant
63+
$JSONExistingPolicy = $ExistingPolicy.cippconfiguration | ConvertFrom-Json
64+
$JSONTemplate = $RawJSON | ConvertFrom-Json
65+
#This might be a slow one.
66+
$Compare = Compare-CIPPIntuneObject -ReferenceObject $JSONTemplate -DifferenceObject $JSONExistingPolicy -compareType $TemplateType -ErrorAction SilentlyContinue
6367
} catch {
6468
}
65-
if ($ExistingPolicy) {
66-
try {
67-
$RawJSON = Get-CIPPTextReplacement -Text $RawJSON -TenantFilter $Tenant
68-
$JSONExistingPolicy = $ExistingPolicy.cippconfiguration | ConvertFrom-Json
69-
$JSONTemplate = $RawJSON | ConvertFrom-Json
70-
$Compare = Compare-CIPPIntuneObject -ReferenceObject $JSONTemplate -DifferenceObject $JSONExistingPolicy -compareType $Request.body.Type -ErrorAction SilentlyContinue
71-
} catch {
72-
}
73-
} else {
74-
$compare = [pscustomobject]@{
75-
MatchFailed = $true
76-
Difference = 'This policy does not exist in Intune.'
77-
}
78-
}
79-
if ($Compare) {
80-
[PSCustomObject]@{
81-
MatchFailed = $true
82-
displayname = $displayname
83-
description = $description
84-
compare = $Compare
85-
rawJSON = $RawJSON
86-
body = $Request.body
87-
assignTo = $Template.AssignTo
88-
excludeGroup = $Template.excludeGroup
89-
remediate = $Template.remediate
90-
alert = $Template.alert
91-
report = $Template.report
92-
existingPolicyId = $ExistingPolicy.id
93-
templateId = $Template.TemplateList.value
94-
customGroup = $Template.customGroup
95-
assignmentFilter = $Template.assignmentFilter
96-
assignmentFilterType = $Template.assignmentFilterType
97-
}
98-
} else {
99-
[PSCustomObject]@{
100-
MatchFailed = $false
101-
displayname = $displayname
102-
description = $description
103-
compare = $false
104-
rawJSON = $RawJSON
105-
body = $Request.body
106-
assignTo = $Template.AssignTo
107-
excludeGroup = $Template.excludeGroup
108-
remediate = $Template.remediate
109-
alert = $Template.alert
110-
report = $Template.report
111-
existingPolicyId = $ExistingPolicy.id
112-
templateId = $Template.TemplateList.value
113-
customGroup = $Template.customGroup
114-
assignmentFilter = $Template.assignmentFilter
115-
assignmentFilterType = $Template.assignmentFilterType
116-
}
69+
} else {
70+
$compare = [pscustomobject]@{
71+
MatchFailed = $true
72+
Difference = 'This policy does not exist in Intune.'
11773
}
11874
}
75+
$CompareResult = [PSCustomObject]@{
76+
MatchFailed = [bool]$Compare
77+
displayname = $displayname
78+
description = $description
79+
compare = $Compare
80+
rawJSON = $RawJSON
81+
templateType = $TemplateType
82+
assignTo = $Settings.AssignTo
83+
excludeGroup = $Settings.excludeGroup
84+
remediate = $Settings.remediate
85+
alert = $Settings.alert
86+
report = $Settings.report
87+
existingPolicyId = $ExistingPolicy.id
88+
templateId = $Settings.TemplateList.value
89+
customGroup = $Settings.customGroup
90+
assignmentFilter = $Settings.assignmentFilter
91+
assignmentFilterType = $Settings.assignmentFilterType
92+
}
11993

120-
if ($true -in $Settings.remediate) {
121-
foreach ($TemplateFile in $CompareList | Where-Object -Property remediate -EQ $true) {
122-
try {
123-
$TemplateFile.customGroup ? ($TemplateFile.AssignTo = $TemplateFile.customGroup) : $null
124-
125-
$PolicyParams = @{
126-
TemplateType = $TemplateFile.body.Type
127-
Description = $TemplateFile.description
128-
DisplayName = $TemplateFile.displayname
129-
RawJSON = $templateFile.rawJSON
130-
AssignTo = $TemplateFile.AssignTo
131-
ExcludeGroup = $TemplateFile.excludeGroup
132-
tenantFilter = $Tenant
133-
}
94+
if ($Settings.remediate) {
95+
try {
96+
$CompareResult.customGroup ? ($CompareResult.AssignTo = $CompareResult.customGroup) : $null
13497

135-
# Add assignment filter if specified
136-
if ($TemplateFile.assignmentFilter) {
137-
$PolicyParams.AssignmentFilterName = $TemplateFile.assignmentFilter
138-
$PolicyParams.AssignmentFilterType = $TemplateFile.assignmentFilterType ?? 'include'
139-
}
98+
$PolicyParams = @{
99+
TemplateType = $CompareResult.templateType
100+
Description = $CompareResult.description
101+
DisplayName = $CompareResult.displayname
102+
RawJSON = $CompareResult.rawJSON
103+
AssignTo = $CompareResult.AssignTo
104+
ExcludeGroup = $CompareResult.excludeGroup
105+
tenantFilter = $Tenant
106+
}
140107

141-
Set-CIPPIntunePolicy @PolicyParams
142-
} catch {
143-
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
144-
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template $($TemplateFile.displayname), Error: $ErrorMessage" -sev 'Error'
108+
# Add assignment filter if specified
109+
if ($CompareResult.assignmentFilter) {
110+
$PolicyParams.AssignmentFilterName = $CompareResult.assignmentFilter
111+
$PolicyParams.AssignmentFilterType = $CompareResult.assignmentFilterType ?? 'include'
145112
}
146-
}
147113

114+
Set-CIPPIntunePolicy @PolicyParams
115+
} catch {
116+
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
117+
Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to create or update Intune Template $($CompareResult.displayname), Error: $ErrorMessage" -sev 'Error'
118+
}
148119
}
149120

150-
if ($true -in $Settings.alert) {
151-
foreach ($Template in $CompareList | Where-Object -Property alert -EQ $true) {
152-
$AlertObj = $Template | Select-Object -Property displayname, description, compare, assignTo, excludeGroup, existingPolicyId
153-
if ($Template.compare) {
154-
Write-StandardsAlert -message "Template $($Template.displayname) does not match the expected configuration." -object $AlertObj -tenant $Tenant -standardName 'IntuneTemplate' -standardId $Settings.templateId
155-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Template $($Template.displayname) does not match the expected configuration. We've generated an alert" -sev info
121+
if ($Settings.alert) {
122+
$AlertObj = $CompareResult | Select-Object -Property displayname, description, compare, assignTo, excludeGroup, existingPolicyId
123+
if ($CompareResult.compare) {
124+
Write-StandardsAlert -message "Template $($CompareResult.displayname) does not match the expected configuration." -object $AlertObj -tenant $Tenant -standardName 'IntuneTemplate' -standardId $Settings.templateId
125+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Template $($CompareResult.displayname) does not match the expected configuration. We've generated an alert" -sev info
126+
} else {
127+
if ($CompareResult.ExistingPolicyId) {
128+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Template $($CompareResult.displayname) has the correct configuration." -sev Info
156129
} else {
157-
if ($Template.ExistingPolicyId) {
158-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Template $($Template.displayname) has the correct configuration." -sev Info
159-
} else {
160-
Write-StandardsAlert -message "Template $($Template.displayname) is missing." -object $AlertObj -tenant $Tenant -standardName 'IntuneTemplate' -standardId $Settings.templateId
161-
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Template $($Template.displayname) is missing." -sev info
162-
}
130+
Write-StandardsAlert -message "Template $($CompareResult.displayname) is missing." -object $AlertObj -tenant $Tenant -standardName 'IntuneTemplate' -standardId $Settings.templateId
131+
Write-LogMessage -API 'Standards' -tenant $Tenant -message "Template $($CompareResult.displayname) is missing." -sev info
163132
}
164133
}
165134
}
166135

167-
if ($true -in $Settings.report) {
168-
foreach ($Template in $CompareList | Where-Object { $_.report -eq $true -or $_.remediate -eq $true }) {
169-
$id = $Template.templateId
136+
if ($Settings.report -or $Settings.remediate) {
137+
$id = $CompareResult.templateId
170138

171-
$CurrentValue = @{
172-
displayName = $Template.displayname
173-
description = $Template.description
174-
isCompliant = if ($Template.compare) { $false } else { $true }
175-
}
176-
$ExpectedValue = @{
177-
displayName = $Template.displayname
178-
description = $Template.description
179-
isCompliant = $true
180-
}
181-
Set-CIPPStandardsCompareField -FieldName "standards.IntuneTemplate.$id" -CurrentValue $CurrentValue -ExpectedValue $ExpectedValue -TenantFilter $Tenant
139+
$CurrentValue = @{
140+
displayName = $CompareResult.displayname
141+
description = $CompareResult.description
142+
isCompliant = if ($CompareResult.compare) { $false } else { $true }
143+
}
144+
$ExpectedValue = @{
145+
displayName = $CompareResult.displayname
146+
description = $CompareResult.description
147+
isCompliant = $true
182148
}
149+
Set-CIPPStandardsCompareField -FieldName "standards.IntuneTemplate.$id" -CurrentValue $CurrentValue -ExpectedValue $ExpectedValue -TenantFilter $Tenant
183150
#Add-CIPPBPAField -FieldName "policy-$id" -FieldValue $Compare -StoreAs bool -Tenant $tenant
184151
}
185152
}

0 commit comments

Comments
 (0)