@@ -15,7 +15,8 @@ function Update-AppManagementPolicy {
1515 [CmdletBinding ()]
1616 param (
1717 $TenantFilter = $env: TenantID ,
18- $ApplicationId = $env: ApplicationID
18+ $ApplicationId = $env: ApplicationID ,
19+ $headers
1920 )
2021
2122 try {
@@ -39,8 +40,7 @@ function Update-AppManagementPolicy {
3940 )
4041
4142 # Execute bulk request
42- $Results = New-GraphBulkRequest - Requests $Requests - NoAuthCheck $true - asapp $true - tenantid $TenantFilter
43-
43+ $Results = New-GraphBulkRequest - Requests $Requests - NoAuthCheck $true - asapp $true - tenantid $TenantFilter - headers $headers
4444 # Parse results
4545 $DefaultPolicy = ($Results | Where-Object { $_.id -eq ' defaultPolicy' }).body
4646 $AppPolicies = ($Results | Where-Object { $_.id -eq ' appPolicies' }).body.value
@@ -60,8 +60,7 @@ function Update-AppManagementPolicy {
6060 })
6161
6262 if ($AppliesToRequests.Count -gt 0 ) {
63- $AppliesToResults = New-GraphBulkRequest - Requests $AppliesToRequests - NoAuthCheck $true - asapp $true - tenantid $TenantFilter
64-
63+ $AppliesToResults = New-GraphBulkRequest - Requests $AppliesToRequests - NoAuthCheck $true - asapp $true - tenantid $TenantFilter - headers $headers
6564 # Find which policy (if any) targets the app
6665 $CIPPPolicyResult = $AppliesToResults | Where-Object { $_.body.value.appId -contains $ApplicationId } | Select-Object - First 1
6766 if ($CIPPPolicyResult ) {
@@ -171,18 +170,18 @@ function Update-AppManagementPolicy {
171170
172171 if ($CIPPAppPolicyId ) {
173172 # Update existing policy that's already assigned to the app
174- $null = New-GraphPostRequest - uri " https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$CIPPAppPolicyId " - type PATCH - body ($PolicyBody | ConvertTo-Json - Depth 10 ) - asapp $true - NoAuthCheck $true - tenantid $TenantFilter
173+ $null = New-GraphPostRequest - uri " https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$CIPPAppPolicyId " - type PATCH - body ($PolicyBody | ConvertTo-Json - Depth 10 ) - asapp $true - NoAuthCheck $true - tenantid $TenantFilter - headers $headers
175174 $PolicyAction = " Updated existing policy $CIPPAppPolicyId to allow credentials"
176175 } elseif ($ExistingExemptionPolicy ) {
177176 # Exemption policy exists but not assigned to app - update and assign it
178- $null = New-GraphPostRequest - uri " https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$ ( $ExistingExemptionPolicy.id ) " - type PATCH - body ($PolicyBody | ConvertTo-Json - Depth 10 ) - asapp $true - NoAuthCheck $true
177+ $null = New-GraphPostRequest - uri " https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$ ( $ExistingExemptionPolicy.id ) " - type PATCH - body ($PolicyBody | ConvertTo-Json - Depth 10 ) - asapp $true - NoAuthCheck $true - headers $headers
179178
180179 if ($CIPPApp.id ) {
181180 # Assign existing policy to CIPP-SAM application
182181 $AssignBody = @ {
183182 ' @odata.id' = " https://graph.microsoft.com/beta/policies/appManagementPolicies/$ ( $ExistingExemptionPolicy.id ) "
184183 }
185- $null = New-GraphPostRequest - uri " https://graph.microsoft.com/beta/applications/$ ( $CIPPApp.id ) /appManagementPolicies/`$ ref" - type POST - body ($AssignBody | ConvertTo-Json ) - asapp $true - NoAuthCheck $true - tenantid $TenantFilter
184+ $null = New-GraphPostRequest - uri " https://graph.microsoft.com/beta/applications/$ ( $CIPPApp.id ) /appManagementPolicies/`$ ref" - type POST - body ($AssignBody | ConvertTo-Json ) - asapp $true - NoAuthCheck $true - tenantid $TenantFilter - headers $headers
186185 $PolicyAction = " Updated and assigned existing policy $ ( $ExistingExemptionPolicy.id ) to CIPP-SAM"
187186 $CIPPAppPolicyId = $ExistingExemptionPolicy.id
188187 $CIPPAppTargeted = $true
@@ -191,14 +190,14 @@ function Update-AppManagementPolicy {
191190 }
192191 } else {
193192 # Create new policy and assign to CIPP-SAM app
194- $CreatedPolicy = New-GraphPostRequest - uri ' https://graph.microsoft.com/v1.0/policies/appManagementPolicies' - type POST - body ($PolicyBody | ConvertTo-Json - Depth 10 ) - asapp $true - NoAuthCheck $true
193+ $CreatedPolicy = New-GraphPostRequest - uri ' https://graph.microsoft.com/v1.0/policies/appManagementPolicies' - type POST - body ($PolicyBody | ConvertTo-Json - Depth 10 ) - asapp $true - NoAuthCheck $true - headers $headers
195194
196195 if ($CIPPApp.id ) {
197196 # Assign policy to CIPP-SAM application using beta endpoint
198197 $AssignBody = @ {
199198 ' @odata.id' = " https://graph.microsoft.com/beta/policies/appManagementPolicies/$ ( $CreatedPolicy.id ) "
200199 }
201- $null = New-GraphPostRequest - uri " https://graph.microsoft.com/beta/applications/$ ( $CIPPApp.id ) /appManagementPolicies/`$ ref" - type POST - body ($AssignBody | ConvertTo-Json ) - asapp $true - NoAuthCheck $true
200+ $null = New-GraphPostRequest - uri " https://graph.microsoft.com/beta/applications/$ ( $CIPPApp.id ) /appManagementPolicies/`$ ref" - type POST - body ($AssignBody | ConvertTo-Json ) - asapp $true - NoAuthCheck $true - headers $headers
202201 $PolicyAction = " Created new policy $ ( $CreatedPolicy.id ) and assigned to CIPP-SAM"
203202 $CIPPAppPolicyId = $CreatedPolicy.id
204203 $CIPPAppTargeted = $true
0 commit comments