-
Notifications
You must be signed in to change notification settings - Fork 664
Expand file tree
/
Copy pathGA_AdminConsent_Set.ps1
More file actions
220 lines (186 loc) · 7.35 KB
/
GA_AdminConsent_Set.ps1
File metadata and controls
220 lines (186 loc) · 7.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
<#
.COPYRIGHT
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
See LICENSE in the project root for license information.
#>
function Connect-GraphAPI {
<#
.SYNOPSIS
Connects to Microsoft Graph API with appropriate scopes for Intune operations
.DESCRIPTION
This function connects to Microsoft Graph using the Microsoft.Graph.Authentication module
.PARAMETER Scopes
Array of permission scopes required for the operations
.PARAMETER Environment
The Microsoft Graph environment to connect to (Global, USGov, USGovDod, China, Germany)
.EXAMPLE
Connect-GraphAPI
Connects to Microsoft Graph with default scopes
.EXAMPLE
Connect-GraphAPI -Environment "USGov"
Connects to Microsoft Graph US Government environment
.NOTES
Requires Microsoft.Graph.Authentication module
#>
[CmdletBinding()]
param(
[string[]]$Scopes = @(
"DeviceManagementConfiguration.ReadWrite.All",
"Group.Read.All"
),
[ValidateSet("Global", "USGov", "USGovDod", "China", "Germany")]
[string]$Environment = "Global"
)
try {
# Set global Graph endpoint based on environment
switch ($Environment) {
"Global" { $global:GraphEndpoint = "https://graph.microsoft.com" }
"USGov" { $global:GraphEndpoint = "https://graph.microsoft.us" }
"USGovDod" { $global:GraphEndpoint = "https://dod-graph.microsoft.us" }
"China" { $global:GraphEndpoint = "https://microsoftgraph.chinacloudapi.cn" }
"Germany" { $global:GraphEndpoint = "https://graph.microsoft.de" }
default { $global:GraphEndpoint = "https://graph.microsoft.com" }
}
Write-Host "Graph Endpoint: $global:GraphEndpoint" -ForegroundColor Magenta
# Check if Microsoft.Graph.Authentication module is available
if (-not (Get-Module -Name Microsoft.Graph.Authentication -ListAvailable)) {
Write-Error "Microsoft.Graph.Authentication module not found. Please install it using: Install-Module Microsoft.Graph.Authentication"
return $false
}
# Import the module if not already loaded
if (-not (Get-Module -Name Microsoft.Graph.Authentication)) {
Import-Module Microsoft.Graph.Authentication -Force
}
# Connect to Microsoft Graph
Write-Host "Connecting to Microsoft Graph..." -ForegroundColor Cyan
Connect-MgGraph -Scopes $Scopes -Environment $Environment -NoWelcome
# Verify connection
$context = Get-MgContext
if ($context) {
Write-Host "Successfully connected to Microsoft Graph!" -ForegroundColor Green
Write-Host "Tenant ID: $($context.TenantId)" -ForegroundColor Yellow
Write-Host "Account: $($context.Account)" -ForegroundColor Yellow
Write-Host "Environment: $($context.Environment)" -ForegroundColor Yellow
Write-Host "Scopes: $($context.Scopes -join ', ')" -ForegroundColor Yellow
return $true
}
else {
Write-Error "Failed to establish connection to Microsoft Graph"
return $false
}
}
catch {
Write-Error "Error connecting to Microsoft Graph: $($_.Exception.Message)"
return $false
}
}
function Invoke-IntuneRestMethod {
<#
.SYNOPSIS
Invokes Microsoft Graph REST API calls with automatic paging support
.DESCRIPTION
This function makes REST API calls to Microsoft Graph with built-in error handling and automatic paging for large result sets
.PARAMETER Uri
The Microsoft Graph URI to call (can be relative path or full URL)
.PARAMETER Method
The HTTP method to use (GET, POST, PUT, DELETE, PATCH)
.PARAMETER Body
The request body for POST/PUT/PATCH operations
.PARAMETER ContentType
The content type for the request (default: application/json)
.EXAMPLE
Invoke-IntuneRestMethod -Uri "v1.0/deviceManagement/deviceConfigurations" -Method GET
.EXAMPLE
Invoke-IntuneRestMethod -Uri "v1.0/deviceManagement/deviceConfigurations" -Method GET
.NOTES
Requires an active Microsoft Graph connection via Connect-MgGraph
Uses the global $GraphEndpoint variable for environment-specific endpoints
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $true)]
[string]$Uri,
[Parameter(Mandatory = $false)]
[ValidateSet('GET', 'POST', 'PUT', 'DELETE', 'PATCH')]
[string]$Method = 'GET',
[Parameter(Mandatory = $false)]
[object]$Body = $null,
[Parameter(Mandatory = $false)]
[string]$ContentType = 'application/json'
)
try {
# Ensure we have a Graph endpoint set
if (-not $global:GraphEndpoint) {
$global:GraphEndpoint = "https://graph.microsoft.com"
Write-Warning "No Graph endpoint set, defaulting to: $global:GraphEndpoint"
}
# Handle both relative and absolute URIs
if (-not $Uri.StartsWith("http")) {
$Uri = "$global:GraphEndpoint/$Uri"
}
$results = @()
$nextLink = $Uri
do {
Write-Verbose "Making request to: $nextLink"
$requestParams = @{
Uri = $nextLink
Method = $Method
ContentType = $ContentType
}
if ($Body) {
if ($Body -is [string]) {
# Check if the string is valid JSON by trying to parse it
try {
$null = $Body | ConvertFrom-Json -ErrorAction Stop
# If we get here, it's valid JSON - use as-is
$requestParams.Body = $Body
Write-Verbose "Body detected as JSON string"
}
catch {
# String is not valid JSON, treat as plain string and wrap in quotes
$requestParams.Body = "`"$($Body)`""
Write-Verbose "Body detected as plain string, wrapping in quotes"
}
} else {
# Body is an object (hashtable, PSCustomObject, etc.), convert to JSON
$requestParams.Body = $Body | ConvertTo-Json -Depth 10
Write-Verbose "Body detected as object, converting to JSON"
}
}
$response = Invoke-MgGraphRequest @requestParams
# Handle paging
if ($response.value) {
$results += $response.value
$nextLink = $response.'@odata.nextLink'
}
else {
$results += $response
$nextLink = $null
}
} while ($nextLink)
return $results
}
catch {
$errorMessage = $_.Exception.Message
if ($_.Exception.Response) {
$statusCode = $_.Exception.Response.StatusCode
Write-Error "Graph API request failed with status $statusCode : $errorMessage"
}
else {
Write-Error "Graph API request failed: $errorMessage"
}
throw
}
}
####################################################
####################################################
####################################################
#region Authentication
# Connect to Microsoft Graph
if (-not (Connect-GraphAPI)) {
Write-Error "Failed to connect to Microsoft Graph. Exiting script."
exit 1
}
#endregion
####################################################
Write-Host