Last active
October 7, 2024 15:29
-
-
Save bitfede/96f33a4732214d289e381f4d837857cc to your computer and use it in GitHub Desktop.
powershell examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check device compliance in Intune | |
| $Devices = Get-IntuneManagedDevice | |
| foreach ($Device in $Devices) { | |
| if ($Device.DeviceComplianceState -ne 'Compliant') { | |
| Write-Host "Device $($Device.DeviceName) is not compliant. Please review its status." | |
| } | |
| } | |
| # ----------------------------------------------------------------- | |
| # Bulk enroll devices into Intune from a CSV file | |
| $DeviceList = Import-Csv -Path "C:\devices.csv" | |
| foreach ($Device in $DeviceList) { | |
| # Enroll each device | |
| Add-IntuneManagedDevice -DeviceId $Device.DeviceId | |
| Write-Host "Enrolled device with ID: $($Device.DeviceId)" | |
| } | |
| # ----------------------------------------------------------------- | |
| # Set up Microsoft Graph API connection details | |
| $clientId = "YourClientID" | |
| $tenantId = "YourTenantID" | |
| $clientSecret = "YourClientSecret" | |
| $authUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" | |
| $graphApiUrl = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices" | |
| # Get OAuth token | |
| $body = @{ | |
| client_id = $clientId | |
| scope = "https://graph.microsoft.com/.default" | |
| client_secret = $clientSecret | |
| grant_type = "client_credentials" | |
| } | |
| $tokenResponse = Invoke-RestMethod -Method Post -Uri $authUrl -ContentType "application/x-www-form-urlencoded" -Body $body | |
| $token = $tokenResponse.access_token | |
| # Call Microsoft Graph API to retrieve devices | |
| $devices = Invoke-RestMethod -Uri $graphApiUrl -Headers @{Authorization = "Bearer $token"} | |
| # Output devices | |
| $devices.value | ForEach-Object { Write-Host "Device Name: $($_.deviceName), Compliance State: $($_.complianceState)" } | |
| # ---------------------------------------------------------------------------------------------------- | |
| # OKTA API URL and Token | |
| $oktaDomain = "yourcompany.okta.com" | |
| $oktaToken = "YourOktaAPIToken" | |
| $oktaApiUrl = "https://$oktaDomain/api/v1/users" | |
| # Fetch users from OKTA | |
| $headers = @{ | |
| "Authorization" = "SSWS $oktaToken" | |
| "Content-Type" = "application/json" | |
| } | |
| $users = Invoke-RestMethod -Uri $oktaApiUrl -Headers $headers | |
| # Display User Information | |
| $users | ForEach-Object { Write-Host "User: $($_.profile.firstName) $($_.profile.lastName), Email: $($_.profile.email)" } | |
| # Example: Modify user profile by updating user's department | |
| $updateUserUrl = "$oktaApiUrl/userIdHere" | |
| $updateBody = @{ | |
| profile = @{ | |
| department = "New Department" | |
| } | |
| } | |
| $updateResponse = Invoke-RestMethod -Method Post -Uri $updateUserUrl -Headers $headers -Body ($updateBody | ConvertTo-Json) | |
| Write-Host "Updated User: $($updateResponse.profile.firstName) $($updateResponse.profile.lastName) with new department: $($updateResponse.profile.department)" | |
| # -------------------------------------------------------------------------------- | |
| # Define policy IDs (example: Windows, iOS policies) | |
| $windowsPolicyId = "your-windows-policy-id" | |
| $iosPolicyId = "your-ios-policy-id" | |
| # Retrieve all devices managed by Intune | |
| $devices = Get-IntuneManagedDevice | |
| foreach ($device in $devices) { | |
| if ($device.operatingSystem -eq 'Windows') { | |
| # Assign Windows policy | |
| Assign-CompliancePolicy -PolicyId $windowsPolicyId -DeviceId $device.deviceId | |
| Write-Host "Assigned Windows compliance policy to: $($device.deviceName)" | |
| } | |
| elseif ($device.operatingSystem -eq 'iOS') { | |
| # Assign iOS policy | |
| Assign-CompliancePolicy -PolicyId $iosPolicyId -DeviceId $device.deviceId | |
| Write-Host "Assigned iOS compliance policy to: $($device.deviceName)" | |
| } | |
| } | |
| # ------------------------------------------------------------------------------ | |
| # Get devices and compliance state from Intune | |
| $devices = Get-IntuneManagedDevice | |
| # Create an array for the report | |
| $report = @() | |
| foreach ($device in $devices) { | |
| $report += [PSCustomObject]@{ | |
| DeviceName = $device.DeviceName | |
| ComplianceState = $device.DeviceComplianceState | |
| OperatingSystem = $device.OperatingSystem | |
| LastCheckInDateTime = $device.LastCheckInDateTime | |
| } | |
| } | |
| # Export the report to a CSV file | |
| $report | Export-Csv -Path "C:\IntuneDeviceComplianceReport.csv" -NoTypeInformation | |
| Write-Host "Device compliance report exported to C:\IntuneDeviceComplianceReport.csv" | |
| # ----------------------------------------------------------------------- | |
| # Set the threshold for device last check-in (e.g., 30 days) | |
| $threshold = (Get-Date).AddDays(-30) | |
| # Get all devices from Intune | |
| $devices = Get-IntuneManagedDevice | |
| foreach ($device in $devices) { | |
| if ([DateTime]$device.LastCheckInDateTime -lt $threshold) { | |
| # Retire the device | |
| Retire-IntuneManagedDevice -DeviceId $device.DeviceId | |
| Write-Host "Device $($device.DeviceName) has been retired due to inactivity." | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment