Skip to content

Commit 1a4b2ce

Browse files
pull[bot]pull[bot]
authored
Merge pull request #852 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 680460a + 07f4754 commit 1a4b2ce

1 file changed

Lines changed: 22 additions & 6 deletions

File tree

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,10 @@ function Invoke-AddDefenderDeployment {
2626
"$($tenant): Failed to enable MDE Connector - $($ConnectorStatus.ErrorMessage)"
2727
continue
2828
} else {
29-
"$($tenant): MDE Connector is $($ConnectorStatus.PartnerState). Attempting to set compliance and reporting settings..."
29+
"$($tenant): MDE Connector is $($ConnectorStatus.PartnerState)"
3030
}
3131

32+
3233
$SettingsObject = @{
3334
id = 'fc780465-2017-40d4-a0c5-307022471b92'
3435
androidEnabled = [bool]$Compliance.ConnectAndroid
@@ -39,29 +40,44 @@ function Invoke-AddDefenderDeployment {
3940
partnerUnresponsivenessThresholdInDays = 7
4041
allowPartnerToCollectIOSApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
4142
allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
43+
androidDeviceBlockedOnMissingPartnerData = [bool]$Compliance.androidDeviceBlockedOnMissingPartnerData
44+
iosDeviceBlockedOnMissingPartnerData = [bool]$Compliance.iosDeviceBlockedOnMissingPartnerData
45+
windowsDeviceBlockedOnMissingPartnerData = [bool]$Compliance.windowsDeviceBlockedOnMissingPartnerData
46+
macDeviceBlockedOnMissingPartnerData = [bool]$Compliance.macDeviceBlockedOnMissingPartnerData
4247
androidMobileApplicationManagementEnabled = [bool]$Compliance.ConnectAndroidCompliance
4348
iosMobileApplicationManagementEnabled = [bool]$Compliance.appSync
49+
windowsMobileApplicationManagementEnabled = [bool]$Compliance.windowsMobileApplicationManagementEnabled
50+
allowPartnerToCollectIosCertificateMetadata = [bool]$Compliance.allowPartnerToCollectIosCertificateMetadata
51+
allowPartnerToCollectIosPersonalCertificateMetadata = [bool]$Compliance.allowPartnerToCollectIosPersonalCertificateMetadata
4452
microsoftDefenderForEndpointAttachEnabled = [bool]$true
4553
}
4654
$SettingsObj = $SettingsObject | ConvertTo-Json -Compress
55+
$ConnectorUri = 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/fc780465-2017-40d4-a0c5-307022471b92'
56+
$ConnectorExists = $false
57+
$SettingsMatch = $false
4758
try {
48-
$ExistingSettings = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/fc780465-2017-40d4-a0c5-307022471b92' -tenantid $tenant
59+
$ExistingSettings = New-GraphGETRequest -uri $ConnectorUri -tenantid $tenant
60+
$ConnectorExists = $true
4961

5062
# Check if any setting doesn't match
63+
$SettingsMatch = $true
5164
foreach ($key in $SettingsObject.Keys) {
5265
if ($ExistingSettings.$key -ne $SettingsObject[$key]) {
53-
$ExistingSettings = $false
66+
$SettingsMatch = $false
5467
break
5568
}
5669
}
5770
} catch {
58-
$ExistingSettings = $false
71+
$ConnectorExists = $false
5972
}
60-
if ($ExistingSettings) {
73+
if ($SettingsMatch) {
6174
"Defender Intune Configuration already correct and active for $($tenant). Skipping"
75+
} elseif ($ConnectorExists) {
76+
$null = New-GraphPOSTRequest -uri $ConnectorUri -tenantid $tenant -type PATCH -body $SettingsObj -AsApp $true
77+
"$($tenant): Successfully updated Defender Compliance and Reporting settings."
6278
} else {
6379
$null = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/' -tenantid $tenant -type POST -body $SettingsObj -AsApp $true
64-
"$($tenant): Successfully set Defender Compliance and Reporting settings. Please remember to enable the Intune Connector in the Defender portal."
80+
"$($tenant): Successfully created Defender Compliance and Reporting settings."
6581
}
6682
}
6783

0 commit comments

Comments
 (0)