IntuneHydrationKit/Invoke-IntuneHydration.ps1 at main · jorgeasaurus/IntuneHydrationKit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#Requires -Version 7.0
#Requires -Modules Microsoft.Graph.Authentication

<#
.SYNOPSIS
    Wrapper script for Intune tenant hydration (backward compatibility)
.DESCRIPTION
    This script provides backward compatibility for users who clone the repository
    and run the script directly. It imports the IntuneHydrationKit module and calls
    the Invoke-IntuneHydration function with all provided parameters.

    For new users, consider installing from PSGallery:
        Install-Module IntuneHydrationKit
        Invoke-IntuneHydration -SettingsPath ./settings.json
.PARAMETER SettingsPath
    Path to the settings JSON file. Use this for settings file-based invocation.
.PARAMETER TenantId
    Azure AD tenant ID (GUID). Required for parameter-based invocation.
.PARAMETER TenantName
    Tenant name for display purposes (e.g., contoso.onmicrosoft.com)
.PARAMETER Interactive
    Use interactive authentication (browser-based login).
.PARAMETER ClientId
    Application (client) ID for service principal authentication.
.PARAMETER ClientSecret
    Client secret for service principal authentication (SecureString).
.PARAMETER Environment
    Azure cloud environment. Valid values: Global, USGov, USGovDoD, Germany, China
.PARAMETER Create
    Enable creation of configurations
.PARAMETER Delete
    Enable deletion of kit-created configurations
.PARAMETER Force
    Skip confirmation prompt when running in delete mode
.PARAMETER VerboseOutput
    Enable verbose logging output
.PARAMETER OpenIntuneBaseline
    Process OpenIntuneBaseline policies
.PARAMETER ComplianceTemplates
    Process compliance policy templates
.PARAMETER AppProtection
    Process app protection policies
.PARAMETER NotificationTemplates
    Process notification templates
.PARAMETER EnrollmentProfiles
    Process enrollment profiles (Autopilot, ESP)
.PARAMETER DynamicGroups
    Process dynamic groups
.PARAMETER DeviceFilters
    Process device filters
.PARAMETER ConditionalAccess
    Process Conditional Access starter pack policies
.PARAMETER All
    Enable all targets
.PARAMETER ReportOutputPath
    Output directory for reports
.PARAMETER ReportFormats
    Report formats to generate (markdown, json)
.PARAMETER WhatIf
    Run in dry-run mode without making changes to Intune
.EXAMPLE
    ./Invoke-IntuneHydration.ps1 -SettingsPath ./settings.json

    Run using settings from a JSON file.
.EXAMPLE
    ./Invoke-IntuneHydration.ps1 -TenantId "00000000-0000-0000-0000-000000000000" -Interactive -Create -All

    Run with all imports enabled using interactive authentication.
#>
[CmdletBinding(SupportsShouldProcess, DefaultParameterSetName = 'SettingsFile')]
param(
    [Parameter(ParameterSetName = 'SettingsFile', Mandatory = $true, Position = 0)]
    [ValidateScript({ Test-Path $_ })]
    [string]$SettingsPath,

    [Parameter(ParameterSetName = 'Interactive', Mandatory = $true)]
    [Parameter(ParameterSetName = 'ServicePrincipal', Mandatory = $true)]
    [ValidatePattern('^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$')]
    [string]$TenantId,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [string]$TenantName,

    [Parameter(ParameterSetName = 'Interactive', Mandatory = $true)]
    [switch]$Interactive,

    [Parameter(ParameterSetName = 'ServicePrincipal', Mandatory = $true)]
    [string]$ClientId,

    [Parameter(ParameterSetName = 'ServicePrincipal', Mandatory = $true)]
    [SecureString]$ClientSecret,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [ValidateSet('Global', 'USGov', 'USGovDoD', 'Germany', 'China')]
    [string]$Environment = 'Global',

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$Create,

    [Parameter(ParameterSetName = 'SettingsFile')]
    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$Delete,

    [Parameter(ParameterSetName = 'SettingsFile')]
    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$Force,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$VerboseOutput,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$OpenIntuneBaseline,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$ComplianceTemplates,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$AppProtection,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$NotificationTemplates,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$EnrollmentProfiles,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$DynamicGroups,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$DeviceFilters,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$ConditionalAccess,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [switch]$All,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [string]$ReportOutputPath,

    [Parameter(ParameterSetName = 'Interactive')]
    [Parameter(ParameterSetName = 'ServicePrincipal')]
    [ValidateSet('markdown', 'json')]
    [string[]]$ReportFormats
)

$ErrorActionPreference = 'Stop'

# Import the module from the same directory as this script
$modulePath = Join-Path -Path $PSScriptRoot -ChildPath 'IntuneHydrationKit.psd1'
if (Test-Path -Path $modulePath) {
    Import-Module -Name $modulePath -Force
} else {
    throw "Module not found at: $modulePath. Ensure IntuneHydrationKit.psd1 is in the same directory as this script."
}

# Build parameters to pass to the function
$invokeParams = @{}

# Add all bound parameters except common parameters
$PSBoundParameters.GetEnumerator() | ForEach-Object {
    if ($_.Key -notin @('Verbose', 'Debug', 'ErrorAction', 'WarningAction', 'InformationAction', 'ErrorVariable', 'WarningVariable', 'InformationVariable', 'OutVariable', 'OutBuffer', 'PipelineVariable', 'WhatIf', 'Confirm')) {
        $invokeParams[$_.Key] = $_.Value
    }
}

# Handle WhatIf separately to ensure it's passed correctly
if ($WhatIfPreference) {
    $invokeParams['WhatIf'] = $true
}

# Call the module function
$result = Invoke-IntuneHydration @invokeParams

# Exit with appropriate code based on result
if ($result.Success) {
    exit 0
} else {
    exit 1
}