Giter Site home page Giter Site logo

christafarai / intunedocumentation Goto Github PK

View Code? Open in Web Editor NEW

This project forked from thomaskur/intunedocumentation

0.0 1.0 0.0 625 KB

Automatic Intune Documentation to simplify the life of admins and consultants.

License: GNU General Public License v3.0

PowerShell 100.00%

intunedocumentation's Introduction

Intune & Azure AD Conditional Access Documentation

Automatic Intune Documentation LogoAutomatic Intune and Conditional Access Documentation to simplify the life of admins and consultants.

This function Invoke-IntuneDocumentation will document:

  • Configuration Policies
  • Compliance Policies
  • Device Enrollment Restrictions
  • Terms and Conditions
  • Applications (Only Assigned)
  • Application Protection Policies
  • AutoPilot Configuration
  • Enrollment Page Configuration
  • Apple Push Certificate
  • Apple VPP
  • Device Categories
  • Exchange Connector
  • Application Configuration
  • PowerShell Scripts
  • ADMX backed Configuration Profiles
  • Security Baseline
  • Custom Roles

The function Invoke-ConditionalAccessDocumentation will document:

  • Azure AD Conditional Access Policies
  • Translate referenced id's to real object names (users, groups, roles and applications)

Usage Intune Documentation

Since version 2.0.0 the Automatic Intune Documentation script is available in th PowerShell Gallery and therefore its much simpler to install and use it. You can just use these two commands:

Install-Module IntuneDocumentation
Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx

Important: Before using the Script the first time, you have to ensure, that you have installed the Microsoft.Graph.Intune and PSWord Module. To do that, you have to start PowerShell as an Adminstrator and install them:

Install-Module Microsoft.Graph.Intune
Install-Module PSWord

Usage Conditional Access Documentation

You can just use these two commands:

Important: The Conditional Access Policy Documentation does not support login with interactive credentials. Therefore, it's required to create a custom app which can be done by calling 'New-IntuneDocumentationAppRegistration'. I recommend saving the result in a password vault and using always the same client secret.

# If you have already have the modulte installed then you can skip the first command. 
Install-Module IntuneDocumentation
# If App registration already exists it will only creade new CLient Secret. If you know the existing from a previous execution you can skip the next line.
$clientCreds = New-IntuneDocumentationAppRegistration -TokenLifetimeDays 5
Invoke-ConditionalAccessDocumentation -FullDocumentationPath c:\temp\CADoc.docx -ClientId $clientCreds.ClientId -Tenant $clientCreds.TenantId -ClientSecret $clientCreds.ClientSecret

Additional Options

UseTranslationBeta

When using this parameter the API names will be translated to the labels used in the Intune Portal. Note: These Translations need to be created manually, only a few are translated yet. If you are willing to support this project. You can do this by translating the json files which are mentioned to you when you generate the documentation in your tenant.

Invoke-IntuneDocumentation -FullDocumentationPath c:\temp\IntuneDoc.docx -UseTranslationBeta

Use script silently

In the past I got requests that users would like to execute the Intune Documentation script silently. I have now extended the script by two new option and a new functions which can automatically create the App Registration in Azure AD for you.

Automatically Create App Registration

Your account requires Global Admin privileges to execute these commands and you need to have the AzureAD Module installed.

$p = New-IntuneDocumentationAppRegistration
$p | fl

The following result will be displayed and can then be used. Safe the ClientSecret in your password vault.

ClientID               : d5cf6364-82f7-4024-9ac1-73a9fd2a6ec3
ClientSecret           : S03AESdMlhLQIPYYw/cYtLkGkQS0H49jXh02AS6Ek0U=
ClientSecretExpiration : 21.07.2025 21:39:02
TenantId               : d873f16a-73a2-4ccf-9d36-67b8243ab99a

Manually Create App Registration

You can follow the manual of Michael Niehaus https://oofhours.com/2019/11/29/app-based-authentication-with-intune/

But select also the following permission scopes:

  • 'Policy.Read.All'
  • 'Directory.Read.All'
  • 'DeviceManagementServiceConfig.Read.All'
  • 'DeviceManagementRBAC.Read.All'
  • 'DeviceManagementManagedDevices.Read.All'
  • 'DeviceManagementConfiguration.Read.All'
  • 'DeviceManagementApps.Read.All'
  • 'Device.Read.All'
  • 'Agreement.Read.All'
  • 'Application.Read.All'

Generate Documentation without user interaction

You can now call the Intune Documentation with the new parameters:

Invoke-IntuneDocumentation `
    -FullDocumentationPath c:\temp\IntuneDoc.docx `
    -ClientId d5cf6364-82f7-4024-9ac1-73a9fd2a6ec3 `
    -ClientSecret S03AESdMlhLQIPYYw/cYtLkGkQS0H49jXh02AS6Ek0U= `
    -Tenant d873f16a-73a2-4ccf-9d36-67b8243ab99a

Issues / Feedback

For any issues or feedback related to this module, please register for GitHub, and post your inquiry to this project's issue tracker.

Thanks to

@Microsoftgraph for the PowerShell Examples: https://github.com/microsoftgraph/powershell-intune-samples

@guidooliveira for the PSWord Module, which enables the creation of the Word file. https://github.com/guidooliveira/PSWord

@MScholtes for the Transponse-Object example https://github.com/MScholtes/TechNet-Gallery

@joslieben for extending and improving the script

@dads07a for adding Application protection Policies to the documentation

@mirkocolemberg for the help and testing of the script.

Created by baseVISION

intunedocumentation's People

Contributors

thomaskur avatar robindadswell avatar jeffgilb avatar martinkupka avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.