MemPolicyManager Module

Summary

• The MemPolicyManager module provides a comprehensive set of cmdlets for managing Microsoft Endpoint Manager policies. This module allows administrators to perform various tasks such as backing up, importing, exporting, and comparing policies through the Microsoft Graph API. It aims to streamline policy management and ensure that configurations are consistent and easily recoverable.
• The module is a personal project and is not officially supported by Microsoft. Use it at your own risk.
• The project was born out of a lack of native PowerShell cmdlets for easily managing Microsoft Endpoint Manager policies. The module aims to fill this gap, and assist me in developing my ability to work with MgGraph.
• The module was inspired and borrows concepts and code from: https://github.com/microsoft/mggraph-intune-samples/tree/main

Note

The graphApiVersion parameter is experimental and may not work as expected. The default value is "beta". Do not change the value until further notice.

Table of Contents

1. Backup-EmMdmAppConfiguration
2. Backup-EmMdmAppProtection
3. Backup-EmMdmCompliance
4. Backup-EmMdmConfiguration
5. Backup-EmMdmEndpointSecurity
6. Backup-EmMdmSettingsCatalog
7. Backup-EmMdmSoftwareUpdate
8. Compare-EmMgClass
9. Convert-EmMgJsonToClass
10. Convert-EmMgJsonToFlatObject
11. Get-EmMdmAppConfiguration
12. Get-EmMdmAppProtection
13. Get-EmMdmCompliance
14. Get-EmMdmConfiguration
15. Get-EmMdmEndpointSecurity
16. Get-EmMdmGraphAuth
17. Get-EmMdmSoftwareUpdate
18. Get-EmMgMetadataXml
19. Get-EmMgMetadataXmlInfo
20. Get-EmMgJsonResourceJson
21. Get-EmMgResourceOperationJson
22. Import-EmMdmAppConfiguration
23. Import-EmMdmAppProtection
24. Import-EmMdmCompliance
25. Import-EmMdmConfiguration
26. Import-EmMdmEndpointSecurity
27. Import-EmMdmSettingsCatalog
28. Import-EmMdmSoftwareUpdate

Examples

Backup-EmMdmAppConfiguration

# Example 1: Backing up all App Configuration policies
Backup-EmMdmAppConfiguration -ExportPath "C:\Backup\AppConfigurations"

Import-EmMdmAppProtection

# Example 1: Importing App Protection Policy from JSON file
Import-EmMdmAppConfiguration -ImportPath "C:\Backup\AppConfigurationPolicy.json"

Application Auth Examples

# Application Auth Examples

# Application Permissions required:
#   DeviceManagementConfiguration.ReadWrite.All,
#   DeviceManagementApps.ReadWrite.All,
#   DeviceManagementManagedDevices.ReadWrite.All

## Client Secret Authentication ##
# Application (client) ID, Tenant ID, and Client Secret are required.
    PS C:\> $ClientId = "12345678-1234-1234-1234-123456789012"
    PS C:\> $TenantId = "12345678-1234-1234-1234-123456789012"
### Options for providing the Client Secret value
    # To manually input the Client Secret value, use the following command:
    PS C:\> $ClientSecretPSCredential = Get-Credential -Credential $ClientId
    # To provide the secret value in plain text, use the following command:
    PS C:\> $ClientSecret = ConvertTo-SecureString "<ClientSecretValue>" -AsPlainText
    # To retrieve the secret value from a local Vault, use the following command:
    PS C:\> $ClientSecret = Get-Secret -Name "MgGraphSecret" -VaultName "EmMdmVault"
    # To Create a PSAutomationCredential object with the Client/App Id and Client Secret (as a secure string).
    PS C:\> $ClientSecretPSCredential = [PsCredential]::New($ClientId,$ClientSecret)

    # Create the authentication object with the Client Secret values.
    PS C:\> $authObject = Get-EmMdmGraphAuth -ClientSecretTenantId $TenantId -ClientSecretValue $ClientSecretPSCredential
    # Example Usage: Retrieve the policies using the authentication object.
    PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
### Options for providing the Client Secret value
## Client Secret Authentication ##

# Certificate Authentication Options
## Self-Signed Certificate Authentication ##
    # Create a self-signed certificate and export it to a file.
    PS C:\> $CertName = "EmMdmMgGraphCert" # Replace CN=EmMdmMgGraphCert
    PS C:\> $cert = New-SelfSignedCertificate -Subject "CN=$CertName" -CertStoreLocation "Cert:\CurrentUser\My" `
    -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
    # Export the certificate to a file and upload the public key to the MgGraph application.
    PS C:\> Export-Certificate -Cert $cert -FilePath "C:\temp\$CertName.cer"   ## Specify your preferred location
## Self-Signed Certificate Authentication ##

## Certificate Thumbprint Authentication ##
    # Retrieve the certificate thumbprint from the local certificate store using the previous steps.
    PS C:\> $ThumbPrint = $cert.Thumbprint
    # Retrieve the certificate thumbprint from a local Vault if saved previously.
    PS C:\> $ClientCertThumbPrint = Get-Secret -Name "EmMdmMgGraphThumbprint" -Vault "EmMdmVault" -AsPlainText
    # Create the authentication object with the certificate thumbprint.
    PS C:\> $authObject = Get-EmMdmGraphAuth -CertificateThumbprintClientId $ClientId -CertificateThumbprintTenantId $TenantId -CertificateThumbprint $ClientCertThumbPrint
    # Example Usage: Retrieve the policies using the authentication object.
    PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## Certificate Thumbprint Authentication ##

## Certificate Name Authentication ##
    PS C:\> $CertName = "CN=EmMdmMgGraphCert"  ## Replace CN=EmMdmMgGraphCert
    PS C:\> $authObject = Get-EmMdmGraphAuth -CertificateNameClientId $ClientId -CertificateNameTenantId $TenantId -CertificateName $CertName
    PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## Certificate Name Authentication ##

## X509 Certificate Authentication ##
    PS C:\> $ThumbPrint = Get-Secret -Name "EmMdmMgGraphThumbprint" -Vault "EmMdmVault" -AsPlainText
    PS C:\> $Cert = Get-ChildItem Cert:\CurrentUser\My\$ThumbPrint
    PS C:\> $authObject = Get-EmMdmGraphAuth -X509CertificateClientId $ClientId -X509CertificateTenantId $TenantId -X509Certificate $Cert
    PS C:\> $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## X509 Certificate Authentication ##
## Certificate Authentication Options

## Access Token Authentication ##
    # Instantiate the Client ID, Tenant ID, and Client Secret values.
    $ClientId = "12345678-1234-1234-1234-123456789012"
    $TenantId = "12345678-1234-1234-1234-123456789012"
    $ClientSecret = Get-Secret -Name "MgGraphClientSecret" -Vault "EmMdmVault" -AsPlainText
    $ContentType = "application/x-www-form-urlencoded"
    $scope = "https://graph.microsoft.com/.default"
    # Construct the URI
    $uri = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
    # Construct the body of the request
    $body = @{
        client_id     = $ClientId
        scope         = $scope
        client_secret = $ClientSecret
        grant_type    = "client_credentials"
    }
    # Make the POST request to get the token
    $response = Invoke-RestMethod -Uri $uri -Method Post -ContentType $ContentType -Body $body
    $AccessToken = $response.access_token |  ConvertTo-SecureString -AsPlainText -Force
    # Create the authentication object with the access token.
    $authObject = Get-EmMdmGraphAuth -AccessToken $AccessToken
    # Example Usage: Retrieve the policies using the authentication object.
    $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## Access Token Authentication ##

## System Assigned Managed Identity Authentication (Azure Resource)##
    # Create the authentication object
    $authObject = Get-EmMdmGraphAuth -SystemAssignedIdentity
    # Example Usage: Retrieve the policies using the authentication object.
    $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## System Assigned Managed Identity Authentication (Azure Resource)##

## User Assigned Managed Identity Authentication (Azure Resource)##
    # Create the authentication object
    $authObject = Get-EmMdmGraphAuth -UserAuthManagedIdentity "12345678-1234-1234-1234-123456789012"
    # Example Usage: Retrieve the policies using the authentication object.
    $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## User Assigned Managed Identity Authentication (Azure Resource)##

## Connect using Environment Variables ##
    # Set the environment variables
    $authObject = Get-EmMdmGraphAuth -EnvironmentVariable
    # Example Usage: Retrieve the policies using the authentication object.
    $policies = Get-EmMdmAppConfiguration -AuthObject $authObject
## Connect using Environment Variables ##

Backup-EmMdmAppConfiguration

Synopsis

Backs up Intune App Configuration policies to a specified export path.

Syntax

Backup-EmMdmAppConfiguration [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ExportPath		The directory path where the App Configuration policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmAppConfigurationAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmAppConfiguration -ExportPath "C:\Backup\AppConfigurations"
This example connects to Microsoft Graph, retrieves Intune App Configuration policies, and exports them to the specified directory "C:\Backup\AppConfigurations" as JSON files.

EXAMPLE 2

$authObject = Get-EmMdmGraphAuth -ClientSecretId "your-client-id" -ClientSecretTenantId "your-tenant-id" -ClientSecretValue "your-client-secret"
PS> Backup-EmMdmAppConfiguration -ExportPath "C:\Backup\AppConfigurations" -AuthObject $authObject
This example creates an authentication object using Client Secret authentication and uses it to connect to Microsoft Graph, retrieve Intune App Configuration policies, and export them to the specified directory.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmAppConfiguration

Backup-EmMdmAppProtection

Synopsis

Backs up Intune App Protection policies to a specified export path.

Syntax

Backup-EmMdmAppProtection [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ExportPath		The directory path where the App Protection policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmAppProtectionAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmAppProtection -ExportPath "C:\Backup\AppProtections"
This example connects to Microsoft Graph, retrieves Intune App Protection policies, and exports them to the specified directory "C:\Backup\AppProtections" as JSON files.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmAppProtection

Backup-EmMdmCompliance

Synopsis

Backs up Intune Device Compliance policies to a specified export path.

Syntax

Backup-EmMdmCompliance [-ExportPath] <String> [[-OperatingSystem] <String>] [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ExportPath		The directory path where the Device Compliance policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
OperatingSystem		The operating system filter for the compliance policies. Valid values are "android", "iOS", "Win10", "macos", and "all". The default value is "all".	false	false	all
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [string] This cmdlet returns the export path upon successful completion.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmComplianceAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmCompliance -ExportPath "C:\Backup\CompliancePolicies" -OperatingSystem "Win10"
This example connects to Microsoft Graph, retrieves Windows 10 Device Compliance policies, and exports them to the specified directory "C:\Backup\CompliancePolicies" as JSON files.

EXAMPLE 2

Backup-EmMdmCompliance -ExportPath "C:\Backup\CompliancePolicies" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version, retrieves all Device Compliance policies, and exports them to the specified directory "C:\Backup\CompliancePolicies" as JSON files.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmCompliance

Backup-EmMdmConfiguration

Synopsis

Backs up Intune Device Configuration policies to a specified export path.

Syntax

Backup-EmMdmConfiguration [[-DeviceType] <String>] [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
DeviceType		The device type filter for the configuration policies. Valid values are "windows81", "macOSExtensions", "macOSCustom", "macOSDeviceFeatures", "macOSGeneral", "macOSSoftwareUpdate", "macOSEndpointProtection", "androidWorkProfileGeneral", "androidWorkProfileVpn", "windowsHealthMonitoring", "windows81SCEP", "windows10Custom", "windows10EndpointProtection", "windows10General", and "all". The default value is "all".	false	false	all
ExportPath		The directory path where the Device Configuration policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EMMdmConfigurationAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmConfiguration -DeviceType "windows10General" -ExportPath "C:\Backup\DeviceConfigurations"
This example connects to Microsoft Graph, retrieves Windows 10 General Device Configuration policies, and exports them to the specified directory "C:\Backup\DeviceConfigurations" as JSON files.

EXAMPLE 2

Backup-EmMdmConfiguration -DeviceType "all" -ExportPath "C:\Backup\DeviceConfigurations" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version, retrieves all Device Configuration policies, and exports them to the specified directory "C:\Backup\DeviceConfigurations" as JSON files.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmConfiguration

Backup-EmMdmEndpointSecurity

Synopsis

Backs up Intune Endpoint Security policies to a specified export path.

Syntax

Backup-EmMdmEndpointSecurity [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ExportPath		The directory path where the Endpoint Security policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmEndpointSecurityTemplate - Get-EmDMIntent - Get-EmDMTemplateSettingCategory - Get-EmDMSettingInstance - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmEndpointSecurity -ExportPath "C:\Backup\EndpointSecurity"
This example connects to Microsoft Graph, retrieves Intune Endpoint Security policies, and exports them to the specified directory "C:\Backup\EndpointSecurity" as JSON files.

EXAMPLE 2

Backup-EmMdmEndpointSecurity -ExportPath "C:\Backup\EndpointSecurity" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version, retrieves Intune Endpoint Security policies, and exports them to the specified directory "C:\Backup\EndpointSecurity" as JSON files.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmEndpointSecurity

Backup-EmMdmSettingsCatalog

Synopsis

Backs up Intune Settings Catalog policies to a specified export path.

Syntax

Backup-EmMdmSettingsCatalog [-ExportPath] <String> [[-Platform] <String>] [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ExportPath		The directory path where the Settings Catalog policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
Platform		The platform for which to retrieve policies. Valid values are "windows10" and "macOS". The default value is null, which retrieves policies for all platforms.	false	false
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmSettingsCatalogAPI - Get-EmMdmSettingsCatalogSettingsAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmSettingsCatalog -ExportPath "C:\Backup\SettingsCatalog"
This example connects to Microsoft Graph, retrieves Intune Settings Catalog policies, and exports them to the specified directory "C:\Backup\SettingsCatalog" as JSON files.

EXAMPLE 2

Backup-EmMdmSettingsCatalog -ExportPath "C:\Backup\SettingsCatalog" -Platform "windows10"
This example connects to Microsoft Graph, retrieves Intune Settings Catalog policies for Windows 10, and exports them to the specified directory "C:\Backup\SettingsCatalog" as JSON files.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmSettingsCatalog

Backup-EmMdmSoftwareUpdate

Synopsis

Backs up Intune Software Update policies to a specified export path.

Syntax

Backup-EmMdmSoftwareUpdate [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ExportPath		The directory path where the Software Update policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a directory path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmConfigurationAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmSoftwareUpdate -ExportPath "C:\Backup\SoftwareUpdates"
This example connects to Microsoft Graph, retrieves Intune Software Update policies, and exports them to the specified directory "C:\Backup\SoftwareUpdates" as JSON files.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Backup-EmMdmSoftwareUpdate

Compare-EmMgClass

Synopsis

Compares two PowerShell classes and outputs their differences.

Syntax

Compare-EmMgClass [-Class1] <Type> [-Class2] <Type> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
Class1		The first class to compare. This parameter is mandatory.	true	false
Class2		The second class to compare. This parameter is mandatory.	true	false

Inputs

• [Type] The cmdlet accepts two class types as input.

Outputs

• [string] The cmdlet outputs a string indicating whether the classes are different or identical. It also outputs the specific property and method differences, if any.

Note

The cmdlet uses the Compare-Object cmdlet to compare properties and methods of the specified classes.

Examples

EXAMPLE 1

Compare-EmMgClass -Class1 [ClassA] -Class2 [ClassB]
This example compares ClassA and ClassB, outputting their differences in properties and methods.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Compare-EmMgClass

Convert-EmMgJsonToClass

Synopsis

Converts a JSON string to a PowerShell class definition.

Syntax

Convert-EmMgJsonToClass [-Json] <String> [-ClassName] <String> [-Operation] <String> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
Json		The JSON string to be converted into a PowerShell class. This parameter is mandatory.	true	false
ClassName		The name of the class to be generated. This parameter is mandatory.	true	false
Operation		The operation type to customize the generated class. Valid values are "create", "update", and "get". This parameter is mandatory.	true	false

Inputs

• [string] The cmdlet accepts a JSON string and a class name as input.

Outputs

• [string] The cmdlet outputs the generated PowerShell class definition as a string.

Note

The cmdlet generates a PowerShell class with properties, a default constructor, and a parameterized constructor based on the JSON string. The cmdlet uses different operations to customize the class properties and constructors.

Examples

EXAMPLE 1

$json = '{"name": "Test", "value": 123}'
PS> Convert-EmMgJsonToClass -Json $json -ClassName "TestClass" -Operation "create"
This example converts the JSON string into a PowerShell class named "TestClass" for the "create" operation.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Convert-EmMgJsonToClass

Convert-EmMgJsonToFlatObject

Synopsis

Converts a JSON string or file to a flat PowerShell object.

Syntax

Convert-EmMgJsonToFlatObject -ImportPath <String> [<CommonParameters>]

Convert-EmMgJsonToFlatObject -JSON <String> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The path to the JSON file to be imported. This parameter is mandatory when using the 'Import' parameter set.	true	true (ByPropertyName\)
JSON		The JSON string to be converted to a flat object. This parameter is mandatory when using the 'StringObject' parameter set.	true	true (ByValue, ByPropertyName\)

Inputs

• [string] The cmdlet accepts a JSON string or a file path as input.

Outputs

• [PSCustomObject] The cmdlet outputs a flat PowerShell object.

Note

The cmdlet uses the ConvertTo-FlatObject function to flatten the JSON structure. The cmdlet supports two parameter sets: 'Import' for importing JSON from a file and 'StringObject' for converting JSON strings. Borrowed private function code from: https://powersnippets.com/convertto-flatobject/

Examples

EXAMPLE 1

Convert-EmMgJsonToFlatObject -ImportPath "C:\path\to\file.json"
This example imports the JSON file from the specified path and converts it to a flat PowerShell object.

EXAMPLE 2

'{"name": "Test", "value": {"nested": 123}}' | Convert-EmMgJsonToFlatObject
This example takes a JSON string from the pipeline, converts it to a flat PowerShell object, and outputs the result.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Convert-EmMgJsonToFlatObject

Get-EmMdmAppConfiguration

Synopsis

Retrieves Intune App Configuration policies from Microsoft Graph.

Syntax

Get-EmMdmAppConfiguration [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• [GetEmMdmTargetedManagedAppConfiguration[]] The cmdlet returns an array of Intune App Configuration policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmAppConfigurationAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmAppConfiguration
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune App Configuration policies.

EXAMPLE 2

Get-EmMdmAppConfiguration -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune App Configuration policies.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmAppConfiguration

Get-EmMdmAppProtection

Synopsis

Retrieves Intune App Protection policies from Microsoft Graph.

Syntax

Get-EmMdmAppProtection [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• [pscustomobject[]] The cmdlet returns an array of Intune App Protection policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmAppProtectionAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmAppProtection
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune App Protection policies.

EXAMPLE 2

Get-EmMdmAppProtection -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune App Protection policies.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmAppProtection

Get-EmMdmCompliance

Synopsis

Retrieves Intune Device Compliance policies from Microsoft Graph.

Syntax

Get-EmMdmCompliance [[-OperatingSystem] <String>] [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
OperatingSystem		The operating system for which to retrieve compliance policies. Valid values are "android", "iOS", "Win10", "macos", and "all". The default value is "all".	false	false	all
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• The cmdlet returns an array of Intune Device Compliance policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmComplianceAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmCompliance -OperatingSystem "android"
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Compliance policies for Android devices.

EXAMPLE 2

Get-EmMdmCompliance -OperatingSystem "iOS" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Device Compliance policies for iOS devices.

EXAMPLE 3

Get-EmMdmCompliance
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Compliance policies for all supported operating systems.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmCompliance

Get-EmMdmConfiguration

Synopsis

Retrieves Intune Device Configuration policies from Microsoft Graph.

Syntax

Get-EmMdmConfiguration [[-DeviceType] <String>] [-AuthObject <EmMdmAuthBase>] [-graphApiVersion <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
DeviceType		The device type for which to retrieve configuration policies. Valid values are "windows81", "macOSExtensions", "macOSCustom", "macOSDeviceFeatures", "macOSGeneral", "macOSSoftwareUpdate", "macOSEndpointProtection", "androidWorkProfileGeneral", "androidWorkProfileVpn", "windowsHealthMonitoring", "windows81SCEP", "windows10Custom", "windows10EndpointProtection", "windows10General", and "all". The default value is "all".	false	false	all
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• The cmdlet returns an array of Intune Device Configuration policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmConfigurationAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmConfiguration -DeviceType "windows81"
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Configuration policies for Windows 8.1 devices.

EXAMPLE 2

Get-EmMdmConfiguration -DeviceType "macOSGeneral" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Device Configuration policies for macOS devices.

EXAMPLE 3

Get-EmMdmConfiguration
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Configuration policies for all supported device types.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmConfiguration

Get-EmMdmEndpointSecurity

Synopsis

Retrieves Intune Endpoint Security policies from Microsoft Graph.

Syntax

Get-EmMdmEndpointSecurity [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• EmDManagementIntentInstanceCustom[] The cmdlet returns an array of EmDManagementIntentInstanceCustom objects representing the Endpoint Security policies.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmEndpointSecurityTemplate - Get-EmDMIntent - Get-EmDMTemplateSettingCategory - Get-EmDMSettingInstance - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmEndpointSecurity -graphApiVersion $graphApiVersion
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Endpoint Security policies.

EXAMPLE 2

Get-EmMdmEndpointSecurity -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Endpoint Security policies.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmEndpointSecurity

Get-EmMdmGraphAuth

Synopsis

Creates an authentication object for connecting to Microsoft Graph using various authentication methods.

Syntax

Get-EmMdmGraphAuth [-ClientSecretTenantId] <String> [-ClientSecretValue] <PSCredential> [<CommonParameters>]

Get-EmMdmGraphAuth [-CertificateThumbprintClientId] <String> [-CertificateThumbprintTenantId] <String> [-CertificateThumbprint] <String> [<CommonParameters>]

Get-EmMdmGraphAuth [-CertificateNameClientId] <String> [-CertificateNameTenantId] <String> [-CertificateName] <String> [<CommonParameters>]

Get-EmMdmGraphAuth [-UserAuthManagedIdentity] <String> [<CommonParameters>]

Get-EmMdmGraphAuth [-SystemAssignedIdentity] [<CommonParameters>]

Get-EmMdmGraphAuth [-AccessToken] <SecureString> [<CommonParameters>]

Get-EmMdmGraphAuth [-EnvironmentVariable] [<CommonParameters>]

Get-EmMdmGraphAuth [-X509CertificateClientId] <String> [-X509Certificate] <X509Certificate> [-X509CertificateTenantId] <String> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ClientSecretTenantId		The Tenant ID for the application using Client Secret authentication. Mandatory for ClientSecret parameter set.	true	false
ClientSecretValue		The Client Secret value for the application using Client Secret authentication. Mandatory for ClientSecret parameter set. Must be a PSCredential object.	true	false
CertificateThumbprintClientId		The Client ID for the application using Certificate Thumbprint authentication. Mandatory for CertificateThumbprint parameter set.	true	false
CertificateThumbprintTenantId		The Tenant ID for the application using Certificate Thumbprint authentication. Mandatory for CertificateThumbprint parameter set.	true	false
CertificateThumbprint		The Certificate Thumbprint for the application using Certificate Thumbprint authentication. Mandatory for CertificateThumbprint parameter set.	true	false
CertificateNameClientId		The Client ID for the application using Certificate Name authentication. Mandatory for CertificateName parameter set.	true	false
CertificateNameTenantId		The Tenant ID for the application using Certificate Name authentication. Mandatory for CertificateName parameter set.	true	false
CertificateName		The Certificate Name for the application using Certificate Name authentication. Mandatory for CertificateName parameter set.	true	false
UserAuthManagedIdentity		The Client ID for the Managed Identity. Mandatory for UserAuthManagedIdentity parameter set.	true	false
SystemAssignedIdentity		Indicates the use of a System Assigned Identity for authentication. Mandatory for SystemAssignedIdentity parameter set.	true	false	False
AccessToken		Specifies a bearer token for Microsoft Graph service. Mandatory for AccessToken parameter set.	true	false
EnvironmentVariable		Allows for authentication using environment variables configured on the host machine. Mandatory for EnvironmentVariable parameter set.	true	false	False
X509CertificateClientId		The client id of your application for X509 certificate authentication. Mandatory for X509Certificate parameter set.	true	false
X509Certificate			true	false
X509CertificateTenantId		The id of the tenant to connect to for X509 certificate authentication. Mandatory for X509Certificate parameter set.	true	false

Inputs

• None

Outputs

• PSCustomObject Returns an authentication object for connecting to Microsoft Graph.

Note

https://criticalsolutionsnetwork.github.io/MemPolicyManager/\#Get-EmMdmGraphAuth

Examples

EXAMPLE 1

$authObject = Get-EmMdmGraphAuth -ClientSecretTenantId $TenantId -ClientSecretValue $ClientSecretPSCredential
Creates an authentication object using Client Secret authentication.
The Client Secret value is provided as a PSCredential object.
# $ClientId = "<your-client-id>"
# ClientSecret = ConvertTo-SecureString -String "<your-client-secret>" -AsPlainText -Force
# Ex: $ClientSecretPSCredential = [PsCredential]::New($ClientId,$ClientSecret)

EXAMPLE 2

$authObject = Get-EmMdmGraphAuth -CertificateThumbprintClientId $ClientId -CertificateThumbprintTenantId $TenantId -CertificateThumbprint $ClientCertThumbPrint
Creates an authentication object using Certificate Thumbprint authentication.

EXAMPLE 3

$authObject = Get-EmMdmGraphAuth -CertificateNameClientId $ClientId -CertificateNameTenantId $TenantId -CertificateName $CertName
Creates an authentication object using Certificate Name authentication.

EXAMPLE 4

$authObject = Get-EmMdmGraphAuth -UserAuthManagedIdentity $ClientId
Creates an authentication object using Managed Identity authentication.

EXAMPLE 5

$authObject = Get-EmMdmGraphAuth -SystemAssignedIdentity
Creates an authentication object using System Assigned Identity authentication.

EXAMPLE 6

$authObject = Get-EmMdmGraphAuth -AccessToken (ConvertTo-SecureString -String "your-access-token" -AsPlainText -Force)
Creates an authentication object using Access Token authentication.

EXAMPLE 7

$authObject = Get-EmMdmGraphAuth -EnvironmentVariable
Creates an authentication object using Environment Variable authentication.

EXAMPLE 8

$authObject = Get-EmMdmGraphAuth -X509CertificateClientId $ClientId -X509CertificateTenantId $TenantId -X509Certificate $Cert
Creates an authentication object using X509 Certificate authentication.

Get-EmMdmSoftwareUpdate

Synopsis

Retrieves Intune Device Update policies from Microsoft Graph.

Syntax

Get-EmMdmSoftwareUpdate [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• [pscustomobject[]] The cmdlet returns an array of PSCustomObject representing the Device Update policies.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmConfigurationAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmSoftwareUpdate -graphApiVersion $graphApiVersion
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Update policies.

EXAMPLE 2

Get-EmMdmSoftwareUpdate -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Device Update policies.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmSoftwareUpdate

Get-EmMgMetadataXml

Synopsis

Downloads the Microsoft Graph metadata XML file.

Syntax

Get-EmMgMetadataXml [-OutputPath] <String> [-graphApiVersion <String>] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
OutputPath		The file path where the metadata XML file will be saved. This parameter is mandatory.	true	true (ByPropertyName\)
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• [string] The cmdlet outputs a message indicating the success or failure of the metadata XML download.

Note

The cmdlet uses the following functions: - Invoke-WebRequest

Examples

EXAMPLE 1

Get-EmMgMetadataXml -OutputPath "C:\GraphMetadata\metadata.xml"
This example connects to Microsoft Graph using the 'beta' API version and downloads the metadata XML file to "C:\GraphMetadata\metadata.xml".

EXAMPLE 2

Get-EmMgMetadataXml -OutputPath "C:\GraphMetadata\metadata.xml" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and downloads the metadata XML file to "C:\GraphMetadata\metadata.xml".

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMgMetadataXml

Get-EmMgMetadataXmlInfo

Synopsis

Retrieves metadata information for a specific entity type from a Microsoft Graph metadata XML file.

Syntax

Get-EmMgMetadataXmlInfo [-XmlFilePath] <String> [-TypeName] <String> [[-InfoType] <String>] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
XmlFilePath		The file path to the Microsoft Graph metadata XML file. This parameter is mandatory.	true	false
TypeName		The name of the entity type to retrieve information for. This parameter is mandatory.	true	false
InfoType		The type of information to retrieve. Default is "EntityType".	false	false	EntityType

Inputs

• None. This cmdlet does not accept pipeline input.

Outputs

• [PSCustomObject] The cmdlet outputs a custom object containing detailed information about the specified entity type, including its properties, methods, actions, enums, relationships, and a JSON representation.

Note

The cmdlet uses XPath queries to navigate the metadata XML and extract relevant information.

Examples

EXAMPLE 1

Get-EmMgMetadataXmlInfo -XmlFilePath "C:\GraphMetadata\metadata.xml" -TypeName "User"
This example retrieves metadata information for the 'User' entity type from the specified Microsoft Graph metadata XML file.

EXAMPLE 2

Get-EmMgMetadataXmlInfo -XmlFilePath "C:\GraphMetadata\metadata.xml" -TypeName "Device"
This example retrieves metadata information for the 'Device' entity type from the specified Microsoft Graph metadata XML file.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMgMetadataXmlInfo

Get-EmMgResourceJson

Synopsis

Retrieves JSON resource and property information from Microsoft Graph API documentation.

Syntax

Get-EmMgResourceJson [-ODataTypes] <String[]> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ODataTypes		An array of OData types for which to retrieve JSON resource data. This parameter is mandatory.	true	false

Inputs

• [string[]] The cmdlet accepts an array of OData types as input.

Outputs

• [PSCustomObject] The cmdlet outputs a custom object containing the JSON representation and properties table of the specified OData types.

Note

The cmdlet constructs the URL to the Microsoft Graph API documentation for each specified OData type, downloads the markdown content, and parses the JSON resource data and properties table.

Examples

EXAMPLE 1

Get-EmMgResourceJson -ODataTypes "macOSExtensionsConfiguration", "windows81TrustedRootCertificate"
This example retrieves JSON resource data and properties table for the specified OData types from Microsoft Graph API documentation.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMgResourceJson

Get-EmMgResourceOperationJson

Synopsis

Retrieves JSON examples for specified OData types and operations from Microsoft Graph API documentation.

Syntax

Get-EmMgResourceOperationJson [-ODataTypes] <String[]> [-Operation] <String> [-Resource] <String> [[-graphApiVersion] <String>] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ODataTypes		An array of OData types for which to retrieve JSON examples. This parameter is mandatory.	true	false
Operation		The operation type for which to retrieve JSON examples. Valid values are "get", "create", and "update". This parameter is mandatory.	true	false
Resource		The resource type for which to retrieve JSON examples. Valid values are "intune-deviceconfig" and "intune-mam". This parameter is mandatory.	true	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta

Inputs

• [string[]] The cmdlet accepts an array of OData types as input.

Outputs

• [PSCustomObject] The cmdlet outputs a custom object containing JSON examples for the specified OData types and operations.

Note

The cmdlet constructs the URL to the Microsoft Graph API documentation for each specified OData type and operation, downloads the markdown content, and parses the JSON examples.

Examples

EXAMPLE 1

Get-EmMgResourceOperationJson -ODataTypes "androidCompliancePolicy", "iosCompliancePolicy" -Operation "get" -Resource "intune-deviceconfig"
This example retrieves JSON examples for the specified OData types and get operations from Microsoft Graph API documentation.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMgResourceOperationJson

Import-EmMdmAppConfiguration

Synopsis

Imports Intune App Configuration policies from a specified JSON file.

Syntax

Import-EmMdmAppConfiguration [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the App Configuration policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [string] The cmdlet outputs the ID of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmAppConfiguration - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmAppConfiguration -ImportPath "C:\Backup\AppConfigurations\Policy.json"
This example connects to Microsoft Graph, reads the App Configuration policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmAppConfiguration

Import-EmMdmAppProtection

Synopsis

Imports Intune App Protection policies from a specified JSON file.

Syntax

Import-EmMdmAppProtection [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the App Protection policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [string] The cmdlet outputs the ID of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmAppProtection - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmAppProtection -ImportPath "C:\Backup\AppProtections\Policy.json"
This example connects to Microsoft Graph, reads the App Protection policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmAppProtection

Import-EmMdmCompliance

Synopsis

Imports Intune Compliance policies from a specified JSON file.

Syntax

Import-EmMdmCompliance [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the Compliance policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [pscustomobject] The cmdlet outputs the result of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmCompliance - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmCompliance -ImportPath "C:\Backup\CompliancePolicies\Policy.json"
This example connects to Microsoft Graph, reads the Compliance policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmCompliance

Import-EmMdmConfiguration

Synopsis

Imports Intune Device Configuration policies from a specified JSON file.

Syntax

Import-EmMdmConfiguration [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the Device Configuration policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [string] The cmdlet outputs the result of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmConfiguration - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmConfiguration -ImportPath "C:\Backup\DeviceConfigurations\Policy.json"
This example connects to Microsoft Graph, reads the Device Configuration policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmConfiguration

Import-EmMdmEndpointSecurity

Synopsis

Imports Intune Endpoint Security policies from a specified JSON file.

Syntax

Import-EmMdmEndpointSecurity [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the Endpoint Security policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [PSCustomObject] The cmdlet outputs the result of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmEndpointSecurity - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmEndpointSecurity -ImportPath "C:\Backup\EndpointSecurity\Policy.json"
This example connects to Microsoft Graph, reads the Endpoint Security policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmEndpointSecurity

Import-EmMdmSettingsCatalog

Synopsis

Imports Intune Settings Catalog policies from a specified JSON file.

Syntax

Import-EmMdmSettingsCatalog [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the Settings Catalog policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmSettingsCatalog - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmSettingsCatalog -ImportPath "C:\Backup\SettingsCatalog\Policy.json"
This example connects to Microsoft Graph, reads the Settings Catalog policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmSettingsCatalog

Import-EmMdmSoftwareUpdate

Synopsis

Imports Intune Software Update policies from a specified JSON file.

Syntax

Import-EmMdmSoftwareUpdate [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
ImportPath		The file path to the JSON file containing the Software Update policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName\)
AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
WhatIf	wi		false	false
Confirm	cf		false	false

Inputs

• [string] The cmdlet accepts a file path as input.

Outputs

• [string] The ID of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmConfiguration - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmSoftwareUpdate -ImportPath "C:\Backup\SoftwareUpdates\Policy.json"
This example connects to Microsoft Graph, reads the Software Update policy from the specified JSON file, and creates the policy in Intune.

Links

• https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Import-EmMdmSoftwareUpdate