Skip to content

Commit

Permalink
fixes assignment policy += usage.
Browse files Browse the repository at this point in the history
  • Loading branch information
@KelvinTegelaar
KelvinTegelaar committed Feb 24, 2025
1 parent cd3394a commit b962e17
Showing 1 changed file with 47 additions and 38 deletions.
85 changes: 47 additions & 38 deletions Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,96 +10,105 @@ function Set-CIPPAssignedPolicy {
$APIName = 'Assign Policy',
$Headers
)
if (!$PlatformType) { $PlatformType = 'deviceManagement' }
try {
$assignmentsObject = @()
if (!$PlatformType) {
$PlatformType = 'deviceManagement'
}

$assignmentsObject += switch ($GroupName) {
try {
$assignmentsList = New-Object System.Collections.Generic.List[System.Object]
switch ($GroupName) {
'allLicensedUsers' {
@{
target = @{
'@odata.type' = '#microsoft.graph.allLicensedUsersAssignmentTarget'
$assignmentsList.Add(
@{
target = @{
'@odata.type' = '#microsoft.graph.allLicensedUsersAssignmentTarget'
}
}
}
break
)
}
'AllDevices' {
@{
target = @{
'@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget'
$assignmentsList.Add(
@{
target = @{
'@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget'
}
}
}
break
)
}
'AllDevicesAndUsers' {
@(
$assignmentsList.Add(
@{
target = @{
'@odata.type' = '#microsoft.graph.allDevicesAssignmentTarget'
}
},
}
)
$assignmentsList.Add(
@{
target = @{
'@odata.type' = '#microsoft.graph.allLicensedUsersAssignmentTarget'
}
}
)
break
}
default {
Write-Host "We're supposed to assign a custom group. The group is $GroupName"
$GroupNames = $GroupName.Split(',')
$GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | ForEach-Object {
$Group = $_
$GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter |
ForEach-Object {
foreach ($SingleName in $GroupNames) {
if ($_.displayName -like $SingleName) {
$_.id
}
}
}
$GroupIds | ForEach-Object {
@{
target = @{
'@odata.type' = '#microsoft.graph.groupAssignmentTarget'
groupId = $_
foreach ($gid in $GroupIds) {
$assignmentsList.Add(
@{
target = @{
'@odata.type' = '#microsoft.graph.groupAssignmentTarget'
groupId = $gid
}
}
}
)
}
}
}

# Handle excludeGroup
if ($excludeGroup) {
$ExcludeGroupNames = $excludeGroup.Split(',')
$ExcludeGroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter | ForEach-Object {
$Group = $_
$ExcludeGroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter |
ForEach-Object {
foreach ($SingleName in $ExcludeGroupNames) {
if ($_.displayName -like $SingleName) {
$_.id
}
}
}
$ExcludeGroupIds | ForEach-Object {
$assignmentsObject += @{
target = @{
'@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget'
groupId = $_

foreach ($egid in $ExcludeGroupIds) {
$assignmentsList.Add(
@{
target = @{
'@odata.type' = '#microsoft.graph.exclusionGroupAssignmentTarget'
groupId = $egid
}
}
}
)
}
}

$assignmentsObject = [PSCustomObject]@{
assignments = $assignmentsObject
assignments = $assignmentsList
}

$AssignJSON = ($assignmentsObject | ConvertTo-Json -Depth 10 -Compress)
$AssignJSON = $assignmentsObject | ConvertTo-Json -Depth 10 -Compress
Write-Host "AssignJSON: $AssignJSON"
if ($PSCmdlet.ShouldProcess($GroupName, "Assigning policy $PolicyId")) {
Write-Host "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign"
$null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" -tenantid $tenantFilter -type POST -body $AssignJSON
$null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$($PlatformType)/$Type('$($PolicyId)')/assign" -tenantid $TenantFilter -type POST -body $AssignJSON
Write-LogMessage -headers $Headers -API $APIName -message "Assigned $GroupName and excluded $excludeGroup to Policy $PolicyId" -Sev 'Info' -tenant $TenantFilter
}

} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
Write-LogMessage -headers $Headers -API $APIName -message "Failed to assign $GroupName to Policy $PolicyId, using Platform $PlatformType and $Type. The error is:$ErrorMessage" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage
Expand Down

0 comments on commit b962e17

Please sign in to comment.