Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update DeviceConfiguration_Get.ps1 #193

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update DeviceConfiguration_Get.ps1 #193

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions DeviceConfiguration/DeviceConfiguration_Get.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,71 @@ $DCP_resource = "deviceManagement/deviceConfigurations"

####################################################

Function Get-DecryptedDeviceConfigurationPolicy(){

<#
.SYNOPSIS
This function is used to decrypt device configuration policies from an json array with the use of the Graph API REST interface
.DESCRIPTION
The function connects to the Graph API Interface and decrypt Windows custom device configuration policies that is encrypted
.EXAMPLE
Decrypt-DeviceConfigurationPolicy -dcps $DCPs
Returns any device configuration policies configured in Intune in clear text without encryption
.NOTES
NAME: Decrypt-DeviceConfigurationPolicy
#>

[cmdletbinding()]

param
(
$dcps
)

$graphApiVersion = "Beta"
$DCP_resource = "deviceManagement/deviceConfigurations"

foreach ($dcp in $dcps) {
if ($dcp.'@odata.type' -eq "#microsoft.graph.windows10CustomConfiguration") {
# Convert policy of type windows10CustomConfiguration
foreach ($omaSetting in $dcp.omaSettings) {
try {

if ($omaSetting.isEncrypted -eq $true) {
$DCP_resource_function = "$($DCP_resource)/$($dcp.id)/getOmaSettingPlainTextValue(secretReferenceValueId='$($omaSetting.secretReferenceValueId)')"
$uri = "https://graph.microsoft.com/$graphApiVersion/$($DCP_resource_function)"
$value = ((Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value)

#Remove any unnecessary properties
$omaSetting.PsObject.Properties.Remove("isEncrypted")
$omaSetting.PsObject.Properties.Remove("secretReferenceValueId")
$omaSetting.value = $value
}

}
catch {

$ex = $_.Exception
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
write-host
break

}
}
}
}
$dcps

}

####################################################

Function Get-DeviceConfigurationPolicyAssignment(){

<#
Expand Down Expand Up @@ -415,6 +480,7 @@ $global:authToken = Get-AuthToken -User $User
####################################################

$DCPs = Get-DeviceConfigurationPolicy
$DCPs = Get-DecryptedDeviceConfigurationPolicy -dcp $DCPs

write-host

Expand Down