Last active
April 6, 2021 00:31
-
-
Save jhochwald/6e053a2270ca1943fa4e6795420b2f14 to your computer and use it in GitHub Desktop.
Import an Enpoing Manager (Intune) Device configuration from an existing JSON File
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@odata.type": "#microsoft.graph.windows10CustomConfiguration", | |
| "id": "f2d6ce45-3bc7-4584-b391-120aa53eabea", | |
| "lastModifiedDateTime": "2018-09-09T13:47:31.4040135Z", | |
| "createdDateTime": "2018-07-07T14:21:22.3292533Z", | |
| "description": "", | |
| "displayName": "ADMX - OneDrive - KFM.admx", | |
| "version": 7, | |
| "omaSettings": [ | |
| { | |
| "@odata.type": "#microsoft.graph.omaSettingString", | |
| "displayName": "OneDrive.admx", | |
| "description": null, | |
| "omaUri": "./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/OneDriveNGSC/Policy/OneDriveAdmx", | |
| "value": "\u003cpolicyDefinitions xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" revision=\"1.0\" schemaVersion=\"1.0\" xmlns=\"http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions\"\u003e\n \u003cpolicyNamespaces\u003e\n \u003ctarget prefix=\"OneDriveNGSC\" namespace=\"Microsoft.Policies.OneDriveNGSC\" /\u003e\n \u003cusing prefix=\"windows\" namespace=\"Microsoft.Policies.Windows\" /\u003e\n \u003c/policyNamespaces\u003e\n \u003cresources minRequiredRevision=\"1.0\" /\u003e\n \u003ccategories\u003e\n \u003ccategory name=\"OneDriveNGSC\" displayName=\"$(string.OneDriveNGSCSettingCategory)\"/\u003e\n \u003c/categories\u003e\n \u003cpolicies\u003e\n \u003cpolicy name=\"DisablePersonalSync\" class=\"User\" displayName=\"$(string.DisablePersonalSync)\" explainText=\"$(string.DisablePersonalSync_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"DisablePersonalSync\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"EnableEnterpriseUpdate\" class=\"User\" displayName=\"$(string.EnableEnterpriseUpdate)\" explainText=\"$(string.EnableEnterpriseUpdate_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"EnableEnterpriseUpdate\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"DefaultRootDir\" class=\"User\" displayName=\"$(string.DefaultRootDir)\" explainText=\"$(string.DefaultRootDir_help)\" presentation=\"$(presentation.DefaultRootDir_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"DefaultRootDir\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003clist id=\"DefaultRootDirList\" key=\"Software\\Policies\\Microsoft\\OneDrive\\DefaultRootDir\" additive=\"true\" expandable=\"true\" explicitValue=\"true\" /\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"DisableCustomRoot\" class=\"User\" displayName=\"$(string.DisableCustomRoot)\" explainText=\"$(string.DisableCustomRoot_help)\" presentation=\"$(presentation.DisableCustomRoot_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"DisableCustomRoot\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003clist id=\"DisableCustomRootList\" key=\"Software\\Policies\\Microsoft\\OneDrive\\DisableCustomRoot\" additive=\"true\" explicitValue=\"true\"/\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"EnableAllOcsiClients\" class=\"User\" displayName=\"$(string.EnableAllOcsiClients)\" explainText=\"$(string.EnableAllOcsiClients_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"EnableAllOcsiClients\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"EnableHoldTheFile\" class=\"User\" displayName=\"$(string.EnableHoldTheFile)\" explainText=\"$(string.EnableHoldTheFile_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"EnableHoldTheFile\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"AutomaticUploadBandwidthPercentage\" class=\"Machine\" displayName=\"$(string.AutomaticUploadBandwidthPercentage)\" explainText=\"$(string.AutomaticUploadBandwidthPercentage_help)\" presentation=\"$(presentation.AutomaticUploadBandwidthPercentage_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003cdecimal id=\"BandwidthSpinBox\" valueName=\"AutomaticUploadBandwidthPercentage\" minValue=\"10\" maxValue=\"99\" /\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"UploadBandwidthLimit\" class=\"User\" displayName=\"$(string.UploadBandwidthLimit)\" explainText=\"$(string.UploadBandwidthLimit_help)\" presentation=\"$(presentation.UploadBandwidthLimit_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003cdecimal id=\"UploadRateValue\" valueName=\"UploadBandwidthLimit\" minValue=\"1\" maxValue=\"100000\" /\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"DownloadBandwidthLimit\" class=\"User\" displayName=\"$(string.DownloadBandwidthLimit)\" explainText=\"$(string.DownloadBandwidthLimit_help)\" presentation=\"$(presentation.DownloadBandwidthLimit_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003cdecimal id=\"DownloadRateValue\" valueName=\"DownloadBandwidthLimit\" minValue=\"1\" maxValue=\"100000\" /\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"RemoteAccessGPOEnabled\" class=\"User\" displayName=\"$(string.RemoteAccessGPOEnabled)\" explainText=\"$(string.RemoteAccessGPOEnabled_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"GPOEnabled\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"PreventNetworkTrafficPreUserSignIn\" class=\"Machine\" displayName=\"$(string.PreventNetworkTrafficPreUserSignIn)\" explainText=\"$(string.PreventNetworkTrafficPreUserSignIn_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"PreventNetworkTrafficPreUserSignIn\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"SilentAccountConfig\" class=\"Machine\" displayName=\"$(string.SilentAccountConfig)\" explainText=\"$(string.SilentAccountConfig_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"SilentAccountConfig\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"DiskSpaceCheckThresholdMB\" class=\"Machine\" displayName=\"$(string.DiskSpaceCheckThresholdMB)\" explainText=\"$(string.DiskSpaceCheckThresholdMB_help)\" presentation=\"$(presentation.DiskSpaceCheckThresholdMB_Pres)\" key=\"Software\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003clist id=\"DiskSpaceCheckThresholdMBList\" key=\"Software\\Policies\\Microsoft\\OneDrive\\DiskSpaceCheckThresholdMB\" additive=\"true\" explicitValue=\"true\"/\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"FilesOnDemandEnabled\" class=\"Machine\" displayName=\"$(string.FilesOnDemandEnabled)\" explainText=\"$(string.FilesOnDemandEnabled_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"FilesOnDemandEnabled\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows_10_0_RS3\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"DehydrateSyncedTeamSites\" class=\"Machine\" displayName=\"$(string.DehydrateSyncedTeamSites)\" explainText=\"$(string.DehydrateSyncedTeamSites_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"DehydrateSyncedTeamSites\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows_10_0_RS3\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e \n \u003cpolicy name=\"AllowTenantList\" class=\"Machine\" displayName=\"$(string.AllowTenantList)\" explainText=\"$(string.AllowTenantList_help)\" presentation=\"$(presentation.AllowTenantList_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003clist id=\"AllowTenantListBox\" key=\"Software\\Policies\\Microsoft\\OneDrive\\AllowTenantList\" additive=\"true\"/\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"BlockTenantList\" class=\"Machine\" displayName=\"$(string.BlockTenantList)\" explainText=\"$(string.BlockTenantList_help)\" presentation=\"$(presentation.BlockTenantList_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003clist id=\"BlockTenantListBox\" key=\"Software\\Policies\\Microsoft\\OneDrive\\BlockTenantList\" additive=\"true\"/\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"SharePointOnPremFrontDoorUrl\" class=\"Machine\" displayName=\"$(string.SharePointOnPremFrontDoorUrl)\" explainText=\"$(string.SharePointOnPremFrontDoorUrl_help)\" presentation=\"$(presentation.SharePointOnPremFrontDoorUrl_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003ctext id=\"SharePointOnPremFrontDoorUrlBox\" maxLength=\"2000\" required=\"true\" valueName=\"SharePointOnPremFrontDoorUrl\"/\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"SharePointOnPremPrioritization\" class=\"Machine\" displayName=\"$(string.SharePointOnPremPrioritization)\" explainText=\"$(string.SharePointOnPremPrioritization_help)\" presentation=\"$(presentation.SharePointOnPremPrioritization_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003cenum id=\"SharePointOnPremPrioritization_Dropdown\" valueName=\"SharePointOnPremPrioritization\"\u003e\n \u003citem displayName=\"$(string.PrioritizeSPO)\"\u003e\n \u003cvalue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/value\u003e\n \u003c/item\u003e\n \u003citem displayName=\"$(string.PrioritizeSharePointOnPrem)\"\u003e\n \u003cvalue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/value\u003e\n \u003c/item\u003e\n \u003c/enum\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"DisableFRETutorial\" class=\"User\" displayName=\"$(string.DisableFRETutorial)\" explainText=\"$(string.DisableFRETutorial_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"DisableTutorial\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"BlockKnownFolderMove\" class=\"Machine\" displayName=\"$(string.BlockKnownFolderMove)\" explainText=\"$(string.BlockKnownFolderMove_help)\" presentation=\"$(presentation.BlockKnownFolderMove_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003cenum id=\"BlockKnownFolderMove_Dropdown\" valueName=\"KFMBlockOptIn\"\u003e\n \u003citem displayName=\"$(string.KnownFolderMoveNoOptIn)\"\u003e\n \u003cvalue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/value\u003e\n \u003c/item\u003e\n \u003citem displayName=\"$(string.KnownFolderMoveUndoAndNoOptIn)\"\u003e\n \u003cvalue\u003e\n \u003cdecimal value=\"2\" /\u003e\n \u003c/value\u003e\n \u003c/item\u003e\n \u003c/enum\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"KFMOptInWithWizard\" class=\"Machine\" displayName=\"$(string.KFMOptInWithWizard)\" explainText=\"$(string.KFMOptInWithWizard_help)\" presentation=\"$(presentation.KFMOptInWithWizard_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003ctext id=\"KFMOptInWithWizard_TextBox\" maxLength=\"2000\" required=\"true\" valueName=\"KFMOptInWithWizard\"/\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"KFMOptInNoWizard\" class=\"Machine\" displayName=\"$(string.KFMOptInNoWizard)\" explainText=\"$(string.KFMOptInNoWizard_help)\" presentation=\"$(presentation.KFMOptInNoWizard_Pres)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003celements\u003e\n \u003ctext id=\"KFMOptInNoWizard_TextBox\" maxLength=\"2000\" required=\"true\" valueName=\"KFMSilentOptIn\"/\u003e\n \u003cenum id=\"KFMOptInNoWizard_Dropdown\" valueName=\"KFMSilentOptInWithNotification\"\u003e\n \u003citem displayName=\"$(string.KFMOptInNoWizardNoToast)\"\u003e\n \u003cvalue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/value\u003e\n \u003c/item\u003e\n \u003citem displayName=\"$(string.KFMOptInNoWizardToast)\"\u003e\n \u003cvalue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/value\u003e\n \u003c/item\u003e\n \u003c/enum\u003e\n \u003c/elements\u003e\n \u003c/policy\u003e\n \u003cpolicy name=\"KFMBlockOptOut\" class=\"Machine\" displayName=\"$(string.KFMBlockOptOut)\" explainText=\"$(string.KFMBlockOptOut_help)\" key=\"SOFTWARE\\Policies\\Microsoft\\OneDrive\" valueName=\"KFMBlockOptOut\"\u003e\n \u003cparentCategory ref=\"OneDriveNGSC\" /\u003e\n \u003csupportedOn ref=\"windows:SUPPORTED_Windows7\" /\u003e\n \u003cenabledValue\u003e\n \u003cdecimal value=\"1\" /\u003e\n \u003c/enabledValue\u003e\n \u003cdisabledValue\u003e\n \u003cdecimal value=\"0\" /\u003e\n \u003c/disabledValue\u003e\n \u003c/policy\u003e\n\u003c!-- Insert multi-tenant settings here --\u003e\n\u003c!-- See http://go.microsoft.com/fwlink/p/?LinkId=797547 for configuration instructions --\u003e\n\n \u003c/policies\u003e\n\u003c/policyDefinitions\u003e" | |
| }, | |
| { | |
| "@odata.type": "#microsoft.graph.omaSettingString", | |
| "displayName": "SilentAccountConfig", | |
| "description": "Silently configure OneDrive using the primary Windows account", | |
| "omaUri": "./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/SilentAccountConfig", | |
| "value": "\u003cenabled/\u003e" | |
| }, | |
| { | |
| "@odata.type": "#microsoft.graph.omaSettingString", | |
| "displayName": "KFMOptInNoWizard", | |
| "description": "Silently redirect Windows known folders to OneDrive", | |
| "omaUri": "./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/KFMOptInNoWizard", | |
| "value": "\u003cenabled/\u003e\n\u003cdata id=\"KFMOptInNoWizard_TextBox\" value=\"TenantID\"/\u003e\n\u003cdata id=\"KFMOptInNoWizard_Dropdown\" value=\"0\"/\u003e" | |
| }, | |
| { | |
| "@odata.type": "#microsoft.graph.omaSettingString", | |
| "displayName": "KFMBlockOptOut ", | |
| "description": "Prevent users from redirecting their Windows known folders to their PC ", | |
| "omaUri": "./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/KFMBlockOptOut", | |
| "value": "\u003cenabled/\u003e" | |
| }, | |
| { | |
| "@odata.type": "#microsoft.graph.omaSettingString", | |
| "displayName": "FilesOnDemandEnabled", | |
| "description": "Enable OneDrive Files On-Demand", | |
| "omaUri": "./Device/Vendor/MSFT/Policy/Config/OneDriveNGSC~Policy~OneDriveNGSC/FilesOnDemandEnabled", | |
| "value": "\u003cenabled/\u003e" | |
| } | |
| ] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Version 3.0 | |
| <# | |
| .SYNOPSIS | |
| Import an Enpoing Manager (Intune) Device configuration | |
| .DESCRIPTION | |
| Import an Enpoing Manager (Intune) Device configuration from an existing JSON File | |
| .PARAMETER User | |
| User Principal Name (UPN) | |
| e.g. [email protected] | |
| .PARAMETER Path | |
| Please specify a path to a JSON file to import data from | |
| e.g. C:\IntuneOutput\Policies\policy.json | |
| .EXAMPLE | |
| PS C:\> .\DeviceConfiguration_Import_FromJSON.ps1 | |
| Import an Enpoing Manager (Intune) Device configuration from an existing JSON File | |
| The script will ask for the User (admin) and JSON File | |
| .EXAMPLE | |
| PS C:\> .\DeviceConfiguration_Import_FromJSON.ps1 -User '[email protected]' | |
| Import an Enpoing Manager (Intune) Device configuration from an existing JSON File | |
| The user '[email protected]' will be used and the script will ask for JSON File | |
| .EXAMPLE | |
| PS C:\> .\DeviceConfiguration_Import_FromJSON.ps1 -Path 'C:\IntuneOutput\Policies\policy.json' | |
| Import an Enpoing Manager (Intune) Device configuration from an existing JSON File | |
| The JSON File 'C:\IntuneOutput\Policies\policy.json' will be used, the script will ask for the User (admin) | |
| .EXAMPLE | |
| PS C:\> .\DeviceConfiguration_Import_FromJSON.ps1 -User '[email protected]' -Path 'C:\IntuneOutput\Policies\policy.json' | |
| Import an Enpoing Manager (Intune) Device configuration from an existing JSON File | |
| The admin user '[email protected]' and the JSON File 'C:\IntuneOutput\Policies\policy.json' will be used | |
| .NOTES | |
| Tweaked version of the Microsoft sample script | |
| Please check the JSON File (TenantID) | |
| .LINK | |
| https://github.com/microsoftgraph/powershell-intune-samples/blob/master/DeviceConfiguration/DeviceConfiguration_Import_FromJSON.ps1 | |
| .COPYRIGHT | |
| Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. | |
| #> | |
| [CmdletBinding(ConfirmImpact = 'Low')] | |
| param | |
| ( | |
| [AllowNull()] | |
| [AllowEmptyString()] | |
| [AllowEmptyCollection()] | |
| [Alias('UserPrincipalName', 'UPN')] | |
| [string] | |
| $User = $null, | |
| [AllowNull()] | |
| [AllowEmptyString()] | |
| [AllowEmptyCollection()] | |
| [Alias('JSONFile', 'JSON')] | |
| [string] | |
| $Path = $null | |
| ) | |
| #region HelperFunctions | |
| function Get-AuthToken | |
| { | |
| <# | |
| .SYNOPSIS | |
| This function is used to authenticate with the Graph API REST interface | |
| .DESCRIPTION | |
| The function authenticate with the Graph API Interface with the tenant name | |
| .PARAMETER User | |
| User Principal Name (UPN) | |
| e.g. [email protected] | |
| .EXAMPLE | |
| PS C:\> Get-AuthToken | |
| Authenticates you with the Graph API interface | |
| .COPYRIGHT | |
| Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. | |
| .LINK | |
| https://github.com/microsoftgraph/powershell-intune-samples/blob/master/DeviceConfiguration/DeviceConfiguration_Import_FromJSON.ps1 | |
| .NOTES | |
| Tweaked version of the Microsoft sample cmdlet | |
| #> | |
| [CmdletBinding(ConfirmImpact = 'None')] | |
| param | |
| ( | |
| [Parameter(Mandatory, | |
| HelpMessage = 'User Principal Name (UPN)')] | |
| [ValidateNotNull()] | |
| [ValidateNotNullOrEmpty()] | |
| [Alias('UserPrincipalName', 'UPN')] | |
| [string] | |
| $User | |
| ) | |
| $null = (Add-Type -AssemblyName Microsoft.IdentityModel.Clients.ActiveDirectory) | |
| $userUpn = (New-Object -TypeName 'System.Net.Mail.MailAddress' -ArgumentList $User) | |
| $tenant = ($userUpn.Host) | |
| Write-Output -InputObject 'Checking for AzureAD module...' | |
| $paramGetModule = @{ | |
| Name = 'AzureAD' | |
| ListAvailable = $true | |
| ErrorAction = 'SilentlyContinue' | |
| } | |
| $AadModule = (Get-Module @paramGetModule) | |
| if ($AadModule -eq $null) | |
| { | |
| Write-Verbose -Message 'AzureAD PowerShell module not found, looking for AzureADPreview' | |
| $paramGetModule = @{ | |
| Name = 'AzureADPreview' | |
| ListAvailable = $true | |
| ErrorAction = 'SilentlyContinue' | |
| } | |
| $AadModule = (Get-Module @paramGetModule) | |
| } | |
| if ($AadModule -eq $null) | |
| { | |
| $paramWriteError = @{ | |
| Exception = 'AzureAD Powershell module not installed' | |
| Message = 'AzureAD Powershell module not installed...' | |
| Category = 'NotInstalled' | |
| RecommendedAction = "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" | |
| ErrorAction = 'Stop' | |
| } | |
| Write-Error @paramWriteError | |
| exit 1 | |
| } | |
| # Getting path to ActiveDirectory Assemblies | |
| # If the module count is greater than 1 find the latest version | |
| if ($AadModule.count -gt 1) | |
| { | |
| $Latest_Version = ($AadModule | Select-Object -ExpandProperty version | Sort-Object)[-1] | |
| $AadModule = $AadModule | Where-Object -FilterScript { | |
| $_.version -eq $Latest_Version | |
| } | |
| # Checking if there are multiple versions of the same module found | |
| if ($AadModule.count -gt 1) | |
| { | |
| $AadModule = $AadModule | Select-Object -Unique | |
| } | |
| $paramJoinPath = @{ | |
| Path = $AadModule.ModuleBase | |
| ChildPath = 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' | |
| } | |
| $adal = (Join-Path @paramJoinPath) | |
| $paramJoinPath = @{ | |
| Path = $AadModule.ModuleBase | |
| ChildPath = 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll' | |
| } | |
| $adalforms = (Join-Path @paramJoinPath) | |
| } | |
| else | |
| { | |
| $paramJoinPath = @{ | |
| Path = $AadModule.ModuleBase | |
| ChildPath = 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' | |
| } | |
| $adal = (Join-Path @paramJoinPath) | |
| $paramJoinPath = @{ | |
| Path = $AadModule.ModuleBase | |
| ChildPath = 'Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll' | |
| } | |
| $adalforms = (Join-Path @paramJoinPath) | |
| } | |
| $null = [Reflection.Assembly]::LoadFrom($adal) | |
| $null = [Reflection.Assembly]::LoadFrom($adalforms) | |
| $clientId = 'd1ddf0e4-d672-4dae-b554-9d5bdfd93547' | |
| $redirectUri = 'urn:ietf:wg:oauth:2.0:oob' | |
| $resourceAppIdURI = 'https://graph.microsoft.com' | |
| $authority = ('https://login.microsoftonline.com/' + $tenant) | |
| try | |
| { | |
| $authContext = (New-Object -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' -ArgumentList $authority) | |
| # https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx | |
| # Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession | |
| $platformParameters = (New-Object -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters' -ArgumentList 'Auto') | |
| $userId = (New-Object -TypeName 'Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier' -ArgumentList ($User, 'OptionalDisplayableId')) | |
| $authResult = ($authContext.AcquireTokenAsync($resourceAppIdURI, $clientId, $redirectUri, $platformParameters, $userId).Result) | |
| # If the accesstoken is valid then create the authentication header | |
| if ($authResult.AccessToken) | |
| { | |
| # Creating header for Authorization token | |
| $authHeader = @{ | |
| 'Content-Type' = 'application/json' | |
| 'Authorization' = 'Bearer ' + $authResult.AccessToken | |
| 'ExpiresOn' = $authResult.ExpiresOn | |
| } | |
| return $authHeader | |
| } | |
| else | |
| { | |
| $paramWriteError = @{ | |
| Exception = 'Authorization Access Token is null' | |
| Message = 'Authorization Access Token is null, please re-run authentication' | |
| Category = 'AuthenticationError' | |
| RecommendedAction = 'please re-run authentication' | |
| ErrorAction = 'Stop' | |
| } | |
| Write-Error @paramWriteError | |
| break | |
| } | |
| } | |
| catch | |
| { | |
| #region ErrorHandler | |
| # get error record | |
| [Management.Automation.ErrorRecord]$e = $_ | |
| # retrieve information about runtime error | |
| $info = [PSCustomObject]@{ | |
| Exception = $e.Exception.Message | |
| Reason = $e.CategoryInfo.Reason | |
| Target = $e.CategoryInfo.TargetName | |
| Script = $e.InvocationInfo.ScriptName | |
| Line = $e.InvocationInfo.ScriptLineNumber | |
| Column = $e.InvocationInfo.OffsetInLine | |
| } | |
| # output information. Post-process collected info, and log info (optional) | |
| $info | Out-String | Write-Verbose | |
| $paramWriteError = @{ | |
| Message = $e.Exception.Message | |
| ErrorAction = 'Stop' | |
| Exception = $e.Exception | |
| TargetObject = $e.CategoryInfo.TargetName | |
| } | |
| Write-Error @paramWriteError | |
| # Only here to catch a global ErrorAction overwrite | |
| break | |
| #endregion ErrorHandler | |
| } | |
| } | |
| function Add-DeviceConfigurationPolicy | |
| { | |
| <# | |
| .SYNOPSIS | |
| This function is used to add an device configuration policy using the Graph API REST interface | |
| .DESCRIPTION | |
| The function connects to the Graph API Interface and adds a device configuration policy | |
| .PARAMETER JSON | |
| JSON File | |
| .EXAMPLE | |
| PS C:\> Add-DeviceConfigurationPolicy -JSON $JSON | |
| Adds a device configuration policy in Intune | |
| .COPYRIGHT | |
| Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. | |
| .NOTES | |
| Tweaked version of the Microsoft sample cmdlet | |
| .LINK | |
| https://github.com/microsoftgraph/powershell-intune-samples/blob/master/DeviceConfiguration/DeviceConfiguration_Import_FromJSON.ps1 | |
| #> | |
| [CmdletBinding(ConfirmImpact = 'None')] | |
| param | |
| ( | |
| [ValidateNotNull()] | |
| [ValidateNotNullOrEmpty()] | |
| [string] | |
| $JSON = $null | |
| ) | |
| $graphApiVersion = 'Beta' | |
| $DCP_resource = 'deviceManagement/deviceConfigurations' | |
| Write-Verbose -Message ('Resource: ' + $DCP_resource) | |
| try | |
| { | |
| if ($JSON -eq '' -or $JSON -eq $null) | |
| { | |
| $paramWriteError = @{ | |
| Message = 'No JSON specified, please specify valid JSON for the Device Configuration Policy...' | |
| ErrorAction = 'Stop' | |
| } | |
| Write-Error @paramWriteError | |
| } | |
| else | |
| { | |
| Test-Json -Json $JSON | |
| $uri = ('https://graph.microsoft.com/{0}/{1}' -f $graphApiVersion, ($DCP_resource)) | |
| $paramInvokeRestMethod = @{ | |
| Uri = $uri | |
| Headers = $authToken | |
| Method = 'Post' | |
| Body = $JSON | |
| ContentType = 'application/json' | |
| } | |
| Invoke-RestMethod @paramInvokeRestMethod | |
| } | |
| } | |
| catch | |
| { | |
| $ex = $_.Exception | |
| $errorResponse = $ex.Response.GetResponseStream() | |
| $reader = (New-Object -TypeName System.IO.StreamReader -ArgumentList ($errorResponse)) | |
| $reader.BaseStream.Position = 0 | |
| $reader.DiscardBufferedData() | |
| $responseBody = $reader.ReadToEnd() | |
| Write-Verbose -Message ('Response content: {0}' -f $responseBody) | |
| $paramWriteError = @{ | |
| Message = ('Request to {0} failed with HTTP Status {1} {2}' -f $uri, $ex.Response.StatusCode, $ex.Response.StatusDescription) | |
| } | |
| Write-Error @paramWriteError | |
| break | |
| } | |
| } | |
| function Test-JSON | |
| { | |
| <# | |
| .SYNOPSIS | |
| This function is used to test if the JSON passed to a REST Post request is valid | |
| .DESCRIPTION | |
| The function tests if the JSON passed to the REST Post is valid | |
| .PARAMETER JSON | |
| JSON File | |
| .EXAMPLE | |
| PS C:\> Test-JSON -JSON $JSON | |
| Test if the JSON is valid before calling the Graph REST interface | |
| .COPYRIGHT | |
| Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license. | |
| .NOTES | |
| Tweaked version of the Microsoft sample cmdlet | |
| .LINK | |
| https://github.com/microsoftgraph/powershell-intune-samples/blob/master/DeviceConfiguration/DeviceConfiguration_Import_FromJSON.ps1 | |
| #> | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [ValidateNotNull()] | |
| [ValidateNotNullOrEmpty()] | |
| [string] | |
| $JSON = $null | |
| ) | |
| try | |
| { | |
| $paramConvertFromJson = @{ | |
| InputObject = $JSON | |
| ErrorAction = 'Stop' | |
| } | |
| $TestJSON = (ConvertFrom-Json @paramConvertFromJson) | |
| Write-Verbose -Message $TestJSON | |
| $validJson = $true | |
| } | |
| catch | |
| { | |
| #region ErrorHandler | |
| # get error record | |
| [Management.Automation.ErrorRecord]$e = $_ | |
| # retrieve information about runtime error | |
| $info = [PSCustomObject]@{ | |
| Exception = $e.Exception.Message | |
| Reason = $e.CategoryInfo.Reason | |
| Target = $e.CategoryInfo.TargetName | |
| Script = $e.InvocationInfo.ScriptName | |
| Line = $e.InvocationInfo.ScriptLineNumber | |
| Column = $e.InvocationInfo.OffsetInLine | |
| } | |
| # output information. Post-process collected info, and log info (optional) | |
| $info | Out-String | Write-Verbose | |
| #endregion ErrorHandler | |
| Write-Warning -Message $_.Exception | |
| $validJson = $false | |
| } | |
| if ((-not ($validJson)) -or ($validJson -eq $false)) | |
| { | |
| $paramWriteError = @{ | |
| Exception = 'Ivalid JSON format' | |
| Message = "Provided JSON isn't in valid JSON format" | |
| Category = 'InvalidData' | |
| ErrorAction = 'Stop' | |
| } | |
| Write-Error @paramWriteError | |
| break | |
| } | |
| } | |
| #endregion HelperFunctions | |
| #region Authentication | |
| # Checking if authToken exists before running authentication | |
| if ($global:authToken) | |
| { | |
| # Setting DateTime to Universal time to work in all timezones | |
| $DateTime = ((Get-Date).ToUniversalTime()) | |
| # If the authToken exists checking when it expires | |
| $TokenExpires = (($authToken.ExpiresOn.datetime - $DateTime).Minutes) | |
| if ($TokenExpires -le 0) | |
| { | |
| $paramWriteWarning = @{ | |
| Message = ('Authentication Token expired' + $TokenExpires + 'minutes ago') | |
| WarningAction = 'Continue' | |
| } | |
| Write-Warning @paramWriteWarning | |
| # Defining User Principal Name if not present | |
| if ($User -eq $null -or $User -eq '') | |
| { | |
| $User = Read-Host -Prompt 'Please specify your user principal name for Azure Authentication' | |
| } | |
| $global:authToken = (Get-AuthToken -User $User) | |
| } | |
| } | |
| else | |
| { | |
| # Authentication doesn't exist, calling Get-AuthToken function | |
| if ($User -eq $null -or $User -eq '') | |
| { | |
| $User = Read-Host -Prompt 'Please specify your user principal name for Azure Authentication' | |
| } | |
| # Getting the authorization token | |
| $global:authToken = (Get-AuthToken -User $User) | |
| } | |
| #endregion Authentication | |
| #region JSONHandler | |
| if ($Path) | |
| { | |
| $ImportPath = $Path | |
| } | |
| else | |
| { | |
| $ImportPath = Read-Host -Prompt 'Please specify a path to a JSON file to import data from e.g. C:\IntuneOutput\Policies\policy.json' | |
| # Replacing quotes for Test-Path | |
| $ImportPath = $ImportPath.replace('"', '') | |
| } | |
| if (-not (Test-Path -Path $ImportPath)) | |
| { | |
| $paramWriteError = @{ | |
| Exception = "Import Path for JSON file doesn't exist..." | |
| Message = "Import Path for JSON file doesn't exist. Script can't continue!" | |
| Category = 'ObjectNotFound' | |
| TargetObject = $ImportPath | |
| ErrorAction = 'Stop' | |
| } | |
| Write-Error @paramWriteError | |
| break | |
| } | |
| $paramGetContent = @{ | |
| Path = $ImportPath | |
| Force = $true | |
| Encoding = 'utf8' | |
| } | |
| $JSON_Data = (Get-Content @paramGetContent) | |
| # Excluding entries that are not required - id,createdDateTime,lastModifiedDateTime,version | |
| $JSON_Convert = ($JSON_Data | ConvertFrom-Json | Select-Object -Property * -ExcludeProperty id, createdDateTime, lastModifiedDateTime, version, supportsScopeTags) | |
| $DisplayName = ($JSON_Convert.displayName) | |
| $JSON_Output = ($JSON_Convert | ConvertTo-Json -Depth 5) | |
| #endregion JSONHandler | |
| Write-Output -InputObject ("Device Configuration Policy '{0}' Found..." -f $DisplayName) | |
| Write-Verbose -Message $JSON_Output | |
| Write-Output -InputObject ("Adding Device Configuration Policy '{0}'" -f $DisplayName) | |
| Add-DeviceConfigurationPolicy -JSON $JSON_Output |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment