feat: add feature update policy

also fix issue with spaces between commas for group assignment for esco

Author: JohnDuprey

Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntunePolicy.ps1

@@ -38,6 +38,11 @@ Function Invoke-ListIntunePolicy {
                     method = 'GET'
                     url    = "/deviceManagement/windowsDriverUpdateProfiles?`$expand=assignments&top=200"
                 }
+                @{
+                    id     = 'WindowsFeatureUpdateProfiles'
+                    method = 'GET'
+                    url    = "/deviceManagement/windowsFeatureUpdateProfiles?`$expand=assignments&top=200"
+                }
                 @{
                     id     = 'GroupPolicyConfigurations'
                     method = 'GET'
@@ -58,48 +63,49 @@ Function Invoke-ListIntunePolicy {
             $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter
 
             $GraphRequest = $BulkResults | ForEach-Object {
-                    $URLName = $_.Id
-                    $_.body.Value | ForEach-Object {
-                        $policyTypeName = switch -Wildcard ($_.'[email protected]') {
-                            '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' }
-                            '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' }
-                            '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' }
-                            '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' }
-                            '*groupPolicyConfigurations*' { 'Administrative Templates' }
-                            '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' }
-                            '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' }
-                            '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' }
-                            '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' }
-                            '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' }
-                            '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' }
-                            default { $_.'[email protected]' }
-                        }
-                        $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId
-                        $PolicyAssignment = [System.Collections.Generic.List[string]]::new()
-                        $PolicyExclude = [System.Collections.Generic.List[string]]::new()
-                        ForEach ($target in $Assignments) {
-                            switch ($target.'@odata.type') {
-                                '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') }
-                                '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') }
-                                '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') }
-                                '#microsoft.graph.allLicensedUsersAssignmentTarget' { $PolicyAssignment.Add('All Licenced Users') }
-                                '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') }
-                                '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) }
-                                '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) }
-                                default {
-                                    $PolicyAssignment.Add($null)
-                                    $PolicyExclude.Add($null)
-                                }
+                $URLName = $_.Id
+                $_.body.Value | ForEach-Object {
+                    $policyTypeName = switch -Wildcard ($_.'[email protected]') {
+                        '*microsoft.graph.windowsIdentityProtectionConfiguration*' { 'Identity Protection' }
+                        '*microsoft.graph.windows10EndpointProtectionConfiguration*' { 'Endpoint Protection' }
+                        '*microsoft.graph.windows10CustomConfiguration*' { 'Custom' }
+                        '*microsoft.graph.windows10DeviceFirmwareConfigurationInterface*' { 'Firmware Configuration' }
+                        '*groupPolicyConfigurations*' { 'Administrative Templates' }
+                        '*windowsDomainJoinConfiguration*' { 'Domain Join configuration' }
+                        '*windowsUpdateForBusinessConfiguration*' { 'Update Configuration' }
+                        '*windowsHealthMonitoringConfiguration*' { 'Health Monitoring' }
+                        '*microsoft.graph.macOSGeneralDeviceConfiguration*' { 'MacOS Configuration' }
+                        '*microsoft.graph.macOSEndpointProtectionConfiguration*' { 'MacOS Endpoint Protection' }
+                        '*microsoft.graph.androidWorkProfileGeneralDeviceConfiguration*' { 'Android Configuration' }
+                        '*windowsFeatureUpdateProfiles*' { 'Feature Update' }
+                        default { $_.'[email protected]' }
+                    }
+                    $Assignments = $_.assignments.target | Select-Object -Property '@odata.type', groupId
+                    $PolicyAssignment = [System.Collections.Generic.List[string]]::new()
+                    $PolicyExclude = [System.Collections.Generic.List[string]]::new()
+                    ForEach ($target in $Assignments) {
+                        switch ($target.'@odata.type') {
+                            '#microsoft.graph.allDevicesAssignmentTarget' { $PolicyAssignment.Add('All Devices') }
+                            '#microsoft.graph.exclusionallDevicesAssignmentTarget' { $PolicyExclude.Add('All Devices') }
+                            '#microsoft.graph.allUsersAssignmentTarget' { $PolicyAssignment.Add('All Users') }
+                            '#microsoft.graph.allLicensedUsersAssignmentTarget' { $PolicyAssignment.Add('All Licenced Users') }
+                            '#microsoft.graph.exclusionallUsersAssignmentTarget' { $PolicyExclude.Add('All Users') }
+                            '#microsoft.graph.groupAssignmentTarget' { $PolicyAssignment.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) }
+                            '#microsoft.graph.exclusionGroupAssignmentTarget' { $PolicyExclude.Add($Groups.Where({ $_.id -eq $target.groupId }).displayName) }
+                            default {
+                                $PolicyAssignment.Add($null)
+                                $PolicyExclude.Add($null)
                             }
                         }
-                        if ($null -eq $_.displayname) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name }
-                        $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName
-                        $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName
-                        $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ')
-                        $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ')
-                        $_
-                    } | Where-Object { $null -ne $_.DisplayName }
-                }
+                    }
+                    if ($null -eq $_.displayname) { $_ | Add-Member -NotePropertyName displayName -NotePropertyValue $_.name }
+                    $_ | Add-Member -NotePropertyName PolicyTypeName -NotePropertyValue $policyTypeName
+                    $_ | Add-Member -NotePropertyName URLName -NotePropertyValue $URLName
+                    $_ | Add-Member -NotePropertyName PolicyAssignment -NotePropertyValue ($PolicyAssignment -join ', ')
+                    $_ | Add-Member -NotePropertyName PolicyExclude -NotePropertyValue ($PolicyExclude -join ', ')
+                    $_
+                } | Where-Object { $null -ne $_.DisplayName }
+            }
         }
 
         # Filter the results to sort out linux scripts

Modules/CIPPCore/Public/New-CIPPIntuneTemplate.ps1

@@ -97,6 +97,12 @@ function New-CIPPIntuneTemplate {
 
             $TemplateJson = (ConvertTo-Json -InputObject $inputvar -Depth 100 -Compress)
         }
+        'windowsFeatureUpdateProfiles' {
+            $Type = 'windowsFeatureUpdateProfiles'
+            $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)/$($ID)" -tenantid $tenantfilter | Select-Object * -ExcludeProperty id, lastModifiedDateTime, '@odata.context', 'ScopeTagIds', 'supportsScopeTags', 'createdDateTime'
+            $DisplayName = $Template.displayName
+            $TemplateJson = ConvertTo-Json -InputObject $Template -Depth 100 -Compress
+        }
     }
     return [PSCustomObject]@{
         TemplateJson = $TemplateJson

Modules/CIPPCore/Public/Set-CIPPAssignedPolicy.ps1

@@ -52,15 +52,15 @@ function Set-CIPPAssignedPolicy {
             }
             default {
                 Write-Host "We're supposed to assign a custom group. The group is $GroupName"
-                $GroupNames = $GroupName.Split(',')
+                $GroupNames = $GroupName -split '\s,\s'
                 $GroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter |
-                ForEach-Object {
-                    foreach ($SingleName in $GroupNames) {
-                        if ($_.displayName -like $SingleName) {
-                            $_.id
+                    ForEach-Object {
+                        foreach ($SingleName in $GroupNames) {
+                            if ($_.displayName -like $SingleName) {
+                                $_.id
+                            }
                         }
                     }
-                }
                 foreach ($gid in $GroupIds) {
                     $assignmentsList.Add(
                         @{
@@ -75,15 +75,15 @@ function Set-CIPPAssignedPolicy {
         }
         if ($ExcludeGroup) {
             Write-Host "We're supposed to exclude a custom group. The group is $ExcludeGroup"
-            $ExcludeGroupNames = $ExcludeGroup.Split(',')
+            $ExcludeGroupNames = $GroupName -split '\s,\s'
             $ExcludeGroupIds = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName&$top=999' -tenantid $TenantFilter |
-            ForEach-Object {
-                foreach ($SingleName in $ExcludeGroupNames) {
-                    if ($_.displayName -like $SingleName) {
-                        $_.id
+                ForEach-Object {
+                    foreach ($SingleName in $ExcludeGroupNames) {
+                        if ($_.displayName -like $SingleName) {
+                            $_.id
+                        }
                     }
                 }
-            }
 
             foreach ($egid in $ExcludeGroupIds) {
                 $assignmentsList.Add(

Modules/CIPPCore/Public/Set-CIPPIntunePolicy.ps1

@@ -135,6 +135,25 @@ function Set-CIPPIntunePolicy {
                     Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
                 }
             }
+            'windowsFeatureUpdateProfiles' {
+                $PlatformType = 'deviceManagement'
+                $TemplateTypeURL = 'windowsFeatureUpdateProfiles'
+                $File = ($RawJSON | ConvertFrom-Json)
+                $DisplayName = $File.displayName ?? $File.Name
+                $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/$PlatformType/$TemplateTypeURL" -tenantid $tenantFilter
+                if ($DisplayName -in $CheckExististing.displayName) {
+                    $PostType = 'edited'
+                    $ExistingID = $CheckExististing | Where-Object -Property displayName -EQ $displayname
+                    Write-Host 'We are editing'
+                    $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$PlatformType/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenantFilter -type PUT -body $RawJSON
+                    $CreateRequest = $CheckExististing | Where-Object -Property displayName -EQ $DisplayName
+
+                } else {
+                    $PostType = 'added'
+                    $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/$PlatformType/$TemplateTypeURL" -tenantid $tenantFilter -type POST -body $RawJSON
+                    Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "Added policy $($DisplayName) via template" -Sev 'info'
+                }
+            }
 
         }
         Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenantFilter) -message "$($PostType) policy $($Displayname)" -Sev 'Info'