Skip to content

Commit 548f03d

Browse files
JohnDupreyJohnDuprey
authored
Merge pull request KelvinTegelaar#1671 from kris6673/defender-edr-assignment
Fix: Remove deprecated option and refactor EDR assignment logic
2 parents 7ba441a + fb8f129 commit 548f03d

File tree

1 file changed

+4
-18
lines changed

1 file changed

+4
-18
lines changed

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1

Lines changed: 4 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -228,22 +228,7 @@ function Invoke-AddDefenderDeployment {
228228
}
229229
}
230230
}
231-
{ $_.Telemetry } {
232-
@{
233-
'@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting'
234-
settingInstance = @{
235-
'@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance'
236-
settingDefinitionId = 'device_vendor_msft_windowsadvancedthreatprotection_configuration_telemetryreportingfrequency'
237-
choiceSettingValue = @{
238-
settingValueTemplateReference = @{settingValueTemplateId = '350b0bea-b67b-43d4-9a04-c796edb961fd' }
239-
'@odata.type' = '#microsoft.graph.deviceManagementConfigurationChoiceSettingValue'
240-
'value' = 'device_vendor_msft_windowsadvancedthreatprotection_configuration_telemetryreportingfrequency_2'
241-
}
242-
settingInstanceTemplateReference = @{settingInstanceTemplateId = '03de6095-07c4-4f35-be38-c1cd3bae4484' }
243-
}
244-
}
245231

246-
}
247232
{ $_.Config } {
248233
@{
249234
'@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting'
@@ -279,10 +264,11 @@ function Invoke-AddDefenderDeployment {
279264
"$($tenant): EDR Policy already exists. Skipping"
280265
} else {
281266
$EDRRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant -type POST -body $EDRbody
282-
if ($ASR -and $ASR.AssignTo -ne 'none') {
283-
$AssignBody = if ($ASR.AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($asr.AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' }
267+
# Assign if needed
268+
if ($EDR.AssignTo -and $EDR.AssignTo -ne 'none') {
269+
$AssignBody = if ($EDR.AssignTo -ne 'AllDevicesAndUsers') { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.' + $($EDR.AssignTo) + 'AssignmentTarget"}}]}' } else { '{"assignments":[{"id":"","target":{"@odata.type":"#microsoft.graph.allDevicesAssignmentTarget"}},{"id":"","target":{"@odata.type":"#microsoft.graph.allLicensedUsersAssignmentTarget"}}]}' }
284270
$null = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies('$($EDRRequest.id)')/assign" -tenantid $tenant -type POST -body $AssignBody
285-
Write-LogMessage -headers $Headers -API $APINAME -tenant $($tenant) -message "Assigned EDR policy $($DisplayName) to $($ASR.AssignTo)" -Sev 'Info'
271+
Write-LogMessage -headers $Headers -API $APIName -tenant $($tenant) -message "Assigned EDR policy $($DisplayName) to $($EDR.AssignTo)" -Sev 'Info'
286272
}
287273
"$($tenant): Successfully added EDR Settings"
288274
}

0 commit comments

Comments
 (0)