MemPolicyManager Documentation

Syntax

Backup-EmMdmAppConfiguration [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ExportPath		The directory path where the App Configuration policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmAppConfigurationAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmAppConfiguration -ExportPath "C:\Backup\AppConfigurations"
This example connects to Microsoft Graph, retrieves Intune App Configuration policies, and exports them to the specified directory "C:\Backup\AppConfigurations" as JSON files.

EXAMPLE 2

$authObject = Get-EmMdmGraphAuth -ClientSecretId "your-client-id" -ClientSecretTenantId "your-tenant-id" -ClientSecretValue "your-client-secret"
PS> Backup-EmMdmAppConfiguration -ExportPath "C:\Backup\AppConfigurations" -AuthObject $authObject
This example creates an authentication object using Client Secret authentication and uses it to connect to Microsoft Graph, retrieve Intune App Configuration policies, and export them to the specified directory.

Top of page

Syntax

Backup-EmMdmAppProtection [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ExportPath		The directory path where the App Protection policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmAppProtectionAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmAppProtection -ExportPath "C:\Backup\AppProtections"
This example connects to Microsoft Graph, retrieves Intune App Protection policies, and exports them to the specified directory "C:\Backup\AppProtections" as JSON files.

Top of page

Backup-EmMdmCompliance

Backs up Intune Device Compliance policies to a specified export path.

The Backup-EmMdmCompliance cmdlet connects to Microsoft Graph, retrieves Intune Device Compliance policies, and exports them to the specified directory as JSON files. The cmdlet supports filtering policies by operating system and allows selecting between 'beta' and 'v1.0' versions of the Graph API. The cmdlet includes confirmation prompts for actions with high impact.

Syntax

Backup-EmMdmCompliance [-ExportPath] <String> [[-OperatingSystem] <String>] [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ExportPath		The directory path where the Device Compliance policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-OperatingSystem		The operating system filter for the compliance policies. Valid values are "android", "iOS", "Win10", "macos", and "all". The default value is "all".	false	false	all
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] This cmdlet returns the export path upon successful completion.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmComplianceAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmCompliance -ExportPath "C:\Backup\CompliancePolicies" -OperatingSystem "Win10"
This example connects to Microsoft Graph, retrieves Windows 10 Device Compliance policies, and exports them to the specified directory "C:\Backup\CompliancePolicies" as JSON files.

EXAMPLE 2

Backup-EmMdmCompliance -ExportPath "C:\Backup\CompliancePolicies" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version, retrieves all Device Compliance policies, and exports them to the specified directory "C:\Backup\CompliancePolicies" as JSON files.

Top of page

Backup-EmMdmConfiguration

Backs up Intune Device Configuration policies to a specified export path.

The Backup-EmMdmConfiguration cmdlet connects to Microsoft Graph, retrieves Intune Device Configuration policies, and exports them to the specified directory as JSON files. The cmdlet supports filtering policies by device type and allows selecting between 'beta' and 'v1.0' versions of the Graph API. The cmdlet includes confirmation prompts for actions with high impact.

Syntax

Backup-EmMdmConfiguration [[-DeviceType] <String>] [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-DeviceType		The device type filter for the configuration policies. Valid values are "windows81", "macOSExtensions", "macOSCustom", "macOSDeviceFeatures", "macOSGeneral", "macOSSoftwareUpdate", "macOSEndpointProtection", "androidWorkProfileGeneral", "androidWorkProfileVpn", "windowsHealthMonitoring", "windows81SCEP", "windows10Custom", "windows10EndpointProtection", "windows10General", and "all". The default value is "all".	false	false	all
-ExportPath		The directory path where the Device Configuration policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EMMdmConfigurationAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmConfiguration -DeviceType "windows10General" -ExportPath "C:\Backup\DeviceConfigurations"
This example connects to Microsoft Graph, retrieves Windows 10 General Device Configuration policies, and exports them to the specified directory "C:\Backup\DeviceConfigurations" as JSON files.

EXAMPLE 2

Backup-EmMdmConfiguration -DeviceType "all" -ExportPath "C:\Backup\DeviceConfigurations" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version, retrieves all Device Configuration policies, and exports them to the specified directory "C:\Backup\DeviceConfigurations" as JSON files.

Top of page

Syntax

Backup-EmMdmEndpointSecurity [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ExportPath		The directory path where the Endpoint Security policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmEndpointSecurityTemplate - Get-EmDMIntent - Get-EmDMTemplateSettingCategory - Get-EmDMSettingInstance - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmEndpointSecurity -ExportPath "C:\Backup\EndpointSecurity"
This example connects to Microsoft Graph, retrieves Intune Endpoint Security policies, and exports them to the specified directory "C:\Backup\EndpointSecurity" as JSON files.

EXAMPLE 2

Backup-EmMdmEndpointSecurity -ExportPath "C:\Backup\EndpointSecurity" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version, retrieves Intune Endpoint Security policies, and exports them to the specified directory "C:\Backup\EndpointSecurity" as JSON files.

Top of page

Syntax

Backup-EmMdmSettingsCatalog [-ExportPath] <String> [[-Platform] <String>] [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ExportPath		The directory path where the Settings Catalog policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-Platform		The platform for which to retrieve policies. Valid values are "windows10" and "macOS". The default value is null, which retrieves policies for all platforms.	false	false
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmSettingsCatalogAPI - Get-EmMdmSettingsCatalogSettingsAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmSettingsCatalog -ExportPath "C:\Backup\SettingsCatalog"
This example connects to Microsoft Graph, retrieves Intune Settings Catalog policies, and exports them to the specified directory "C:\Backup\SettingsCatalog" as JSON files.

EXAMPLE 2

Backup-EmMdmSettingsCatalog -ExportPath "C:\Backup\SettingsCatalog" -Platform "windows10"
This example connects to Microsoft Graph, retrieves Intune Settings Catalog policies for Windows 10, and exports them to the specified directory "C:\Backup\SettingsCatalog" as JSON files.

Top of page

Syntax

Backup-EmMdmSoftwareUpdate [-ExportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ExportPath		The directory path where the Software Update policies will be exported. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a directory path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - New-EmMdmBackupDirectory - Connect-EmMdmGraph - Get-EmMdmConfigurationAPI - Backup-EmMdmPolicy - Disconnect-MgGraph

Examples

EXAMPLE 1

Backup-EmMdmSoftwareUpdate -ExportPath "C:\Backup\SoftwareUpdates"
This example connects to Microsoft Graph, retrieves Intune Software Update policies, and exports them to the specified directory "C:\Backup\SoftwareUpdates" as JSON files.

Top of page

Syntax

Compare-EmMgClass [-Class1] <Type> [-Class2] <Type> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-Class1		The first class to compare. This parameter is mandatory.	true	false
-Class2		The second class to compare. This parameter is mandatory.	true	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[Type] The cmdlet accepts two class types as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The cmdlet outputs a string indicating whether the classes are different or identical. It also outputs the specific property and method differences, if any.

Note

The cmdlet uses the Compare-Object cmdlet to compare properties and methods of the specified classes.

Examples

EXAMPLE 1

Compare-EmMgClass -Class1 [ClassA] -Class2 [ClassB]
This example compares ClassA and ClassB, outputting their differences in properties and methods.

Top of page

Syntax

Convert-EmMgJsonToClass [-Json] <String> [-ClassName] <String> [-Operation] <String> [<CommonParameters>]

Parameters

Name	Description	Required?	Pipeline Input
-Json	The JSON string to be converted into a PowerShell class. This parameter is mandatory.	true	false
-ClassName	The name of the class to be generated. This parameter is mandatory.	true	false
-Operation	The operation type to customize the generated class. Valid values are "create", "update", and "get". This parameter is mandatory.	true	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a JSON string and a class name as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The cmdlet outputs the generated PowerShell class definition as a string.

Note

The cmdlet generates a PowerShell class with properties, a default constructor, and a parameterized constructor based on the JSON string. The cmdlet uses different operations to customize the class properties and constructors.

Examples

EXAMPLE 1

$json = '{"name": "Test", "value": 123}'
PS> Convert-EmMgJsonToClass -Json $json -ClassName "TestClass" -Operation "create"
This example converts the JSON string into a PowerShell class named "TestClass" for the "create" operation.

Top of page

Syntax

Convert-EmMgJsonToFlatObject -ImportPath <String> [<CommonParameters>]

Convert-EmMgJsonToFlatObject -JSON <String> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The path to the JSON file to be imported. This parameter is mandatory when using the 'Import' parameter set.	true	true (ByPropertyName)
-JSON		The JSON string to be converted to a flat object. This parameter is mandatory when using the 'StringObject' parameter set.	true	true (ByValue, ByPropertyName)

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a JSON string or a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[PSCustomObject] The cmdlet outputs a flat PowerShell object.

Note

The cmdlet uses the ConvertTo-FlatObject function to flatten the JSON structure. The cmdlet supports two parameter sets: 'Import' for importing JSON from a file and 'StringObject' for converting JSON strings. Borrowed private function code from: https://powersnippets.com/convertto-flatobject/

Examples

EXAMPLE 1

Convert-EmMgJsonToFlatObject -ImportPath "C:\path\to\file.json"
This example imports the JSON file from the specified path and converts it to a flat PowerShell object.

EXAMPLE 2

'{"name": "Test", "value": {"nested": 123}}' | Convert-EmMgJsonToFlatObject
This example takes a JSON string from the pipeline, converts it to a flat PowerShell object, and outputs the result.

Top of page

Syntax

Get-EmMdmAppConfiguration [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[GetEmMdmTargetedManagedAppConfiguration[]] The cmdlet returns an array of Intune App Configuration policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmAppConfigurationAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmAppConfiguration
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune App Configuration policies.

EXAMPLE 2

Get-EmMdmAppConfiguration -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune App Configuration policies.

Top of page

Syntax

Get-EmMdmAppProtection [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[pscustomobject[]] The cmdlet returns an array of Intune App Protection policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmAppProtectionAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmAppProtection
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune App Protection policies.

EXAMPLE 2

Get-EmMdmAppProtection -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune App Protection policies.

Top of page

Syntax

Get-EmMdmCompliance [[-OperatingSystem] <String>] [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-OperatingSystem		The operating system for which to retrieve compliance policies. Valid values are "android", "iOS", "Win10", "macos", and "all". The default value is "all".	false	false	all
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

The cmdlet returns an array of Intune Device Compliance policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmComplianceAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmCompliance -OperatingSystem "android"
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Compliance policies for Android devices.

EXAMPLE 2

Get-EmMdmCompliance -OperatingSystem "iOS" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Device Compliance policies for iOS devices.

EXAMPLE 3

Get-EmMdmCompliance
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Compliance policies for all supported operating systems.

Top of page

Syntax

Get-EmMdmConfiguration [[-DeviceType] <String>] [-AuthObject <EmMdmAuthBase>] [-graphApiVersion <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-DeviceType		The device type for which to retrieve configuration policies. Valid values are "windows81", "macOSExtensions", "macOSCustom", "macOSDeviceFeatures", "macOSGeneral", "macOSSoftwareUpdate", "macOSEndpointProtection", "androidWorkProfileGeneral", "androidWorkProfileVpn", "windowsHealthMonitoring", "windows81SCEP", "windows10Custom", "windows10EndpointProtection", "windows10General", and "all". The default value is "all".	false	false	all
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

The cmdlet returns an array of Intune Device Configuration policy objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmConfigurationAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmConfiguration -DeviceType "windows81"
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Configuration policies for Windows 8.1 devices.

EXAMPLE 2

Get-EmMdmConfiguration -DeviceType "macOSGeneral" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Device Configuration policies for macOS devices.

EXAMPLE 3

Get-EmMdmConfiguration
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Configuration policies for all supported device types.

Top of page

Syntax

Get-EmMdmEndpointSecurity [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

EmDManagementIntentInstanceCustom[] The cmdlet returns an array of EmDManagementIntentInstanceCustom objects representing the Endpoint Security policies.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmEndpointSecurityTemplate - Get-EmDMIntent - Get-EmDMTemplateSettingCategory - Get-EmDMSettingInstance - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmEndpointSecurity -graphApiVersion $graphApiVersion
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Endpoint Security policies.

EXAMPLE 2

Get-EmMdmEndpointSecurity -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Endpoint Security policies.

Top of page

Get-EmMdmGraphAuth

Creates an authentication object for connecting to Microsoft Graph using various authentication methods.

The Get-EmMdmGraphAuth function creates an authentication object that can be used to connect to Microsoft Graph. The function supports multiple authentication methods, including Client Secret, Certificate Thumbprint, Certificate Name, Managed Identity, System Assigned Identity, Access Token, Environment Variables, and X509 Certificate. Use help Get-EmMdmGraphAuth -Syntax for more information on the parameters. Self Signed Example: $CertName = "" ## Replace $cert = New-SelfSignedCertificate -Subject "CN=$CertName" -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256 # Public Key for upload to MgGraph application Export-Certificate -Cert $cert -FilePath "C:\temp$CertName.cer" ## Specify your preferred location $ThumbPrint = $Cert.Thumbprint $CertName = $cert.Subject

Syntax

Get-EmMdmGraphAuth [-ClientSecretTenantId] <String> [-ClientSecretValue] <PSCredential> [<CommonParameters>]

Get-EmMdmGraphAuth [-CertificateThumbprintClientId] <String> [-CertificateThumbprintTenantId] <String> [-CertificateThumbprint] <String> [<CommonParameters>]

Get-EmMdmGraphAuth [-CertificateNameClientId] <String> [-CertificateNameTenantId] <String> [-CertificateName] <String> [<CommonParameters>]

Get-EmMdmGraphAuth [-UserAuthManagedIdentity] <String> [<CommonParameters>]

Get-EmMdmGraphAuth [-SystemAssignedIdentity] [<CommonParameters>]

Get-EmMdmGraphAuth [-AccessToken] <SecureString> [<CommonParameters>]

Get-EmMdmGraphAuth [-EnvironmentVariable] [<CommonParameters>]

Get-EmMdmGraphAuth [-X509CertificateClientId] <String> [-X509Certificate] <X509Certificate> [-X509CertificateTenantId] <String> [<CommonParameters>]

Parameters

Name	Description	Required?	Pipeline Input	Default Value
-ClientSecretTenantId	The Tenant ID for the application using Client Secret authentication. Mandatory for ClientSecret parameter set.	true	false
-ClientSecretValue	The Client Secret value for the application using Client Secret authentication. Mandatory for ClientSecret parameter set. Must be a PSCredential object.	true	false
-CertificateThumbprintClientId	The Client ID for the application using Certificate Thumbprint authentication. Mandatory for CertificateThumbprint parameter set.	true	false
-CertificateThumbprintTenantId	The Tenant ID for the application using Certificate Thumbprint authentication. Mandatory for CertificateThumbprint parameter set.	true	false
-CertificateThumbprint	The Certificate Thumbprint for the application using Certificate Thumbprint authentication. Mandatory for CertificateThumbprint parameter set.	true	false
-CertificateNameClientId	The Client ID for the application using Certificate Name authentication. Mandatory for CertificateName parameter set.	true	false
-CertificateNameTenantId	The Tenant ID for the application using Certificate Name authentication. Mandatory for CertificateName parameter set.	true	false
-CertificateName	The Certificate Name for the application using Certificate Name authentication. Mandatory for CertificateName parameter set.	true	false
-UserAuthManagedIdentity	The Client ID for the Managed Identity. Mandatory for UserAuthManagedIdentity parameter set.	true	false
-SystemAssignedIdentity	Indicates the use of a System Assigned Identity for authentication. Mandatory for SystemAssignedIdentity parameter set.	true	false	False
-AccessToken	Specifies a bearer token for Microsoft Graph service. Mandatory for AccessToken parameter set.	true	false
-EnvironmentVariable	Allows for authentication using environment variables configured on the host machine. Mandatory for EnvironmentVariable parameter set.	true	false	False
-X509CertificateClientId	The client id of your application for X509 certificate authentication. Mandatory for X509Certificate parameter set.	true	false
-X509Certificate		true	false
-X509CertificateTenantId	The id of the tenant to connect to for X509 certificate authentication. Mandatory for X509Certificate parameter set.	true	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None

Outputs

The output type is the type of the objects that the cmdlet emits.

PSCustomObject Returns an authentication object for connecting to Microsoft Graph.

Note

https://criticalsolutionsnetwork.github.io/MemPolicyManager/#Get-EmMdmGraphAuth

Examples

EXAMPLE 1

$authObject = Get-EmMdmGraphAuth -ClientSecretTenantId $TenantId -ClientSecretValue $ClientSecretPSCredential
Creates an authentication object using Client Secret authentication.
The Client Secret value is provided as a PSCredential object.
# $ClientId = "<your-client-id>"
# ClientSecret = ConvertTo-SecureString -String "<your-client-secret>" -AsPlainText -Force
# Ex: $ClientSecretPSCredential = [PsCredential]::New($ClientId,$ClientSecret)

EXAMPLE 2

$authObject = Get-EmMdmGraphAuth -CertificateThumbprintClientId $ClientId -CertificateThumbprintTenantId $TenantId -CertificateThumbprint $ClientCertThumbPrint
Creates an authentication object using Certificate Thumbprint authentication.

EXAMPLE 3

$authObject = Get-EmMdmGraphAuth -CertificateNameClientId $ClientId -CertificateNameTenantId $TenantId -CertificateName $CertName
Creates an authentication object using Certificate Name authentication.

EXAMPLE 4

$authObject = Get-EmMdmGraphAuth -UserAuthManagedIdentity $ClientId
Creates an authentication object using Managed Identity authentication.

EXAMPLE 5

$authObject = Get-EmMdmGraphAuth -SystemAssignedIdentity
Creates an authentication object using System Assigned Identity authentication.

EXAMPLE 6

$authObject = Get-EmMdmGraphAuth -AccessToken (ConvertTo-SecureString -String "your-access-token" -AsPlainText -Force)
Creates an authentication object using Access Token authentication.

EXAMPLE 7

$authObject = Get-EmMdmGraphAuth -EnvironmentVariable
Creates an authentication object using Environment Variable authentication.

EXAMPLE 8

$authObject = Get-EmMdmGraphAuth -X509CertificateClientId $ClientId -X509CertificateTenantId $TenantId -X509Certificate $Cert
Creates an authentication object using X509 Certificate authentication.

Top of page

Syntax

Get-EmMdmSoftwareUpdate [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[pscustomobject[]] The cmdlet returns an array of PSCustomObject representing the Device Update policies.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Get-EmMdmConfigurationAPI - Disconnect-MgGraph

Examples

EXAMPLE 1

Get-EmMdmSoftwareUpdate -graphApiVersion $graphApiVersion
This example connects to Microsoft Graph using the 'beta' API version and retrieves Intune Device Update policies.

EXAMPLE 2

Get-EmMdmSoftwareUpdate -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and retrieves Intune Device Update policies.

Top of page

Syntax

Get-EmMgMetadataXml [-OutputPath] <String> [-graphApiVersion <String>] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-OutputPath		The file path where the metadata XML file will be saved. This parameter is mandatory.	true	true (ByPropertyName)
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The cmdlet outputs a message indicating the success or failure of the metadata XML download.

Note

The cmdlet uses the following functions: - Invoke-WebRequest

Examples

EXAMPLE 1

Get-EmMgMetadataXml -OutputPath "C:\GraphMetadata\metadata.xml"
This example connects to Microsoft Graph using the 'beta' API version and downloads the metadata XML file to "C:\GraphMetadata\metadata.xml".

EXAMPLE 2

Get-EmMgMetadataXml -OutputPath "C:\GraphMetadata\metadata.xml" -graphApiVersion "v1.0"
This example connects to Microsoft Graph using the 'v1.0' API version and downloads the metadata XML file to "C:\GraphMetadata\metadata.xml".

Top of page

Syntax

Get-EmMgMetadataXmlInfo [-XmlFilePath] <String> [-TypeName] <String> [[-InfoType] <String>] [<CommonParameters>]

Parameters

Name	Description	Required?	Pipeline Input	Default Value
-XmlFilePath	The file path to the Microsoft Graph metadata XML file. This parameter is mandatory.	true	false
-TypeName	The name of the entity type to retrieve information for. This parameter is mandatory.	true	false
-InfoType	The type of information to retrieve. Default is "EntityType".	false	false	EntityType

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

None. This cmdlet does not accept pipeline input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[PSCustomObject] The cmdlet outputs a custom object containing detailed information about the specified entity type, including its properties, methods, actions, enums, relationships, and a JSON representation.

Note

The cmdlet uses XPath queries to navigate the metadata XML and extract relevant information.

Examples

EXAMPLE 1

Get-EmMgMetadataXmlInfo -XmlFilePath "C:\GraphMetadata\metadata.xml" -TypeName "User"
This example retrieves metadata information for the 'User' entity type from the specified Microsoft Graph metadata XML file.

EXAMPLE 2

Get-EmMgMetadataXmlInfo -XmlFilePath "C:\GraphMetadata\metadata.xml" -TypeName "Device"
This example retrieves metadata information for the 'Device' entity type from the specified Microsoft Graph metadata XML file.

Top of page

Syntax

Get-EmMgResourceJson [-ODataTypes] <String[]> [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ODataTypes		An array of OData types for which to retrieve JSON resource data. This parameter is mandatory.	true	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string[]] The cmdlet accepts an array of OData types as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[PSCustomObject] The cmdlet outputs a custom object containing the JSON representation and properties table of the specified OData types.

Note

The cmdlet constructs the URL to the Microsoft Graph API documentation for each specified OData type, downloads the markdown content, and parses the JSON resource data and properties table.

Examples

EXAMPLE 1

Get-EmMgResourceJson -ODataTypes "macOSExtensionsConfiguration", "windows81TrustedRootCertificate"
This example retrieves JSON resource data and properties table for the specified OData types from Microsoft Graph API documentation.

Top of page

Syntax

Get-EmMgResourceOperationJson [-ODataTypes] <String[]> [-Operation] <String> [-Resource] <String> [[-graphApiVersion] <String>] [<CommonParameters>]

Parameters

Name	Description	Required?	Pipeline Input	Default Value
-ODataTypes	An array of OData types for which to retrieve JSON examples. This parameter is mandatory.	true	false
-Operation	The operation type for which to retrieve JSON examples. Valid values are "get", "create", and "update". This parameter is mandatory.	true	false
-Resource	The resource type for which to retrieve JSON examples. Valid values are "intune-deviceconfig" and "intune-mam". This parameter is mandatory.	true	false
-graphApiVersion	The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string[]] The cmdlet accepts an array of OData types as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[PSCustomObject] The cmdlet outputs a custom object containing JSON examples for the specified OData types and operations.

Note

The cmdlet constructs the URL to the Microsoft Graph API documentation for each specified OData type and operation, downloads the markdown content, and parses the JSON examples.

Examples

EXAMPLE 1

Get-EmMgResourceOperationJson -ODataTypes "androidCompliancePolicy", "iosCompliancePolicy" -Operation "get" -Resource "intune-deviceconfig"
This example retrieves JSON examples for the specified OData types and get operations from Microsoft Graph API documentation.

Top of page

Syntax

Import-EmMdmAppConfiguration [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the App Configuration policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The cmdlet outputs the ID of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmAppConfiguration - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmAppConfiguration -ImportPath "C:\Backup\AppConfigurations\Policy.json"
This example connects to Microsoft Graph, reads the App Configuration policy from the specified JSON file, and creates the policy in Intune.

Top of page

Syntax

Import-EmMdmAppProtection [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the App Protection policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The cmdlet outputs the ID of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmAppProtection - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmAppProtection -ImportPath "C:\Backup\AppProtections\Policy.json"
This example connects to Microsoft Graph, reads the App Protection policy from the specified JSON file, and creates the policy in Intune.

Top of page

Syntax

Import-EmMdmCompliance [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the Compliance policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[pscustomobject] The cmdlet outputs the result of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmCompliance - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmCompliance -ImportPath "C:\Backup\CompliancePolicies\Policy.json"
This example connects to Microsoft Graph, reads the Compliance policy from the specified JSON file, and creates the policy in Intune.

Top of page

Syntax

Import-EmMdmConfiguration [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the Device Configuration policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The cmdlet outputs the result of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmConfiguration - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmConfiguration -ImportPath "C:\Backup\DeviceConfigurations\Policy.json"
This example connects to Microsoft Graph, reads the Device Configuration policy from the specified JSON file, and creates the policy in Intune.

Top of page

Syntax

Import-EmMdmEndpointSecurity [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the Endpoint Security policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[PSCustomObject] The cmdlet outputs the result of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmEndpointSecurity - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmEndpointSecurity -ImportPath "C:\Backup\EndpointSecurity\Policy.json"
This example connects to Microsoft Graph, reads the Endpoint Security policy from the specified JSON file, and creates the policy in Intune.

Top of page

Syntax

Import-EmMdmSettingsCatalog [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the Settings Catalog policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[void] This cmdlet does not output any objects.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmSettingsCatalog - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmSettingsCatalog -ImportPath "C:\Backup\SettingsCatalog\Policy.json"
This example connects to Microsoft Graph, reads the Settings Catalog policy from the specified JSON file, and creates the policy in Intune.

Top of page

Syntax

Import-EmMdmSoftwareUpdate [-ImportPath] <String> [[-AuthObject] <EmMdmAuthBase>] [[-graphApiVersion] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name	Alias	Description	Required?	Pipeline Input	Default Value
-ImportPath		The file path to the JSON file containing the Software Update policy to import. This parameter is mandatory.	true	true (ByValue, ByPropertyName)
-AuthObject		The authentication object used for connecting to Microsoft Graph.	false	false
-graphApiVersion		The version of the Microsoft Graph API to use. Valid values are "beta" and "v1.0". The default value is "beta".	false	false	beta
-WhatIf	wi		false	false
-Confirm	cf		false	false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

[string] The cmdlet accepts a file path as input.

Outputs

The output type is the type of the objects that the cmdlet emits.

[string] The ID of the created policy.

Note

The cmdlet uses the following functions: - Connect-EmMdmGraph - Add-EmMdmConfiguration - Disconnect-MgGraph

Examples

EXAMPLE 1

Import-EmMdmSoftwareUpdate -ImportPath "C:\Backup\SoftwareUpdates\Policy.json"
This example connects to Microsoft Graph, reads the Software Update policy from the specified JSON file, and creates the policy in Intune.

Top of page

MemPolicyManager

Backup-EmMdmAppConfiguration

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Backup-EmMdmAppProtection

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Backup-EmMdmCompliance

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Backup-EmMdmConfiguration

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Backup-EmMdmEndpointSecurity

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Backup-EmMdmSettingsCatalog

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Backup-EmMdmSoftwareUpdate

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Compare-EmMgClass

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Convert-EmMgJsonToClass

Syntax

Parameters

Inputs

Outputs

Note

Examples

Links

Convert-EmMgJsonToFlatObject

Syntax

Parameters

Inputs

Outputs

Note

Examples