Skip to content

Commit

Permalink
Create ManagedDevices_iOS_PasscodeReset_Export.ps1
Browse files Browse the repository at this point in the history
  • Loading branch information
@davefalkus
davefalkus committed Mar 25, 2020
1 parent 709aaae commit 7ad736f
Showing 1 changed file with 316 additions and 0 deletions.
316 changes: 316 additions & 0 deletions ManagedDevices/ManagedDevices_iOS_PasscodeReset_Export.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,316 @@
<#
.COPYRIGHT
Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.
See LICENSE in the project root for license information.
#>

####################################################

function Get-AuthToken {

<#
.SYNOPSIS
This function is used to authenticate with the Graph API REST interface
.DESCRIPTION
The function authenticate with the Graph API Interface with the tenant name
.EXAMPLE
Get-AuthToken
Authenticates you with the Graph API interface
.NOTES
NAME: Get-AuthToken
#>

[cmdletbinding()]

param
(
[Parameter(Mandatory=$true)]
$User
)

$userUpn = New-Object "System.Net.Mail.MailAddress" -ArgumentList $User

$tenant = $userUpn.Host

Write-Host "Checking for AzureAD module..."

$AadModule = Get-Module -Name "AzureAD" -ListAvailable

if ($AadModule -eq $null) {

Write-Host "AzureAD PowerShell module not found, looking for AzureADPreview"
$AadModule = Get-Module -Name "AzureADPreview" -ListAvailable

}

if ($AadModule -eq $null) {
write-host
write-host "AzureAD Powershell module not installed..." -f Red
write-host "Install by running 'Install-Module AzureAD' or 'Install-Module AzureADPreview' from an elevated PowerShell prompt" -f Yellow
write-host "Script can't continue..." -f Red
write-host
exit
}

# Getting path to ActiveDirectory Assemblies
# If the module count is greater than 1 find the latest version

if($AadModule.count -gt 1){

$Latest_Version = ($AadModule | select version | Sort-Object)[-1]

$aadModule = $AadModule | ? { $_.version -eq $Latest_Version.version }

# Checking if there are multiple versions of the same module found

if($AadModule.count -gt 1){

$aadModule = $AadModule | select -Unique

}

$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

}

else {

$adal = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = Join-Path $AadModule.ModuleBase "Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll"

}

[System.Reflection.Assembly]::LoadFrom($adal) | Out-Null

[System.Reflection.Assembly]::LoadFrom($adalforms) | Out-Null

$clientId = "d1ddf0e4-d672-4dae-b554-9d5bdfd93547"

$redirectUri = "urn:ietf:wg:oauth:2.0:oob"

$resourceAppIdURI = "https://graph.microsoft.com"

$authority = "https://login.microsoftonline.com/$Tenant"

try {

$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

# https://msdn.microsoft.com/en-us/library/azure/microsoft.identitymodel.clients.activedirectory.promptbehavior.aspx
# Change the prompt behaviour to force credentials each time: Auto, Always, Never, RefreshSession

$platformParameters = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList "Auto"

$userId = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserIdentifier" -ArgumentList ($User, "OptionalDisplayableId")

$authResult = $authContext.AcquireTokenAsync($resourceAppIdURI,$clientId,$redirectUri,$platformParameters,$userId).Result

# If the accesstoken is valid then create the authentication header

if($authResult.AccessToken){

# Creating header for Authorization token

$authHeader = @{
'Content-Type'='application/json'
'Authorization'="Bearer " + $authResult.AccessToken
'ExpiresOn'=$authResult.ExpiresOn
}

return $authHeader

}

else {

Write-Host
Write-Host "Authorization Access Token is null, please re-run authentication..." -ForegroundColor Red
Write-Host
break

}

}

catch {

write-host $_.Exception.Message -f Red
write-host $_.Exception.ItemName -f Red
write-host
break

}

}

####################################################

Function Export-iOSDevices(){

<#
.SYNOPSIS
This function is used to export iOS Devices from the Graph API REST interface
.DESCRIPTION
The function connects to the Graph API Interface and exports iOS devices
.EXAMPLE
Export-Devices
Returns any iOS Device enrolled into Intune
.NOTES
NAME: Export-iOSDevices
#>

[cmdletbinding()]

param
(
$Name
)

$graphApiVersion = "beta"
$Resource = "deviceManagement/reports/exportJobs"

try {

$properties = @{

reportName = 'Devices'
select = @('DeviceId',"DeviceName","OSVersion", "HasUnlockToken")
filter = "((DeviceType eq '14') or (DeviceType eq '9') or (DeviceType eq '8') or (DeviceType eq '10'))"

}

$psObj = New-Object -TypeName psobject -Property $properties

$Json = ConvertTo-Json -InputObject $psObj

if($Name){

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
(Invoke-RestMethod -Uri $uri -Headers $authToken -Method Get).Value | Where-Object { ($_.'displayName').contains("$Name") }

}

else {

$uri = "https://graph.microsoft.com/$graphApiVersion/$($Resource)"
$result = (Invoke-RestMethod -Uri $uri -Headers $authToken -Method Post -Body $JSON -ContentType "application/json")

$id = $result.id

write-host "Export Job id is '$id'" -ForegroundColor Cyan

Write-Host

while($true){

$pollingUri = "$uri('$id')"
write-host "Polling uri = "$pollingUri

$result = (Invoke-RestMethod -Uri $pollingUri -Headers $authToken -Method Get)
$status = $result.status

if ($status -eq 'completed'){

Write-Host "Export Job Complete..." -ForegroundColor Green
Write-Host

$fileName = (Split-Path -Path $result.url -Leaf).split('?')[0]

Invoke-WebRequest -Uri $result.url -OutFile $env:temp\$fileName

Write-host "Downloaded Export to local disk as '$env:temp\$fileName'..." -ForegroundColor Green
Write-Host
break;

}

else {

Write-Host "In progress, waiting..." -ForegroundColor Yellow
Start-Sleep -Seconds 5
Write-Host

}

}

}

}

catch {

$ex = $_.Exception
Write-Host "Request to $Uri failed with HTTP Status $([int]$ex.Response.StatusCode) $($ex.Response.StatusDescription)" -f Red
$errorResponse = $ex.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($errorResponse)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd();
Write-Host "Response content:`n$responseBody" -f Red
Write-Error "Request to $Uri failed with HTTP Status $($ex.Response.StatusCode) $($ex.Response.StatusDescription)"
write-host
break

}

}

####################################################

#region Authentication

write-host

# Checking if authToken exists before running authentication
if($global:authToken){

# Setting DateTime to Universal time to work in all timezones
$DateTime = (Get-Date).ToUniversalTime()

# If the authToken exists checking when it expires
$TokenExpires = ($authToken.ExpiresOn.datetime - $DateTime).Minutes

if($TokenExpires -le 0){

write-host "Authentication Token expired" $TokenExpires "minutes ago" -ForegroundColor Yellow
write-host

# Defining User Principal Name if not present

if($User -eq $null -or $User -eq ""){

$User = Read-Host -Prompt "Please specify your user principal name for Azure Authentication"
Write-Host

}

$global:authToken = Get-AuthToken -User $User

}
}

# Authentication doesn't exist, calling Get-AuthToken function

else {

if($User -eq $null -or $User -eq ""){

$User = Read-Host -Prompt "Please specify your user principal name for Azure Authentication"
Write-Host

}

# Getting the authorization token
$global:authToken = Get-AuthToken -User $User

}

#endregion

####################################################

Export-iOSDevices

0 comments on commit 7ad736f

Please sign in to comment.