search

damienvanrobaeys / About_my_device

About my device: A systray tool for that displays device information and run action like send logs or sync device
34 stars 6 forks source link

Compliance - feature suggestion #1

Open ztrhgf opened 3 years ago

ztrhgf commented 3 years ago

I think adding possibility for users see current Intune/SCCM compliance state would be very helpful. But mainly possibility tu invoke new compliance check. I.e. employees of companies that use devices compliance state for conditional access would benefit for it :)

Function bellow can be used to trigger SCCM compliance policies. ` function Invoke-CMComplianceEvaluation { <# .SYNOPSIS Function triggers evaluation of available SCCM compliance baselines.

.DESCRIPTION
Function triggers evaluation of available SCCM compliance baselines.
On remote computers can trigger only computer targeted baselines (doesn't contain any per user CI)! Per user baselines won't be even shown.

.PARAMETER computerName
Default is localhost.

.PARAMETER baselineName
Optional parameter for filtering baselines to evaluate.

.EXAMPLE
Invoke-CMComplianceEvaluation

Trigger evaluation of all compliance baselines on localhost targeted to device and user, that run this function.

.EXAMPLE
Invoke-CMComplianceEvaluation -computerName ae-01-pc -baselineName "KTC_compliance_policy"

Trigger evaluation of just KTC_compliance_policy compliance baseline on ae-01-pc. But only in case, such baseline is targeted to device, not user.

.NOTES
Modified from https://social.technet.microsoft.com/Forums/en-US/76afbba5-065e-4809-9720-024ea05d6cee/trigger-baseline-evaluation?forum=configmanagersdk
#>

[CmdletBinding()]
param (
    [string] $computerName = "localhost"
    ,
    [string[]] $baselineName
)

$Baselines = Get-CimInstance -ComputerName $ComputerName -Namespace root\ccm\dcm -Class SMS_DesiredConfiguration
ForEach ($Baseline in $Baselines) {
    $displayName = $Baseline.DisplayName
    if ($baselineName -and $displayName -notin $baselineName) {
        Write-Warning "Skipping $displayName baseline"
        continue
    }

    $name = $Baseline.Name
    $IsMachineTarget = $Baseline.IsMachineTarget
    $IsEnforced = $Baseline.IsEnforced
    $PolicyType = $Baseline.PolicyType
    $version = $Baseline.Version

    $MC = [WmiClass]"\\$ComputerName\root\ccm\dcm:SMS_DesiredConfiguration"

    $Method = "TriggerEvaluation"
    $InParams = $mc.psbase.GetMethodParameters($Method)
    $InParams.IsEnforced = $IsEnforced
    $InParams.IsMachineTarget = $IsMachineTarget
    $InParams.Name = $name
    $InParams.Version = $version
    $InParams.PolicyType = $PolicyType

    Write-Output "Evaluating $displayName"
    Write-Verbose "Last status: $($Baseline.LastComplianceStatus) Last evaluated: $($Baseline.LastEvalTime)"

    $result = $MC.InvokeMethod($Method, $InParams, $null)

    if ($result.ReturnValue -eq 0) {
        Write-Verbose "OK"
    } else {
        Write-Error "There was an error.`n$result"
    }
}

} `

damienvanrobaeys commented 3 years ago

Thanks for the suggestion. I will work on it.