Skip to content

Instantly share code, notes, and snippets.

View gist:da55ca60d60b604c08889ff50737c4c1
# Install module
Install-module Microsoft.Graph.Identity.Signins -Scope CurrentUser
# Connect to Microsoft Graph API using Device Authentication and with correct API permissions
Connect-MgGraph -Scopes UserAuthenticationMethod.ReadWrite.All
# Switch to beta API
Select-MgProfile -Name beta
# Specify User ID (Object ID in Azure AD on the User Object)
View SecurityPosture -Help
The script will write entries to a log file residing at the client at this location: (C:\Windows\Temp\Client-SecurityPosture.log)
You can query this script using indvidual switches and choose which ones you want to use:
SecurityPosture -OS -TPMStatus -Bitlocker -UEFISECBOOT -Defender -DefenderforEndpoint -MAPS -ApplicationGuard
-Sandbox -CredentialGuardPreReq -CredentialGuard -DeviceGuard -AttackSurfaceReduction -ControlledFolderAccess
You can also query every switch in this script using a global switch which includes all available options:
SecurityPosture -All
0fflineDocs / Install-SecurityPosture
Created Apr 11, 2021
Install-Script -Name SecurityPosture -force
View Install-SecurityPosture
Install-Script -Name SecurityPosture -force
View gist:8cd9cda50ece62ea8713ce62c0c75d6c
#Windows 10 Compliance
$Windows10Compliance = New-IntuneDeviceCompliancePolicy `
-windows10CompliancePolicy `
-displayName "Windows10-Compliance" `
-osMinimumVersion 10.0.18363.778 `
-scheduledActionsForRule `
(New-DeviceComplianceScheduledActionForRuleObject `
-ruleName PasswordRequired `
-scheduledActionConfigurations `
(New-DeviceComplianceActionItemObject `
View gist:1c1d18a443a06d8937d09540fd174192
Install-Module -Name Microsoft.Graph.Intune -force
Import-Module -Name Microsoft.Graph.Intune -verbose