cgerke

$counter = 0
$html = Invoke-WebRequest -Uri "https://aka.ms/WindowsUpdateHistory" -UseBasicParsing -ErrorAction Continue
$href += ($html).Links
$href | Where-Object {$_.class -eq "supLeftNavLink"} | 
 Where-Object {$_.outerHTML -match "KB"} |  
 Where-Object {$_.outerHTML -notmatch "preview"} | 
 Where-Object {$_.outerHTML -notmatch "mobile"} | 
  ForEach-Object {
  ++$counter
  if ($counter -eq 24){

cgerke

#region Intune detection requirements
<#
    Exit code   |   Data read from Write-Output |   Detection state
    ================================================================
    0           |   Empty                       |   Not detected
    0           |   Not empty                   |   Detected
    Not zero    |   Empty                       |   Not detected
    Not zero    |   Not Empty                   |   Not detected
#>
#endregion

cgerke

##*===============================================
##* INSTALLATION
##*===============================================
[string]$installPhase = 'Installation'

## Handle Zero-Config MSI Installations
If ($useDefaultMsi) {
  [hashtable]$ExecuteDefaultMSISplat =  @{ Action = 'Install'; Path = $defaultMsiFile }; If ($defaultMstFile) { $ExecuteDefaultMSISplat.Add('Transform', $defaultMstFile) }
  Execute-MSI @ExecuteDefaultMSISplat; If ($defaultMspFiles) { $defaultMspFiles | ForEach-Object { Execute-MSI -Action 'Patch' -Path $_ } }
}

cgerke

<# winget.ps1
   Source this within Install.ps1 to get $Winget as a path to the executable.
   Optionally use this file as a Requirement within the Intune win32app.
#>

$Requirement = $null

try {
    # Winget Requirement
    $Winget = $null

cgerke

$Requirement = $null

try {
    # Winget Requirement
    $Winget = $null
    $DesktopAppInstaller = "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe"
    $SystemContext = Resolve-Path "$DesktopAppInstaller"
    #Resolve latest version (last one)
    if ($SystemContext) { $SystemContext = $SystemContext[-1].Path }
    $UserContext = Get-Command winget.exe -ErrorAction SilentlyContinue #User context

cgerke

<#
  Detect.ps1
  https://docs.microsoft.com/en-us/mem/analytics/powershell-scripts
  https://learn.microsoft.com/en-us/powershell/module/dism/get-windowsoptionalfeature
#>
[int32]$SkipRemediate = 0
[int32]$Remediate = 1

try
{

cgerke

<#
  Detect.ps1
  https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-remotemanagement
  https://docs.microsoft.com/en-us/mem/analytics/powershell-scripts
  https://learn.microsoft.com/en-us/windows/win32/winrm/portal
  https://learn.microsoft.com/en-us/powershell/module/microsoft.wsman.management/?view=powershell-7.2
#>
[int32]$SkipRemediate = 0
[int32]$Remediate = 1

cgerke

<#
  https://learn.microsoft.com/en-us/powershell/module/netsecurity/set-netfirewallprofile
#>

# Enable (no domain for AAD only, perhaps set it anyway?)
# Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
Set-NetFirewallProfile -Profile Public,Private -Enabled True

# Defaults
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True -LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log

cgerke

<#
  https://learn.microsoft.com/en-us/powershell/module/storage/get-volume
  https://learn.microsoft.com/en-us/powershell/module/bitlocker
  https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-disk-encryption-profile-settings
#>

# Enable
Enable-Bitlocker -MountPoint "$env:SystemDrive" -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector

# Backup

cgerke

# Don't do this...
Set-Item WSMan:\localhost\Client\TrustedHosts –Value *

# Maybe do this
$Lan = 192.168.*
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value "$Lan" -Force

# or this
$Domain = <domain>
Set-Item WSMan:\localhost\Client\TrustedHosts "$Domain"