michevnew/Graph_SecurityDefaults

## Graph_SecurityDefaults
#Set the authentication details
$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain
$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app. For best result, use app with Policy.Read.All and Policy.ReadWrite.ConditionalAccess scopes granted
$client_secret = "XXXXXXXXXXXXXXXxxxx" #client secret for the app

$body = @{
    client_id     = $AppId
    scope         = "https://graph.microsoft.com/.default"
    client_secret = $client_secret
    grant_type    = "client_credentials"
}

#Get a token
$authenticationResult = Invoke-WebRequest -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $body -ErrorAction Stop
$token = ($authenticationResult.Content | ConvertFrom-Json).access_token
$authHeader = @{'Authorization'="Bearer $token"}

#Call the /policies/authorizationPolicy/identitySecurityDefaultsEnforcementPolicy endpoint to check the current value
$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy"
$result = ($res.Content | ConvertFrom-Json)
$result

#Change the value to "true" via a PATCH operation
$body = (@{"isEnabled"="true"} | ConvertTo-Json)
$authHeader = @{'Authorization'="Bearer $token";"Content-Type" = "application/json"}
$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy" -Method Patch -Body $body

#Call the /policies/authorizationPolicy/identitySecurityDefaultsEnforcementPolicy endpoint again to confirm the new value
$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy"
$result = ($res.Content | ConvertFrom-Json)
$result
	#Set the authentication details
	$tenantID = "tenant.onmicrosoft.com" #your tenantID or tenant root domain
	$appID = "12345678-1234-1234-1234-1234567890AB" #the GUID of your app. For best result, use app with Policy.Read.All and Policy.ReadWrite.ConditionalAccess scopes granted
	$client_secret = "XXXXXXXXXXXXXXXxxxx" #client secret for the app

	$body = @{
	client_id = $AppId
	scope = "https://graph.microsoft.com/.default"
	client_secret = $client_secret
	grant_type = "client_credentials"
	}

	#Get a token
	$authenticationResult = Invoke-WebRequest -Method Post -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -ContentType "application/x-www-form-urlencoded" -Body $body -ErrorAction Stop
	$token = ($authenticationResult.Content \| ConvertFrom-Json).access_token
	$authHeader = @{'Authorization'="Bearer $token"}

	#Call the /policies/authorizationPolicy/identitySecurityDefaultsEnforcementPolicy endpoint to check the current value
	$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy"
	$result = ($res.Content \| ConvertFrom-Json)
	$result

	#Change the value to "true" via a PATCH operation
	$body = (@{"isEnabled"="true"} \| ConvertTo-Json)
	$authHeader = @{'Authorization'="Bearer $token";"Content-Type" = "application/json"}
	$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy" -Method Patch -Body $body

	#Call the /policies/authorizationPolicy/identitySecurityDefaultsEnforcementPolicy endpoint again to confirm the new value
	$res = Invoke-WebRequest -Headers $AuthHeader -Uri "https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy"
	$result = ($res.Content \| ConvertFrom-Json)
	$result