Skip to content

Commit

Permalink
Merge pull request #5641 from FabienTschanz/feat/intune-resource-caching
Browse files Browse the repository at this point in the history
Add caching behaviour to Intune workload
  • Loading branch information
ykuijs authored Jan 17, 2025
2 parents 25b840c + 17fcfef commit 919cac7
Show file tree
Hide file tree
Showing 120 changed files with 4,899 additions and 3,836 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
* MISC
* Export Performance Improvements
Implements the changes described in [#5615](https://github.com/microsoft/Microsoft365DSC/issues/5615)
Improved resource caching behavior across Intune resources.

# 1.25.115.1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -159,52 +159,60 @@ function Get-TargetResource
$AccessTokens
)

Write-Verbose -Message "Checking for the Intune Endpoint Protection Attack Surface Protection rules Policy {$DisplayName}"

$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters `
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$nullResult = $PSBoundParameters
$nullResult.Ensure = 'Absent'
Write-Verbose -Message "Getting configuration of the Intune Endpoint Protection Attack Surface Protection rules Policy with Id {$Identity} and DisplayName {$DisplayName}"

try
{
#Retrieve policy general settings
if (-not [string]::IsNullOrEmpty($Identity))
if (-not $Script:exportedInstance)
{
$policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ErrorAction SilentlyContinue
}

if ($null -eq $policy)
{
Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with identity {$Identity} was found"
if (-not [String]::IsNullOrEmpty($DisplayName))
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters `
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$nullResult = $PSBoundParameters
$nullResult.Ensure = 'Absent'

$policy = $null
#Retrieve policy general settings
if (-not [string]::IsNullOrEmpty($Identity))
{
$policy = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue
$policy = Get-MgBetaDeviceManagementIntent -DeviceManagementIntentId $Identity -ErrorAction SilentlyContinue
}

if (([array]$policy).count -gt 1)
if ($null -eq $policy)
{
throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique"
Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with identity {$Identity} was found"
if (-not [String]::IsNullOrEmpty($DisplayName))
{
$policy = Get-MgBetaDeviceManagementIntent -All -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue
}

if (([array]$policy).count -gt 1)
{
throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique"
}
}
if ($null -eq $policy)
{
Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with displayName {$DisplayName} was found"
return $nullResult
}
}
if ($null -eq $policy)
else
{
Write-Verbose -Message "No Endpoint Protection Attack Surface Protection rules Policy with displayName {$DisplayName} was found"
return $nullResult
$policy = $Script:exportedInstance
}

#Retrieve policy specific settings
Expand Down Expand Up @@ -875,6 +883,7 @@ function Export-TargetResource
AccessTokens = $AccessTokens
}

$Script:exportedInstance = $policy
$Results = Get-TargetResource @params
if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results))
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,53 +110,61 @@ function Get-TargetResource
$AccessTokens
)

Write-Verbose -Message "Getting configuration of the Intune Account Protection LAPS Policy with Id {$Identity} and DisplayName {$DisplayName}"

try
{

$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters `
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
#Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$nullResult = $PSBoundParameters
$nullResult.Ensure = 'Absent'

$templateReferenceId = 'adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1'

# Retrieve policy general settings
$policy = $null
if (-not [System.String]::IsNullOrEmpty($Identity))
if (-not $Script:exportedInstance)
{
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue
}

if ($null -eq $policy)
{
Write-Verbose -Message "No Account Protection LAPS Policy with Id {$Identity} was found"
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters `
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
#Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$nullResult = $PSBoundParameters
$nullResult.Ensure = 'Absent'

$templateReferenceId = 'adc46e5a-f4aa-4ff6-aeff-4f27bc525796_1'

# Retrieve policy general settings
$policy = $null
if (-not [System.String]::IsNullOrEmpty($Identity))
{
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue
}

if (-not [System.String]::IsNullOrEmpty($DisplayName))
if ($null -eq $policy)
{
$policy = Get-MgBetaDeviceManagementConfigurationPolicy `
-Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" `
-ErrorAction SilentlyContinue
Write-Verbose -Message "No Account Protection LAPS Policy with Id {$Identity} was found"

if ($policy.Length -gt 1)
if (-not [System.String]::IsNullOrEmpty($DisplayName))
{
throw "Duplicate Account Protection LAPS Policy named $DisplayName exist in tenant"
$policy = Get-MgBetaDeviceManagementConfigurationPolicy `
-Filter "Name eq '$DisplayName' and templateReference/TemplateId eq '$templateReferenceId'" `
-ErrorAction SilentlyContinue

if ($policy.Length -gt 1)
{
throw "Duplicate Account Protection LAPS Policy named $DisplayName exist in tenant"
}
}
}
}
else
{
$policy = $Script:exportedInstance
}

if ($null -eq $policy)
{
Expand Down Expand Up @@ -714,6 +722,7 @@ function Export-TargetResource
AccessTokens = $AccessTokens
}

$Script:exportedInstance = $policy
$Results = Get-TargetResource @params
$Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
-Results $Results
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,54 +58,64 @@ function Get-TargetResource
$AccessTokens
)

Write-Verbose -Message "Checking for the Intune Account Protection Local User Group Membership Policy {$DisplayName}"
Write-Verbose -Message "Getting configuration of the Intune Account Protection Local User Group Membership Policy with Id {$Identity} and DisplayName {$DisplayName}"

$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters `
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$nullResult = $PSBoundParameters
$nullResult.Ensure = 'Absent'

try
try
{
#Retrieve policy general settings

$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ExpandProperty settings -ErrorAction SilentlyContinue

if ($null -eq $policy)
if (-not $Script:exportedInstance)
{
Write-Verbose -Message "No Account Protection Local User Group Membership Policy with identity {$Identity} was found"
if (-not [String]::IsNullOrEmpty($DisplayName))
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters `
-ErrorAction Stop

#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies

#region Telemetry
$ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
$CommandName = $MyInvocation.MyCommand
$data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
-CommandName $CommandName `
-Parameters $PSBoundParameters
Add-M365DSCTelemetryEvent -Data $data
#endregion

$nullResult = $PSBoundParameters
$nullResult.Ensure = 'Absent'

#Retrieve policy general settings
$policy = $null
if (-not [String]::IsNullOrEmpty($Identity))
{
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" -ErrorAction SilentlyContinue

if (([array]$devicePolicy).Count -gt 1)
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ExpandProperty settings -ErrorAction SilentlyContinue
}

if ($null -eq $policy)
{
Write-Verbose -Message "No Account Protection Local User Group Membership Policy with identity {$Identity} was found"
if (-not [String]::IsNullOrEmpty($DisplayName))
{
throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique"
}
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -All -Filter "Name eq '$DisplayName'" -ErrorAction SilentlyContinue

if ($null -eq $policy)
{
Write-Verbose -Message "No Account Protection Local User Group Membership Policy with displayName {$DisplayName} was found"
return $nullResult
}
if (([array]$devicePolicy).Count -gt 1)
{
throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique"
}

if ($null -eq $policy)
{
Write-Verbose -Message "No Account Protection Local User Group Membership Policy with displayName {$DisplayName} was found"
return $nullResult
}

$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $policy.id -ExpandProperty settings -ErrorAction SilentlyContinue
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $policy.id -ExpandProperty settings -ErrorAction SilentlyContinue
}
}
}
else
{
$policy = $Script:exportedInstance
}


#Retrieve policy specific settings
Expand Down Expand Up @@ -565,6 +575,7 @@ function Export-TargetResource
AccessTokens = $AccessTokens
}

$Script:exportedInstance = $policy
$Results = Get-TargetResource @params
if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results))
{
Expand Down
Loading

0 comments on commit 919cac7

Please sign in to comment.