Skip to content

Commit 7f3d7e0

Browse files
JohnDupreyJohnDuprey
committed
Add SHA hash checks to tenant template library
Introduces SHA hash comparison for Conditional Access, Intune Compliance, and Intune Protection policy templates. Templates are only updated or created if the policy content has changed, preventing unnecessary overwrites and improving efficiency.
1 parent fbe994f commit 7f3d7e0

File tree

1 file changed

+37
-5
lines changed

1 file changed

+37
-5
lines changed

Modules/CIPPCore/Public/New-CIPPTemplateRun.ps1

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -88,16 +88,23 @@ function New-CIPPTemplateRun {
8888
Write-Information 'Creating templates for found Conditional Access Policies'
8989
foreach ($policy in $policies) {
9090
try {
91+
$Hash = Get-StringHash -String ($policy | ConvertTo-Json -Depth 100 -Compress)
92+
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $policy.displayName } | Select-Object -First 1
93+
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
94+
"Policy $($policy.displayName) found, SHA matches, skipping template creation"
95+
continue
96+
}
9197
$Template = New-CIPPCATemplate -TenantFilter $TenantFilter -JSON $policy
9298
#check existing templates, if the displayName is the same, overwrite it.
93-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $policy.displayName } | Select-Object -First 1
99+
94100
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'CATemplate') {
95101
"Policy $($policy.displayName) found, updating template"
96102
Add-CIPPAzDataTableEntity @Table -Entity @{
97103
JSON = "$Template"
98104
RowKey = $ExistingPolicy.GUID
99105
PartitionKey = 'CATemplate'
100106
GUID = $ExistingPolicy.GUID
107+
SHA = $Hash
101108
} -Force
102109
} else {
103110
"Policy $($policy.displayName) not found in existing templates, creating new template"
@@ -107,6 +114,7 @@ function New-CIPPTemplateRun {
107114
RowKey = "$GUID"
108115
PartitionKey = 'CATemplate'
109116
GUID = "$GUID"
117+
SHA = $Hash
110118
}
111119
}
112120

@@ -133,8 +141,15 @@ function New-CIPPTemplateRun {
133141
$URLName = (($url).split('?') | Select-Object -First 1) -replace 'https://graph.microsoft.com/beta/deviceManagement/', ''
134142
foreach ($Policy in $Policies) {
135143
try {
136-
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.ID
144+
$Hash = Get-StringHash -String ($Policy | ConvertTo-Json -Depth 100 -Compress)
137145
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1
146+
147+
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
148+
"Policy $($Policy.displayName) found, SHA matches, skipping template creation"
149+
continue
150+
}
151+
152+
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName $URLName -ID $Policy.ID
138153
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
139154
"Policy $($Template.DisplayName) found, updating template"
140155
$object = [PSCustomObject]@{
@@ -150,6 +165,7 @@ function New-CIPPTemplateRun {
150165
RowKey = $ExistingPolicy.GUID
151166
PartitionKey = 'IntuneTemplate'
152167
Package = $ExistingPolicy.Package
168+
SHA = $Hash
153169
} -Force
154170
} else {
155171
"Policy $($Template.DisplayName) not found in existing templates, creating new template"
@@ -166,6 +182,7 @@ function New-CIPPTemplateRun {
166182
JSON = "$object"
167183
RowKey = "$GUID"
168184
PartitionKey = 'IntuneTemplate'
185+
SHA = $Hash
169186
} -Force
170187
}
171188
} catch {
@@ -181,8 +198,14 @@ function New-CIPPTemplateRun {
181198
'intunecompliance' {
182199
Write-Information "Backup Intune Compliance Policies for $TenantFilter"
183200
New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
201+
$Hash = Get-StringHash -String (ConvertTo-Json -Depth 100 -Compress -InputObject $_)
202+
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $_.DisplayName } | Select-Object -First 1
203+
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
204+
"Policy $($_.DisplayName) found, SHA matches, skipping template creation"
205+
continue
206+
}
207+
184208
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'deviceCompliancePolicies' -ID $_.ID
185-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1
186209
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
187210
"Policy $($Template.DisplayName) found, updating template"
188211
$object = [PSCustomObject]@{
@@ -198,6 +221,7 @@ function New-CIPPTemplateRun {
198221
RowKey = $ExistingPolicy.GUID
199222
PartitionKey = 'IntuneTemplate'
200223
Package = $ExistingPolicy.Package
224+
SHA = $Hash
201225
} -Force
202226
} else {
203227
"Policy $($Template.DisplayName) not found in existing templates, creating new template"
@@ -214,17 +238,23 @@ function New-CIPPTemplateRun {
214238
JSON = "$object"
215239
RowKey = "$GUID"
216240
PartitionKey = 'IntuneTemplate'
241+
SHA = $Hash
217242
} -Force
218243
}
219-
220244
}
221245
}
222246

223247
'intuneprotection' {
224248
Write-Information "Backup Intune Protection Policies for $TenantFilter"
225249
New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/managedAppPolicies?$top=999' -tenantid $TenantFilter | ForEach-Object {
250+
$Hash = Get-StringHash -String (ConvertTo-Json -Depth 100 -Compress -InputObject $_)
251+
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $_.DisplayName } | Select-Object -First 1
252+
if ($ExistingPolicy -and $ExistingPolicy.SHA -eq $Hash) {
253+
"Policy $($_.DisplayName) found, SHA matches, skipping template creation"
254+
continue
255+
}
256+
226257
$Template = New-CIPPIntuneTemplate -TenantFilter $TenantFilter -URLName 'managedAppPolicies' -ID $_.ID
227-
$ExistingPolicy = $ExistingTemplates | Where-Object { $_.displayName -eq $Template.DisplayName } | Select-Object -First 1
228258
if ($ExistingPolicy -and $ExistingPolicy.PartitionKey -eq 'IntuneTemplate') {
229259
"Policy $($Template.DisplayName) found, updating template"
230260
$object = [PSCustomObject]@{
@@ -240,6 +270,7 @@ function New-CIPPTemplateRun {
240270
RowKey = $ExistingPolicy.GUID
241271
PartitionKey = 'IntuneTemplate'
242272
Package = $ExistingPolicy.Package
273+
SHA = $Hash
243274
} -Force
244275
} else {
245276
"Policy $($Template.DisplayName) not found in existing templates, creating new template"
@@ -256,6 +287,7 @@ function New-CIPPTemplateRun {
256287
JSON = "$object"
257288
RowKey = "$GUID"
258289
PartitionKey = 'IntuneTemplate'
290+
SHA = $Hash
259291
} -Force
260292
}
261293
}

0 commit comments

Comments
 (0)