annexe 1 configuration intune

Annexe 1

configuration Intune

1

Applications

Publisher DisplayName Type Assignments

7-Zip 7-Zip 19.00 (x64 edition) winMobileMSI

AutoInstall_Prod - Intent:required

Apple GarageBand iosStoreApp

Mobile iOS - Intent:required

BORTHER_MFC

PRINTER_DRIVER = BORTHER_MFC-9340CDW

winMobileMSI

AutoInstall_Printer_Driver - Intent:required

Brother PRINTER_DRIVER = Brother MFC-L3770CDW

winMobileMSI

AutoInstall_Printer_Driver_CLIENT_Brother_3770 - Intent:required AutoInstall_Prod - Intent:required AutoInstall_Printer_Driver - Intent:required

Canon PRINTER_DRIVER = Canon Generic_Plus_UFRII

winMobileMSI

AutoInstall_Printer_Driver - Intent:required

FileZilla FileZilla FTP Client v3.31.0 MSI

winMobileMSI


Google Google Chrome winMobileMSI

AutoInstall_Test - Intent:required AutoInstall_Prod - Intent:required

Konica_Minolta

PRINTER_DRIVER = Konica_Minolta_BizHub_C308

winMobileMSI

AutoInstall_Prod - Intent:required AutoInstall_Printer_LeMans - Intent:required AutoInstall_Printer_Driver - Intent:required

LogmeIn LogMeIn winMobileMSI


Microsoft Corporation

Microsoft Excel iosStoreApp


Microsoft Corporation

Microsoft OneDrive iosStoreApp


Mozilla Firefox (fr) winMobileMSI


Notepad Notepad++ (64-bit x64) winMobileMSI


PuTTY PuTTY release 0.70 winMobileMSI


VLC VLC media player winMobileMSI

AutoInstall_Test - Intent:required

2


App Protection Policies

App Configuration Policies

Compliance Policies

BitLocker-ON

Name Value

bitLockerEnabled True

codeIntegrityEnabled False

createdDateTime 10/17/2019 09:00:43

description

deviceCompliancePolicyId 53d093f7-5cdb-4ea8-815b-fa624e6b4e2a

deviceCompliancePolicyODataType

microsoft.graph.win10CompliancePolicy

displayName BitLocker-ON

earlyLaunchAntiMalwareDriverEnabled

False

id 53d093f7-5cdb-4ea8-815b-fa624e6b4e2a

lastModifiedDateTime 10/17/2019 09:00:43

mobileOsMaximumVersion

mobileOsMinimumVersion

osMaximumVersion

osMinimumVersion

passwordBlockSimple False

passwordExpirationDays

passwordMinimumCharacterSetCount

passwordMinimumLength

passwordMinutesOfInactivityBeforeLock

passwordPreviousPasswordBlockCount

passwordRequired False

passwordRequiredToUnlockFromIdle

False

passwordRequiredType deviceDefault

requireHealthyDeviceReport False

secureBootEnabled False

storageRequireEncryption False

type win10CompliancePolicy

version 1

win10CompliancePolicyReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/53d093f7-5cdb-4ea8-815b-fa624e6b4e2a

Assignments

MAJ Windows 10

3

Name Value

bitLockerEnabled False

codeIntegrityEnabled False


description

deviceCompliancePolicyId 62561a60-9377-4780-8da9-54b5fc62af12


microsoft.graph.win10CompliancePolicy

displayName MAJ win 10

earlyLaunchAntiMalwareDriverEnabled

False

id 62561a60-9377-4780-8da9-54b5fc62af12


mobileOsMaximumVersion

mobileOsMinimumVersion

osMaximumVersion

osMinimumVersion 10.0.19041.572








passwordRequiredToUnlockFromIdle

False


requireHealthyDeviceReport False

secureBootEnabled False


type win10CompliancePolicy

version 1

win10CompliancePolicyReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/62561a60-9377-4780-8da9-54b5fc62af12

Assignments

Default compliance policy for Android

Name Value

androidCompliancePolicyReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/65c5041c-dfcd-8a88-1c40-a488e5a9cdb5


description 900f8baa-812e-4886-a598-61f73001bae8

deviceCompliancePolicyId 65c5041c-dfcd-8a88-1c40-a488e5a9cdb5


microsoft.graph.androidCompliancePolicy

4

deviceThreatProtectionEnabled False

deviceThreatProtectionRequiredSecurityLevel

unavailable

displayName Default compliance policy for Android

id 65c5041c-dfcd-8a88-1c40-a488e5a9cdb5


minAndroidSecurityPatchLevel

osMaximumVersion

osMinimumVersion







securityBlockJailbrokenDevices True

securityDisableUsbDebugging False

securityPreventInstallAppsFromUnknownSources

False

securityRequireCompanyPortalAppIntegrity

False

securityRequireGooglePlayServices

False

securityRequireSafetyNetAttestationBasicIntegrity

False

securityRequireSafetyNetAttestationCertifiedDevice

False

securityRequireUpToDateSecurityProviders

False

securityRequireVerifyApps False


type androidCompliancePolicy

version 1

Device Enrollment Restrictions

Name Value

androidRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion=


description This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.

deviceEnrollmentConfigurationId 3e717f30-180f-442e-8dfc-124830fd354d_DefaultPlatformRestrictions

deviceEnrollmentConfigurationODataType

microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration

5

deviceEnrollmentPlatformRestrictionsConfigurationReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/3e717f30-180f-442e-8dfc-124830fd354d_DefaultPlatformRestrictions

displayName All users and all devices

id 3e717f30-180f-442e-8dfc-124830fd354d_DefaultPlatformRestrictions

iosRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion=


macOSRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion=

priority 0

version 0

winMobileRestriction platformBlocked=True personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion=

winRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion=

Name Value


description This is the default win Hello for Business configuration applied with the lowest priority to all users regardless of group membership.

deviceEnrollmentConfigurationId 3e717f30-180f-442e-8dfc-124830fd354d_DefaultwinHelloForBusiness


microsoft.graph.deviceEnrollmentwinHelloForBusinessConfiguration

deviceEnrollmentwinHelloForBusinessConfigurationReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/3e717f30-180f-442e-8dfc-124830fd354d_DefaultwinHelloForBusiness


enhancedBiometricsState notConfigured

id 3e717f30-180f-442e-8dfc-124830fd354d_DefaultwinHelloForBusiness


pinExpirationInDays 0

pinLowercaseCharactersUsage disallowed

pinMaximumLength 127

pinMinimumLength 4

pinPreviousBlockCount 0

pinSpecialCharactersUsage disallowed

pinUppercaseCharactersUsage disallowed

priority 0

remotePassportEnabled True

securityDeviceRequired False

state notConfigured

unlockWithBiometricsEnabled True

6

version 0

Name Value


description This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.

deviceEnrollmentConfigurationId 3e717f30-180f-442e-8dfc-124830fd354d_Defaultwin10EnrollmentCompletionPageConfiguration


microsoft.graph.deviceEnrollmentConfiguration

deviceEnrollmentConfigurationReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/3e717f30-180f-442e-8dfc-124830fd354d_Defaultwin10EnrollmentCompletionPageConfiguration


id 3e717f30-180f-442e-8dfc-124830fd354d_Defaultwin10EnrollmentCompletionPageConfiguration


priority 0

version 0

Device Configuration

Background CLIENT

Name Value

accountsBlockAddingNonMicrosoftAccountEmail

False

antiTheftModeBlocked False

appsAllowTrustedAppsSideloading notConfigured

appsBlockwinStoreOriginatedApps False

bluetoothAllowedServices

bluetoothBlockAdvertising False

bluetoothBlockDiscoverableMode False

bluetoothBlocked False

bluetoothBlockPrePairing False

cameraBlocked False

cellularBlockDataWhenRoaming False

cellularBlockVpn False

cellularBlockVpnWhenRoaming False

certificatesBlockManualRootCertificateInstallation

False

connectedDevicesServiceBlocked False

copyPasteBlocked False

cortanaBlocked False


defenderBlockEndUserAccess False

defenderCloudBlockLevel notConfigured

7

defenderDaysBeforeDeletingQuarantinedMalware

defenderDetectedMalwareActions

defenderFileExtensionsToExclude

defenderFilesAndFoldersToExclude

defenderMonitorFileActivity userDefined

defenderProcessesToExclude

defenderPromptForSampleSubmission userDefined

defenderRequireBehaviorMonitoring False

defenderRequireCloudProtection False

defenderRequireNetworkInspectionSystem

False

defenderRequireRealTimeMonitoring False

defenderScanArchiveFiles False

defenderScanDownloads False

defenderScanIncomingMail False

defenderScanMappedNetworkDrivesDuringFullScan

False

defenderScanMaxCpu

defenderScanNetworkFiles False

defenderScanRemovableDrivesDuringFullScan

False

defenderScanScriptsLoadedInInternetExplorer

False

defenderScanType userDefined

defenderScheduledQuickScanTime

defenderScheduledScanTime

defenderSignatureUpdateIntervalInHours

defenderSystemScanSchedule userDefined

description

developerUnlockSetting notConfigured

deviceConfigurationId 5ff43cde-6fcb-4752-a4e7-176cd38c8df5

deviceConfigurationODataType microsoft.graph.win10GeneralConfiguration

deviceManagementBlockFactoryResetOnMobile

False

deviceManagementBlockManualUnenroll

False

diagnosticsDataSubmissionMode userDefined

displayName Background CLIENT

edgeAllowStartPagesModification False

edgeBlockAccessToAboutFlags False

edgeBlockAddressBarDropdown False

edgeBlockAutofill False

edgeBlockCompatibilityList False

edgeBlockDeveloperTools False

edgeBlocked False

edgeBlockExtensions False

edgeBlockInPrivateBrowsing False

8

edgeBlockJavaScript False

edgeBlockLiveTileDataCollection False

edgeBlockPasswordManager False

edgeBlockPopups False

edgeBlockSearchSuggestions False

edgeBlockSendingDoNotTrackHeader False

edgeBlockSendingIntranetTrafficToInternetExplorer

False

edgeClearBrowsingDataOnExit False

edgeCookiePolicy userDefined

edgeDisableFirstRunPage False

edgeEnterpriseModeSiteListLocation

edgeFirstRunUrl

edgeHomepageUrls

edgeRequireSmartScreen False

edgeSearchEngine

edgeSendIntranetTrafficToInternetExplorer

False

edgeSyncFavoritesWithInternetExplorer

False

enterpriseCloudPrintDiscoveryEndPoint

enterpriseCloudPrintDiscoveryMaxLimit

enterpriseCloudPrintMopriaDiscoveryResourceIdentifier

enterpriseCloudPrintOAuthAuthority

enterpriseCloudPrintOAuthClientIdentifier

enterpriseCloudPrintResourceIdentifier

experienceBlockDeviceDiscovery False

experienceBlockErrorDialogWhenNoSIM

False

experienceBlockTaskSwitcher False

gameDvrBlocked False

id 5ff43cde-6fcb-4752-a4e7-176cd38c8df5

internetSharingBlocked False


locationServicesBlocked False

lockScreenAllowTimeoutConfiguration False

lockScreenBlockActionCenterNotifications

False

lockScreenBlockCortana False

lockScreenBlockToastNotifications False

lockScreenTimeoutInSeconds

logonBlockFastUserSwitching False

microsoftAccountBlocked False

microsoftAccountBlockSettingsSync False

9

networkProxyApplySettingsDeviceWide

False

networkProxyAutomaticConfigurationUrl

networkProxyDisableAutoDetect False

networkProxyServer

nfcBlocked False

oneDriveDisableFileSync False





passwordMinutesOfInactivityBeforeScreenTimeout




passwordRequireWhenResumeFromIdleState

False

passwordSignInFailureCountBeforeFactoryReset

personalizationDesktopImageUrl https://bo.CLIENT.com/assets/ressources/NTIC/Background.jpeg

personalizationLockScreenImageUrl

privacyAdvertisingId notConfigured

privacyAutoAcceptPairingAndConsentPrompts

False

privacyBlockInputPersonalization False

resetProtectionModeBlocked False

safeSearchFilter userDefined

screenCaptureBlocked False

searchBlockDiacritics False

searchDisableAutoLanguageDetection False

searchDisableIndexerBackoff False

searchDisableIndexingEncryptedItems False

searchDisableIndexingRemovableDrive False

searchEnableAutomaticIndexSizeManangement

False

searchEnableRemoteQueries False

settingsBlockAccountsPage False

settingsBlockAddProvisioningPackage False

settingsBlockAppsPage False

settingsBlockChangeLanguage False

settingsBlockChangePowerSleep False

settingsBlockChangeRegion False

settingsBlockChangeSystemTime False

settingsBlockDevicesPage False

settingsBlockEaseOfAccessPage False

10

settingsBlockEditDeviceName False

settingsBlockGamingPage False

settingsBlockNetworkInternetPage False

settingsBlockPersonalizationPage False

settingsBlockPrivacyPage False

settingsBlockRemoveProvisioningPackage

False

settingsBlockSettingsApp False

settingsBlockSystemPage False

settingsBlockTimeLanguagePage False

settingsBlockUpdateSecurityPage False

sharedUserAppDataAllowed False

smartScreenBlockPromptOverride False

smartScreenBlockPromptOverrideForFiles

False

smartScreenEnableAppInstallControl False

startBlockUnpinningAppsFromTaskbar False

startMenuAppListVisibility userDefined

startMenuHideChangeAccountSettings False

startMenuHideFrequentlyUsedApps False

startMenuHideHibernate False

startMenuHideLock False

startMenuHidePowerButton False

startMenuHideRecentJumpLists False

startMenuHideRecentlyAddedApps False

startMenuHideRestartOptions False

startMenuHideShutDown False

startMenuHideSignOut False

startMenuHideSleep False

startMenuHideSwitchAccount False

startMenuHideUserTile False

startMenuLayoutEdgeAssetsXml

startMenuLayoutXml

startMenuMode userDefined

startMenuPinnedFolderDocuments notConfigured

startMenuPinnedFolderDownloads notConfigured

startMenuPinnedFolderFileExplorer notConfigured

startMenuPinnedFolderHomeGroup notConfigured

startMenuPinnedFolderMusic notConfigured

startMenuPinnedFolderNetwork notConfigured

startMenuPinnedFolderPersonalFolder notConfigured

startMenuPinnedFolderPictures notConfigured

startMenuPinnedFolderSettings notConfigured

startMenuPinnedFolderVideos notConfigured

storageBlockRemovableStorage False

storageRequireMobileDeviceEncryption

False

storageRestrictAppDataToSystemVolume

False

11

storageRestrictAppInstallToSystemVolume

False

tenantLockdownRequireNetworkDuringOutOfBoxExperience

False

type win10GeneralConfiguration

usbBlocked False

version 4

voiceRecordingBlocked False

webRtcBlockLocalhostIpAddress False

wiFiBlockAutomaticConnectHotspots False

wiFiBlocked False

wiFiBlockManualConfiguration False

wiFiScanInterval

win10GeneralConfigurationReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/5ff43cde-6fcb-4752-a4e7-176cd38c8df5

winSpotlightBlockConsumerSpecificFeatures

False

winSpotlightBlocked False

winSpotlightBlockOnActionCenter False

winSpotlightBlockTailoredExperiences False

winSpotlightBlockThirdPartyNotifications

False

winSpotlightBlockWelcomeExperience False

winSpotlightBlockwinTips False

winSpotlightConfigureOnLockScreen notConfigured

winStoreBlockAutoUpdate False

winStoreBlocked False

winStoreEnablePrivateStoreOnly False

wirelessDisplayBlockProjectionToThisDevice

False

wirelessDisplayBlockUserInputFromReceiver

False

wirelessDisplayRequirePinForPairing False

AutoInstall_Test

Ecran Lock CLIENT

Name Value


False









cameraBlocked False

12





False

















False






False

defenderScanMaxCpu



False


False






description


deviceConfigurationId 408f397f-a834-491c-bb50-891b864b82e3



False


False

13


displayName Ecran Lock CLIENT







edgeBlocked False










False





edgeFirstRunUrl

edgeHomepageUrls


edgeSearchEngine


False


False









False



id 408f397f-a834-491c-bb50-891b864b82e3


14





False

lockScreenBlockCortana True

lockScreenBlockToastNotifications True






False



networkProxyServer

nfcBlocked False











False


personalizationDesktopImageUrl

personalizationLockScreenImageUrl https://bo.CLIENT.com/assets/ressources/NTIC/lock.jpeg



False










15


False

















False








False


















startMenuLayoutXml




16











False


False


False


False


usbBlocked False

version 4




wiFiBlocked False


wiFiScanInterval


https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/408f397f-a834-491c-bb50-891b864b82e3


False





False








False


False


Assignments

17

AutoInstall_Test

AutoInstall_Prod

MAJ Standard

Name Value

automaticUpdateMode autoInstallAndRebootAtScheduledTime

businessReadyUpdatesOnly businessReadyOnly


deliveryOptimizationMode userDefined

description

deviceConfigurationId ee5d432c-08fc-40a7-9f7c-8ecde6fa8bbc

deviceConfigurationODataType microsoft.graph.winUpdateForBusinessConfiguration

displayName MAJ Standard

driversExcluded False

featureUpdatesDeferralPeriodInDays

1

featureUpdatesPaused False

featureUpdatesPauseExpiryDateTime

01/01/0001 00:00:00

id ee5d432c-08fc-40a7-9f7c-8ecde6fa8bbc

installationSchedule type=winUpdateScheduledInstall scheduledInstallDay=thursday scheduledInstallTime=13:00:00.0000000


microsoftUpdateServiceAllowed True

prereleaseFeatures userDefined

qualityUpdatesDeferralPeriodInDays

1

qualityUpdatesPaused False

qualityUpdatesPauseExpiryDateTime

01/01/0001 00:00:00

type winUpdateForBusinessConfiguration

version 3

winUpdateForBusinessConfigurationReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/ee5d432c-08fc-40a7-9f7c-8ecde6fa8bbc

Assignments

NTIC

Mise en veille + Lock 15"

Name Value


False






18




cameraBlocked False





False

















False






False

defenderScanMaxCpu



False


False






description


deviceConfigurationId 8aa973ab-bb01-47d3-8f71-2dcd6a8de580


19


False


False


displayName Mise en veille + Lock 15"







edgeBlocked False










False





edgeFirstRunUrl

edgeHomepageUrls


edgeSearchEngine


False


False









False

20



id 8aa973ab-bb01-47d3-8f71-2dcd6a8de580






False








False



networkProxyServer

nfcBlocked False







15


passwordRequired True



True






False








21




False

















False








False


















startMenuLayoutXml


22













False


False


False


False


usbBlocked False

version 6




wiFiBlocked False


wiFiScanInterval


https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/8aa973ab-bb01-47d3-8f71-2dcd6a8de580


False





False








False


False


23

Assignments

AutoInstall_Test

AutoInstall_Prod

No OneDrive

Name Value


False









cameraBlocked False





False

















False






False

defenderScanMaxCpu

24



False


False






description


deviceConfigurationId 3994b4ab-e4d7-47f0-a473-5b9f3e02a20a



False


False


displayName No OneDrive







edgeBlocked False










False





edgeFirstRunUrl

edgeHomepageUrls


edgeSearchEngine


False

25


False









False



id 3994b4ab-e4d7-47f0-a473-5b9f3e02a20a






False








False



networkProxyServer

nfcBlocked False

oneDriveDisableFileSync True









26


False






False









searchDisableIndexingRemovableDrive

False


False

















False








False




27















startMenuLayoutXml














False


False


False


False


usbBlocked False

version 2




wiFiBlocked False


wiFiScanInterval


https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/3994b4ab-e4d7-47f0-a473-5b9f3e02a20a


False

28





False








False


False


No USB

Name Value


False









cameraBlocked False





False














29




False






False

defenderScanMaxCpu



False


False






description


deviceConfigurationId 2dfc462b-3221-47df-9b7c-8c6d0586a62d



False


False


displayName No USB







edgeBlocked False










False

30





edgeFirstRunUrl

edgeHomepageUrls


edgeSearchEngine


False


False









False



id 2dfc462b-3221-47df-9b7c-8c6d0586a62d






False








False



networkProxyServer

nfcBlocked False


31










False






False











False

















False



32






False


















startMenuLayoutXml












storageBlockRemovableStorage True


False


False


False


False


usbBlocked False

version 2



33


wiFiBlocked False


wiFiScanInterval


https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/2dfc462b-3221-47df-9b7c-8c6d0586a62d


False





False








False


False


Device Management Scripts

Admin_Install_ClickShare

Name Value

description

displayName Admin_Install_ClickShare

enforceSignatureCheck False

fileName Intune_PSScript_ClickShare.ps1

id 4d1d9258-41d6-470f-859b-9cfafe559566

runAs32Bit True

runAsAccount user

Script

<#

Version: 1.2

Description:

Intune Management Extension - PowerShell script template with logging,

error codes, standard error output handling and x64 PowerShell execution.

Release notes:

The script is provided "AS IS" with no warranties.

34

#>

$exitCode = 0

if (![System.Environment]::Is64BitProcess)

{

# start new PowerShell as x64 bit process, wait for it and gather exit

code and standard error output

$sysNativePowerShell = "$($PSHOME.ToLower().Replace("syswow64",

"sysnative"))\powershell.exe"

$pinfo = New-Object System.Diagnostics.ProcessStartInfo

$pinfo.FileName = $sysNativePowerShell

$pinfo.Arguments = "-ex bypass -file `"$PSCommandPath`""

$pinfo.RedirectStandardError = $true

$pinfo.RedirectStandardOutput = $true

$pinfo.CreateNoWindow = $true

$pinfo.UseShellExecute = $false

$p = New-Object System.Diagnostics.Process

$p.StartInfo = $pinfo

$p.Start() | Out-Null

$exitCode = $p.ExitCode

$stderr = $p.StandardError.ReadToEnd()

if ($stderr) { Write-Error -Message $stderr }

}

else

35

{

# start logging to TEMP in file "scriptname".log

Start-Transcript -Path "$env:TEMP\$($(Split-Path $PSCommandPath -

Leaf).ToLower().Replace(".ps1",".log"))" | Out-Null

# Check if Software is installed already in registry.

$CheckADCReg = Get-ItemProperty

HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* |

where {$_.DisplayName -like "ClickShare*"}

# If ClickShare_Button_Manager is not installed continue with script. If

it's istalled already script will exit.

If ($CheckADCReg -eq $null)

{

# Path for the temporary downloadfolder. Script will run as system so no

issues here

$Installdir = "c:\temp\install_ClickShare"

New-Item -Path $Installdir -ItemType directory

# Download the installer from the CLIENT.com website. Always check for new

versions!!

$source =

"https://bo.CLIENT.com/assets/ressources/NTIC/ClickShare_Setup.exe"

$destination = "$Installdir\ClickShare_Setup.exe"

try

{

Invoke-WebRequest $source -OutFile $destination

}

catch

{

Write-Error -Message "Could not download the installer from the CLIENT.com

website" -Category OperationStopped

$exitCode = -1

}

36

# Start the installation when download is finished

try

{

Start-Process -FilePath "$Installdir\ClickShare_Setup.exe" -ArgumentList

"/sAll /rs /rps /msi /norestart /quiet EULA_ACCEPT=YES"

}

catch

{

Write-Error -Message "Could not install ClickShare_Button_Manager" -

Category OperationStopped

$exitCode = -1

}

# Wait for the installation to finish. Test the installation and time it

yourself. I've set it to 240 seconds.

Start-Sleep -s 240

# Finish by cleaning up the download. I choose to leave c:\temp\ for future

installations.

# rm -Force $Installdir\install_ClickShare_Button_Manager*

}

Stop-Transcript | Out-Null

}

exit $exitCode

Admin_Install_Adobe-Acrobat-Reader-DC

Name Value

description Adobe Acrobat Reader DC

displayName Admin_Install_Adobe-Acrobat-Reader-DC


fileName Intune_PSScript_Adobe_Reader_DC.ps1

id 50e7a1c3-1860-4c83-953a-e85461d87732

runAs32Bit False

37

runAsAccount system

Script

<#

Version: 1.2

Description:



Release notes:


#>

$exitCode = 0


{















38




}

else

{







where {$_.DisplayName -like "Adobe Acrobat Reader DC*"}

# If Adobe Reader is not installed continue with script. If it's istalled

already script will exit.


{


issues here

$Installdir = "c:\temp\install_adobe"


# Download the installer from the Adobe website. Always check for new

versions!!

$source =

"ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/1901220034/AcroRdrDC190

1220034_fr_FR.exe"

$destination = "$Installdir\AcroRdrDC1901220034_fr_FR.exe"

try

39

{


}

catch

{

Write-Error -Message "Could not download the installer from the Adobe


$exitCode = -1

}


try

{

Start-Process -FilePath "$Installdir\AcroRdrDC1901220034_fr_FR.exe" -

ArgumentList "/sAll /rs /rps /msi /norestart /quiet EULA_ACCEPT=YES"

}

catch

{

Write-Error -Message "Could not install Adobe Reader" -Category

OperationStopped

$exitCode = -1

}



Start-Sleep -s 240


installations.

# rm -Force $Installdir\AcroRdrDC*

}


40

}

exit $exitCode

OLD____Admin_Driver-Printer_EVENT-CLIENT

Name Value

description Installe les Brother MFC-9340CDW : CLIENT-ORGA =172.16.1.50 CLIENT-MEDIA = 172.16.1.52 CLIENT-STEWARDS = 172.16.1.54 CLIENT-SPARE = 172.16.1.56

displayName OLD____Admin_Driver-Printer_EVENT-CLIENT


fileName Intune_PSScript_Brother-9340_Set-Up.ps1

id 727102af-7b48-4686-b5d6-24021b9bc78e

runAs32Bit True

runAsAccount system

Script

#Parameters

$URLINF = "https://bo.CLIENT.com/assets/ressources/NTIC/BRPRC12A.INF"

$OutFileINF = "C:\temp\BRPRC12A.INF"

$URLCAT = "https://bo.CLIENT.com/assets/ressources/NTIC/BRPRC12A.CAT"

$OutFileCAT = "C:\temp\BRPRC12A.CAT"

$URLDSI = "https://bo.CLIENT.com/assets/ressources/NTIC/BRPRC12A.DSI"

$OutFileDSI = "C:\temp\BRPRC12A.DSI"

#Download Files

Invoke-WebRequest -Uri $URLINF -OutFile $OutFileINF

Invoke-WebRequest -Uri $URLCAT -OutFile $OutFileCAT

Invoke-WebRequest -Uri $URLDSI -OutFile $OutFileDSI

41

###########################################################################

##########

#Parameters CLIENT-ORGA

$portName = "IP_172.16.1.50"

$ipPort = "172.16.1.50"

$PrinterName = "CLIENT-ORGA (MFC-9340CDW)"

$PrinterDriverName = "Brother MFC-9340CDW Printer"

#Add PrinterPort

$checkPortExists = Get-Printerport -Name $portname -ErrorAction

SilentlyContinue

if (-not $checkPortExists)

{Add-PrinterPort -name $portName -PrinterHostAddress $ipPort}

#Add Printer Driver

#Printer Driver Name (Collect from inside INF file)

pnputil.exe -a $OutFileINF

$PrinterDriver = $PrinterDriverName

Add-PrinterDriver -Name $PrinterDriver

#Add Printer

Add-Printer -Name $PrinterName -DriverName $PrinterDriverName -PortName

$portName

###########################################################################

##########

#Parameters CLIENT-MEDIA

$portName = "IP_172.16.1.52"

42

$ipPort = "172.16.1.52"

$PrinterName = "CLIENT-MEDIA (MFC-9340CDW)"


#Add PrinterPort


SilentlyContinue



#Add Printer Driver





#Add Printer


$portName

###########################################################################

##########

#Parameters CLIENT-STEWARDS

$portName = "IP_172.16.1.54"

$ipPort = "172.16.1.54"

$PrinterName = "CLIENT-STEWARDS (MFC-9340CDW)"


#Add PrinterPort


SilentlyContinue

43



#Add Printer Driver





#Add Printer


$portName

###########################################################################

##########

#Parameters CLIENT-SPARE

$portName = "IP_172.16.1.56"

$ipPort = "172.16.1.56"

$PrinterName = "CLIENT-SPARE (MFC-9340CDW)"


#Add PrinterPort


SilentlyContinue



#Add Printer Driver



44



#Add Printer


$portName

Admin_Driver-Printer_Canon_Drivers

Name Value

description

displayName Admin_Driver-Printer_Canon_Drivers


fileName Intune_PSScript_Generic_Plus_UFRII_Driver.ps1

id 77b80236-2174-4a83-8017-dae1927dc922

runAs32Bit True

runAsAccount system

Script

<#

Version: 1.2

Description:



Release notes:


#>

$exitCode = 0


{





45














}

else

{







where {$_.DisplayName -like "Canon UFRII*"}

# If Canon UFRII is not installed continue with script. If it's istalled

already script will exit.


46

{


issues here

$Installdir = "c:\temp\install_Canon_UFRII"


# Download the installer from the CLIENT.com website. Always check for new

versions!!

$source =

"https://bo.CLIENT.com/assets/ressources/NTIC/Generic_Plus_UFRII_v1.21_Set-

up_x64.exe"

$destination = "$Installdir\Generic_Plus_UFRII_v1.21_Set-up_x64.exe"

try

{


}

catch

{

Write-Error -Message "Could not download the installer from the CLIENT.com


$exitCode = -1

}


try

{

Start-Process -FilePath "$Installdir\Generic_Plus_UFRII_v1.21_Set-

up_x64.exe" -ArgumentList "/sAll /rs /rps /msi /norestart /quiet

EULA_ACCEPT=YES"

}

catch

{

47

Write-Error -Message "Could not install Canon_UFRII" -Category

OperationStopped

$exitCode = -1

}



Start-Sleep -s 240


installations.

rm -Force $Installdir\Generic_Plus_UFRII*

}


}

exit $exitCode

Admin_NewPrinter-Set_EVENT_CLIENT

Name Value

description

displayName Admin_NewPrinter-Set_EVENT_CLIENT


fileName Intune_PSScript_Brother-3770_Set-Up.ps1

id 7a4d766d-a6d1-4754-9bfa-1887f1ac7d37

runAs32Bit True

runAsAccount system

Script

###########################################################################

##########

#Parameters CLIENT-ORGA

$portName = "Event-CLIENT_172.16.1.50"

$ipPort = "172.16.1.50"

$PrinterName = "CLIENT ORGA - Brother MFC-L3770CDW"

$PrinterDriverName = "Brother MFC-L3770CDW series"

48

#Add PrinterPort


SilentlyContinue



#Add Printer Driver




#Add Printer


$portName

###########################################################################

##########

###########################################################################

##########

#Parameters CLIENT-MEDIA


$ipPort = "172.16.1.52"

$PrinterName = "CLIENT MEDIA - Brother MFC-L3770CDW"


#Add PrinterPort


SilentlyContinue



49

#Add Printer Driver




#Add Printer


$portName

###########################################################################

##########

###########################################################################

##########

#Parameters CLIENT-STEWARDS


$ipPort = "172.16.1.54"

$PrinterName = "CLIENT STEWARDS - Brother MFC-L3770CDW"


#Add PrinterPort


SilentlyContinue



#Add Printer Driver



50


#Add Printer


$portName

###########################################################################

##########

###########################################################################

##########

#Parameters CLIENT-SPARE


$ipPort = "172.16.1.56"

$PrinterName = "CLIENT SPARE - Brother MFC-L3770CDW"


#Add PrinterPort


SilentlyContinue



#Add Printer Driver




#Add Printer


$portName

51

###########################################################################

##########

Admin_Printer-Set_Konica-Minolta

Name Value

description install l'imprimante du Mans 10.66.0.130 BizHub C308

displayName Admin_Printer-Set_Konica-Minolta


fileName Intune_PSScript_BizHub_C308_Set-Up.ps1

id 9401ce37-5ac7-4324-9f2f-3266ed6eeb1c

runAs32Bit True

runAsAccount system

Script

###########################################################################

##########

#Parameters Konica Minolta BizHub C308

$portName = "XXX.XXX.XXX.XXX"

$ipPort = "XXX.XXX.XXX.XXX"

$PrinterName = " Konica Minolta BizHub C308"

$PrinterDriverName = "KONICA MINOLTA Universal PCL"

#Add PrinterPort


SilentlyContinue



#Add Printer Driver




#Add Printer

52


$portName

###########################################################################

##########

Admin_Printer-Set_Paris

Name Value

description

displayName Admin_Printer-Set_Paris


fileName Intune_PSScript_Generic_Plus_UFRII_Set_Up.ps1

id d54d133f-04fb-41a9-8a5d-faf5ae25a601

runAs32Bit True

runAsAccount system

Script

#Parameters


$OutFileINF = "c:\temp\BRPRC12A.INF"


$OutFileCAT = "c:\temp\BRPRC12A.CAT"


$OutFileDSI = "c:\temp\BRPRC12A.DSI"

#Download Files




53

###########################################################################

##########

#Parameters Paris - Canon iR-ADV C3525

$portName = "XXX.XXX.XXX.XXX "

$ipPort = "XXX.XXX.XXX.XXX"

$PrinterName = "Canon iR-ADV C3525"

$PrinterDriverName = "Canon Generic Plus UFR II"

#Add PrinterPort


SilentlyContinue



#Add Printer Driver





#Add Printer


$portName

###########################################################################

##########

#Parameters - Canon iR-ADV C3525

$portName = "XXX.XXX.XXX.XXX

$ipPort = "10.67.0.203"

$PrinterName = "XXX.XXX.XXX.XXX - Canon iR-ADV C3525"

54


#Add PrinterPort


SilentlyContinue



#Add Printer Driver





#Add Printer


$portName

###########################################################################

##########

#Parameters Canon iR-ADV C3325

$portName = "Paris_10.67.0.215"

$ipPort = "10.67.0.215"

$PrinterName = " Canon iR-ADV C3325"


#Add PrinterPort


SilentlyContinue



55

#Add Printer Driver





#Add Printer


$portName

###########################################################################

##########

TEST

Name Value

description test

displayName TEST


fileName TEST-ADD-BROTHER-DRIVER.ps1

id eed830fa-282e-4791-a1fb-ed6f9655b839

runAs32Bit True

runAsAccount system

Script

#Parameters

$WinDriverPath = "C:\Windows\INF"


$OutFileINF = "C:\Windows\INF\BRPRC12A.INF"


$OutFileCAT = "C:\Windows\INF\BRPRC12A.CAT"


$OutFileDSI = "C:\Windows\INF\BRPRC12A.DSI"

#Download .inf


56

#Download .cat


#Download .dsi


#Add Printer Driver via WindowsDriver

Add-WindowsDriver -Path $WinDriverPath -Driver $OutFileINF -ForceUnsigned

AutoPilot Configuration

Autopilot V1

Name Value


description

deviceNameTemplate LMEM-%RAND:3%

deviceType winPc

displayName Autopilot V1

enableWhiteGlove False

enrollmentStatusScreenSettings

extractHardwareHash True

id b18d46f2-2026-4645-a035-4f91a39e3ac0

language fr-FR


managementServiceAppId

outOfBoxExperienceSettings hidePrivacySettings=True hideEULA=True userType=standard deviceUsageType=shared skipKeyboardSelectionPage=True hideEscapeLink=True

roleScopeTagIds 0

type azureADwinAutopilotDeploymentProfile

Enrollment Status Pages

All users and all devices

Name Value


description This is the default Device Limit Restriction applied with the lowest priority to all users regardless of group membership.


id 3e717f30-180f-442e-8dfc-124830fd354d_DefaultLimit


57

limit 5

priority 0

roleScopeTagIds

type deviceEnrollmentLimitConfiguration

version 0


Name Value

androidForWorkRestriction platformBlocked=True personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]

androidRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]

aospRestriction


description This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.


id 3e717f30-180f-442e-8dfc-124830fd354d_DefaultPlatformRestrictions

iosRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]


macOSRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]

macRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]

priority 0

roleScopeTagIds

type deviceEnrollmentPlatformRestrictionsConfiguration

version 0

winHomeSkuRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]

58

winMobileRestriction platformBlocked=True personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]

winRestriction platformBlocked=False personalDeviceEnrollmentBlocked=False osMinimumVersion= osMaximumVersion= blockedManufacturers=System.Object[] blockedSkus=System.Object[]


Name Value


description This is the default win Hello for Business configuration applied with the lowest priority to all users regardless of group membership.


enhancedBiometricsState notConfigured

id 3e717f30-180f-442e-8dfc-124830fd354d_DefaultwinHelloForBusiness


pinExpirationInDays 0

pinLowercaseCharactersUsage disallowed

pinMaximumLength 127

pinMinimumLength 4

pinPreviousBlockCount 0

pinSpecialCharactersUsage disallowed

pinUppercaseCharactersUsage disallowed

priority 0

remotePassportEnabled True

roleScopeTagIds

securityDeviceRequired False

securityKeyForSignIn notConfigured

state notConfigured

type deviceEnrollmentwinHelloForBusinessConfiguration

unlockWithBiometricsEnabled True

version 0


Name Value

allowDeviceResetOnInstallFailure False

allowDeviceUseOnInstallFailure False

allowLogCollectionOnInstallFailure False

blockDeviceSetupRetryByUser True


customErrorMessage

description This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.

59

disableUserStatusTrackingAfterFirstUser

False


id 3e717f30-180f-442e-8dfc-124830fd354d_Defaultwin10EnrollmentCompletionPageConfiguration

installProgressTimeoutInMinutes 0


priority 0

roleScopeTagIds

selectedMobileAppIds

showInstallationProgress False

trackInstallProgressForAutopilotOnly

False

type win10EnrollmentCompletionPageConfiguration

version 0

Apple Configurations

Apple Push Certificate

[email protected]

Name Value

appleIdentifier [email protected]

applePushNotificationCertificateODataType

microsoft.graph.applePushNotificationCertificate

applePushNotificationCertificateReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/applePushNotificationCertificate

certificate

certificateSerialNumber 35673B0C142B7FE8

context https://graph.microsoft.com/v1.0/$metadata#deviceManagement/applePushNotificationCertificate/$entity

expirationDateTime 04/17/2020 11:05:34

id 3fb18ecb-5065-4eff-a92c-e7b2ad323088


topicIdentifier com.apple.mgmt.External.a44d5408-1c56-489b-ad44-a2552b6e6e92

Apple VPP Tokens

Device Categories

Exchange Connector

Partner Configuration

Jamf

Name Value

deviceManagementPartnerId 007d2fff-e0dd-4b28-8595-cec005efe5cd

deviceManagementPartnerODataType

microsoft.graph.deviceManagementPartner

60

deviceManagementPartnerReferenceUrl

https://graph.microsoft.com/v1.0/deviceManagement/deviceManagementPartners/007d2fff-e0dd-4b28-8595-cec005efe5cd

displayName Jamf

id 007d2fff-e0dd-4b28-8595-cec005efe5cd

isConfigured False

lastHeartbeatDateTime 01/01/0001 00:00:00

partnerAppType singleTenantApp

partnerState unknown

singleTenantAppId

whenPartnerDevicesWillBeMarkedAsNonCompliantDateTime

whenPartnerDevicesWillBeRemovedDateTime