Assign a group to a Intune Endpoint security policy

Question

I'd like to find a way using PowerShell to assign a group to a Intune endpoint security policy like disk encryption or a security baseline for Windows 10 (not iOS or Android). I managed to create policies using PS but can't find how to assign a group.

I used the Graph API to create the policy using https://graph.microsoft.com/beta/deviceManagement/templates/$TemplateId/createInstance.

Any help would be appreciated.

Cheers

I used these sample scripts to get and set the policies but it doesn't have the assignment nor I can find it anywhere in the API. I'm sure there must be as there are several other assignment commands for other things but I just can't find it! https://github.com/microsoftgraph/powershell-intune-samples/tree/master/EndpointSecurity — CLiFoS, Aug 16 '22 at 13:29

fabrisodotps1 · Answer 1 · 2022-11-05T11:01:58.333

The endpoint for a security baseline assignment would look like this:

POST https://graph.microsoft.com/beta/deviceManagement/intents/$IDOFYOURNEWSECURITYBASELINE/assign

Example body for one include and one exclude group:

{
    "assignments": [
        {
            "target": {
                "@odata.type": "#microsoft.graph.groupAssignmentTarget",
                "groupId": "$IDOFYOURAADGROUPTOASSIGN1"
            }
        },
        {
            "target": {
                "@odata.type": "#microsoft.graph.exclusionGroupAssignmentTarget",
                "groupId": "$IDOFYOURAADGROUPTOASSIGN2"
            }
        }
    ]
}

Assign a group to a Intune Endpoint security policy

1 Answers1