diff --git a/intune/Intune Scripts/Correct-PrimaryUser.ps1 b/intune/Device Management/Correct-PrimaryUser.ps1
similarity index 100%
rename from intune/Intune Scripts/Correct-PrimaryUser.ps1
rename to intune/Device Management/Correct-PrimaryUser.ps1
diff --git a/intune/SystemRenamer/IntuneWinAppUtil.exe b/intune/Device Management/SystemRenamer/IntuneWinAppUtil.exe
similarity index 100%
rename from intune/SystemRenamer/IntuneWinAppUtil.exe
rename to intune/Device Management/SystemRenamer/IntuneWinAppUtil.exe
diff --git a/intune/SystemRenamer/LICENSE b/intune/Device Management/SystemRenamer/LICENSE
similarity index 100%
rename from intune/SystemRenamer/LICENSE
rename to intune/Device Management/SystemRenamer/LICENSE
diff --git a/intune/SystemRenamer/README.md b/intune/Device Management/SystemRenamer/README.md
similarity index 100%
rename from intune/SystemRenamer/README.md
rename to intune/Device Management/SystemRenamer/README.md
diff --git a/intune/SystemRenamer/RenameComputer.intunewin b/intune/Device Management/SystemRenamer/RenameComputer.intunewin
similarity index 100%
rename from intune/SystemRenamer/RenameComputer.intunewin
rename to intune/Device Management/SystemRenamer/RenameComputer.intunewin
diff --git a/intune/SystemRenamer/RenameComputer/RenameComputer.ps1 b/intune/Device Management/SystemRenamer/RenameComputer/RenameComputer.ps1
similarity index 100%
rename from intune/SystemRenamer/RenameComputer/RenameComputer.ps1
rename to intune/Device Management/SystemRenamer/RenameComputer/RenameComputer.ps1
diff --git a/intune/SystemRenamer/debug.log b/intune/Device Management/SystemRenamer/debug.log
similarity index 100%
rename from intune/SystemRenamer/debug.log
rename to intune/Device Management/SystemRenamer/debug.log
diff --git a/intune/SystemRenamer/makeapp.cmd b/intune/Device Management/SystemRenamer/makeapp.cmd
similarity index 100%
rename from intune/SystemRenamer/makeapp.cmd
rename to intune/Device Management/SystemRenamer/makeapp.cmd
diff --git a/intune/Intune Scripts/rotate_all_bitlocker_keys.ps1 b/intune/Device Management/rotate_all_bitlocker_keys.ps1
similarity index 100%
rename from intune/Intune Scripts/rotate_all_bitlocker_keys.ps1
rename to intune/Device Management/rotate_all_bitlocker_keys.ps1
diff --git a/intune/Intune Platform Scripts/LogAnalytics - Analyze Disk Space.ps1 b/intune/Intune Platform Scripts/LogAnalytics - Analyze Disk Space.ps1
new file mode 100644
index 0000000..321a24a
--- /dev/null
+++ b/intune/Intune Platform Scripts/LogAnalytics - Analyze Disk Space.ps1
@@ -0,0 +1,403 @@
+#***************************************** Part to fill ***************************************************
+# Log analytics part
+$CustomerId = ""
+$SharedKey = ''
+$LogType = "DiskSize"
+$TimeStampField = ""
+#***********************************************************************************************************
+
+# Log analytics functions
+Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource)
+{
+ $xHeaders = "x-ms-date:" + $date
+ $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource
+
+ $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash)
+ $keyBytes = [Convert]::FromBase64String($sharedKey)
+
+ $sha256 = New-Object System.Security.Cryptography.HMACSHA256
+ $sha256.Key = $keyBytes
+ $calculatedHash = $sha256.ComputeHash($bytesToHash)
+ $encodedHash = [Convert]::ToBase64String($calculatedHash)
+ $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash
+ return $authorization
+}
+
+
+# Create the function to create and post the request
+Function Post-LogAnalyticsData($customerId, $sharedKey, $body, $logType)
+{
+ $method = "POST"
+ $contentType = "application/json"
+ $resource = "/api/logs"
+ $rfc1123date = [DateTime]::UtcNow.ToString("r")
+ $contentLength = $body.Length
+ $signature = Build-Signature `
+ -customerId $customerId `
+ -sharedKey $sharedKey `
+ -date $rfc1123date `
+ -contentLength $contentLength `
+ -method $method `
+ -contentType $contentType `
+ -resource $resource
+ $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01"
+
+ $headers = @{
+ "Authorization" = $signature;
+ "Log-Type" = $logType;
+ "x-ms-date" = $rfc1123date;
+ "time-generated-field" = $TimeStampField;
+ }
+
+ $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing
+ return $response.StatusCode
+
+}
+
+Function Format_Size
+ {
+ param(
+ $size
+ )
+ If($size -eq $null){$FormatedSize = "0"}
+ ElseIf( $size -lt 1KB ){$FormatedSize = "$("{0:N2}" -f $size) B"}
+ ElseIf( $size -lt 1MB ){$FormatedSize = "$("{0:N2}" -f ($size / 1KB)) KB"}
+ ElseIf( $size -lt 1GB ){$FormatedSize = "$("{0:N2}" -f ($size / 1MB)) MB"}
+ ElseIf( $size -lt 1TB ){$FormatedSize = "$("{0:N2}" -f ($size / 1GB)) GB"}
+ ElseIf( $size -lt 1PB ){$FormatedSize = "$("{0:N2}" -f ($size / 1TB)) TB"}
+ return $FormatedSize
+ }
+
+add-type -type @"
+ using System;
+ using System.Runtime.InteropServices;
+ using System.ComponentModel;
+ using System.IO;
+
+ namespace Disk
+ {
+ public class Size
+ {
+ [DllImport("kernel32.dll")]
+ static extern uint GetCompressedFileSizeW([In, MarshalAs(UnmanagedType.LPWStr)] string lpFileName,
+ out uint lpFileSizeHigh);
+
+ public static ulong SizeOnDisk(string filename)
+ {
+ uint High_Order;
+ uint Low_Order;
+ ulong GetSize;
+
+ FileInfo CurrentFile = new FileInfo(filename);
+ Low_Order = GetCompressedFileSizeW(CurrentFile.FullName, out High_Order);
+ int GetError = Marshal.GetLastWin32Error();
+
+ if (High_Order == 0 && Low_Order == 0xFFFFFFFF && GetError != 0)
+ {
+ throw new Win32Exception(GetError);
+ }
+ else
+ {
+ GetSize = ((ulong)High_Order << 32) + Low_Order;
+ return GetSize;
+ }
+ }
+ }
+ }
+"@
+
+Function OD_SizeOnDisk
+ {
+ param(
+ $Folder_to_check
+ )
+
+ $Get_All_Files = Get-ChildItem $Folder_to_check -recurse -ea silentlycontinue | Where-Object {! $_.PSIsContainer}
+ If($Get_All_Files.Count -gt 0)
+ {
+ $OD_Files_Array = @()
+ ForEach($File in $Get_All_Files)
+ {
+ If((test-path $File.FullName))
+ {
+ $SizeOnDisk = [Disk.Size]::SizeOnDisk($File.FullName)
+ If($Files_Size)
+ {
+ $OD_Obj = New-Object PSObject
+ Add-Member -InputObject $OD_Obj -MemberType NoteProperty -Name "File name" -Value $File.Name
+ Add-Member -InputObject $OD_Obj -MemberType NoteProperty -Name "Path" -Value $File.DirectoryName
+ Add-Member -InputObject $OD_Obj -MemberType NoteProperty -Name "Size" -Value $File.Length
+ Add-Member -InputObject $OD_Obj -MemberType NoteProperty -Name "Size on Disk" -Value $SizeOnDisk
+ $OD_Files_Array += $OD_Obj
+ }
+
+ $total_SizeOnSisk += $SizeOnDisk
+ $total_size += $File.Length
+
+ $Log_Analytics_TotalSize = ([System.Math]::Round(($total_size) / 1MB, 2))
+ $Log_Analytics_SizeOnSisk = ([System.Math]::Round(($total_SizeOnSisk) / 1MB, 2))
+
+ $Return_Array = $total_size, $total_SizeOnSisk, $Log_Analytics_TotalSize, $Log_Analytics_SizeOnSisk
+ }
+ }
+ return $Return_Array
+ }
+ Else
+ {
+ return 0
+ }
+ }
+
+# Get computer model
+$WMI_computersystem = gwmi win32_computersystem
+$Manufacturer = $WMI_computersystem.manufacturer
+If($Manufacturer -eq "lenovo")
+ {
+ $Get_Current_Model = $WMI_computersystem.SystemFamily.split(" ")[1]
+ }
+Else
+ {
+ $Get_Current_Model = $WMI_computersystem.Model
+ }
+
+
+# Get Hard disk size info
+$Win32_LogicalDisk = Get-ciminstance Win32_LogicalDisk | where {$_.DeviceID -eq "C:"}
+$Disk_Full_Size = $Win32_LogicalDisk.size
+$Disk_Free_Space = $Win32_LogicalDisk.Freespace
+# Format hard disk size
+$Total_size_NoFormat = [Math]::Round(($Disk_Full_Size))
+$Free_size_formated = Format_Size -size $Disk_Free_Space
+$Total_size_formated = Format_Size -size $Disk_Full_Size
+# Hard disk size percent
+[int]$Free_Space_percent = '{0:N0}' -f (($Disk_Free_Space / $Total_size_NoFormat * 100),1)
+If($Free_Space_percent -le 10)
+ {
+ $Disk_FreeSpace_State = "Alert"
+ }
+ElseIf(($Free_Space_percent -gt 10) -and ($Free_Space_percent -lt 20))
+ {
+ $Disk_FreeSpace_State = "Warning"
+ }
+ElseIf(($Free_Space_percent -ge 20) -and ($Free_Space_percent -lt 70))
+ {
+ $Disk_FreeSpace_State = "OK"
+ }
+ElseIf($Free_Space_percent -ge 70)
+ {
+ $Disk_FreeSpace_State = "Awesome"
+ }
+
+# Hard disk size Log Anaytics format
+$Log_Analytics_Disk_Size = (OD_SizeOnDisk -Folder_to_check $Disk_Full_Size)
+$Log_Analytics_Disk_Size = ([System.Math]::Round(($Disk_Full_Size) / 1MB, 2))
+$Log_Analytics_Disk_FreeSpace = ([System.Math]::Round(($Disk_Free_Space) / 1MB, 2))
+
+# Get Recycle bin size
+$Recycle_Bin_Size = (Get-ChildItem -LiteralPath 'C:\$Recycle.Bin' -File -Force -Recurse -ErrorAction SilentlyContinue | Measure-Object -Property Length -Sum).Sum
+$Global:RecycleBin_size_Percent = '{0:N0}' -f (($Recycle_Bin_Size / $Disk_Full_Size * 100),1)
+
+# Get OneDrive full size and size on disk
+$OD_Path = (Get-ItemProperty "HKCU:\SOFTWARE\Microsoft\OneDrive\Accounts\Business1").UserFolder
+# Path of main folders: desktop, documents, pictures
+$Documents_Path = [System.Environment]::GetFolderPath("MyDocuments")
+$Desktop_Path = [System.Environment]::GetFolderPath("Desktop")
+$Pictures_Path = [System.Environment]::GetFolderPath("MyPictures")
+
+
+# get larger folders from C:\Users
+$MostWanted_Folders_Users = @()
+$Get_Users_Directories = Get-ChildItem "C:\users" -Directory -Recurse -ea silentlycontinue
+ForEach($Directory in $Get_Users_Directories)
+ {
+ $Dir_FullName = $Directory.FullName
+ $Directory_Size_OnDisk = (OD_SizeOnDisk -Folder_to_check $Dir_FullName)[1]
+ $Directory_Formated_Size = Format_Size -size $Directory_Size_OnDisk
+ If($Directory_Size_OnDisk -gt 0)
+ {
+ $Obj = New-Object PSObject
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "Path" -Value $Dir_FullName
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "Size" -Value $Directory_Formated_Size
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "FullSize" -Value $Directory_Size_OnDisk
+ $MostWanted_Folders_Users += $Obj
+ }
+ }
+$Top_10_Folders_Users = $MostWanted_Folders_Users | Sort-Object -Property FullSize -Descending | Select-Object -First 10
+foreach($Folder in $Top_10_Folders_Users)
+{
+ $Folder_Path = $Folder.Path
+ $Folder_Size = $Folder.Size
+ $Folders_In_Users += "$Folder_Path ($Folder_Size)`n"
+}
+
+
+# Get larger folders from current user profile
+$MostWanted_Folders_UserProfile = @()
+$Current_User_Profile = Get-ChildItem Registry::\HKEY_USERS -ea silentlycontinue | Where-Object { Test-Path "$($_.pspath)\Volatile Environment" } | ForEach-Object { (Get-ItemProperty "$($_.pspath)\Volatile Environment").USERPROFILE }
+$Get_CurrentUser_Directories = Get-ChildItem $Current_User_Profile -Directory -Recurse -ea silentlycontinue
+ForEach($Directory in $Get_CurrentUser_Directories)
+ {
+ $Dir_FullName = $Directory.FullName
+ $Directory_Size_OnDisk = (OD_SizeOnDisk -Folder_to_check $Dir_FullName)[1]
+ $Directory_Formated_Size = Format_Size -size $Directory_Size_OnDisk
+ If($Directory_Size_OnDisk -gt 0)
+ {
+ $Obj = New-Object PSObject
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "Path" -Value $Dir_FullName
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "Size" -Value $Directory_Formated_Size
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "FullSize" -Value $Directory_Size_OnDisk
+ $MostWanted_Folders_UserProfile += $Obj
+ }
+ }
+$Top_10_Folders_UserProfile = $MostWanted_Folders_UserProfile | Sort-Object -Property FullSize -Descending | Select-Object -First 10
+foreach($User_Folder in $Top_10_Folders_UserProfile)
+{
+ $User_Folder_Path = $User_Folder.Path
+ $Uer_Folder_Size = $User_Folder.Size
+ $Folders_In_UserProfile += "$User_Folder_Path ($Uer_Folder_Size)`n"
+}
+
+
+
+
+# Get larger folders from C:
+$MostWanted_Folders_C = @()
+$Get_C_Directories = Get-ChildItem "C:\" | Where-Object{(($_.PSIsContainer) -and ($_.name -ne "Users"))}
+foreach ($Directory in $Get_C_Directories)
+ {
+ $Dir_Name = $Directory.FullName
+ $Folder_Size = (Get-ChildItem $Dir_Name -Recurse -Force | Measure-Object -Property Length -Sum).Sum 2> $null
+ If($Folder_Size -gt 0)
+ {
+ $Formated_Size = Format_Size -size $Folder_Size
+ $Obj = New-Object PSObject
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "Path" -Value $Dir_Name
+ Add-Member -InputObject $Obj -MemberType NoteProperty -Name "Size" -Value $Formated_Size
+ $MostWanted_Folders_C += $Obj
+ }
+ }
+
+$Top_10_Folders_C = $MostWanted_Folders_C | Sort-Object -Property FullSize -Descending | Select-Object -First 10
+foreach($Folder in $Top_10_Folders_C)
+{
+ $Folder_Path = $Folder.Path
+ $Folder_Size = $Folder.Size
+ $Folders_In_C += "$Folder_Path ($Folder_Size)`n"
+}
+
+
+
+
+$OD_Main_Size = (OD_SizeOnDisk -Folder_to_check $OD_Path)
+$OD_FullSize = $OD_Main_Size[0]
+$OD_SizeDisk = $OD_Main_Size[1]
+# Format disk size
+$Formated_OD_FullSize = Format_Size -size $OD_FullSize
+$Formated_OD_SizeOnDisk = Format_Size -size $OD_SizeDisk
+# OneDrive full size and size on disk Log Anaytics format
+$LogAnalytics_OD_FullSize = $OD_Main_Size[2]
+$LogAnalytics_OD_SizeDisk = $OD_Main_Size[3]
+# OneDrive size on disk percent
+$ODUsedSpaceOnDisk = [Math]::round((($OD_FullSize/$Total_size_NoFormat) * 100),2)
+
+If($ODUsedSpaceOnDisk -le 10)
+ {
+ $OneDrive_UseSize_State = "Awesome"
+ }
+ElseIf(($ODUsedSpaceOnDisk -gt 10) -and ($ODUsedSpaceOnDisk -lt 40))
+ {
+ $OneDrive_UseSize_State = "OK"
+ }
+ElseIf(($ODUsedSpaceOnDisk -gt 0) -and ($ODUsedSpaceOnDisk -lt 50))
+ {
+ $OneDrive_UseSize_State = "Warning"
+ }
+ElseIf($ODUsedSpaceOnDisk -ge 50)
+ {
+ $OneDrive_UseSize_State = "Alert"
+ }
+
+
+$OD_Documents_Size = (OD_SizeOnDisk -Folder_to_check $Documents_Path)
+$OD_Documents_FullSize = $OD_Documents_Size[0]
+$LogAnalytics_OD_Documents_FullSize = $OD_Documents_Size[2]
+$Formated_Documents_Size = Format_Size -size $OD_Documents_FullSize
+$Get_OD_Documents_SizeOnDisk = $OD_Documents_Size[1]
+$LogAnalytics_OD_Documents_SizeOnDisk = $OD_Documents_Size[3]
+$Formated_Documents_SizeOnDisk = Format_Size -size $Get_OD_Documents_SizeOnDisk
+
+$OD_Desktop_Size = (OD_SizeOnDisk -Folder_to_check $Desktop_Path)
+$OD_Desktop_FullSize = $OD_Desktop_Size[0]
+$LogAnalytics_OD_Desktop_FullSize = $OD_Desktop_Size[2]
+$Formated_Desktop_Size = Format_Size -size $OD_Desktop_FullSize
+$Get_OD_Desktop_SizeOnDisk = $OD_Desktop_Size[1]
+$LogAnalytics_OD_Desktop_SizeOnDisk = $OD_Desktop_Size[3]
+$Formated_Desktop_SizeOnDisk = Format_Size -size $Get_OD_Desktop_SizeOnDisk
+
+$OD_Pictures_Size = (OD_SizeOnDisk -Folder_to_check $Pictures_Path)
+$OD_Pictures_FullSize = $OD_Pictures_Size[0]
+$LogAnalytics_OD_Pictures_FullSize = $OD_Pictures_Size[2]
+$Formated_Pictures_Size = Format_Size -size $OD_Pictures_FullSize
+$Get_OD_Pictures_SizeOnDisk = $OD_Pictures_Size[1]
+$LogAnalytics_OD_Pictures_SizeOnDisk = $OD_Pictures_Size[3]
+$Formated_Pictures_SizeOnDisk = Format_Size -size $Get_OD_Pictures_SizeOnDisk
+
+# Check if Always keep on this device is selected at OneDrive root
+$Get_OD_Attribute = (Get-Item $OD_Path).Attributes
+If(($Get_OD_Attribute -eq 525360) -or ($Get_OD_Attribute -like "525*"))
+ {
+ $Always_Keep_device = "Oui"
+ }
+Else
+ {
+ $Always_Keep_device = "Non"
+ }
+
+# write-output "$Total_size_formated; $Free_size_formated; $Formated_OD_FullSize; $Formated_OD_SizeOnDisk; $Formated_Desktop_Size; $Formated_Desktop_SizeOnDisk; $Formated_Documents_Size; $Formated_Documents_SizeOnDisk; $Formated_Pictures_Size; $Formated_Pictures_SizeOnDisk; $Free_Space_percent %;$ODUsedSpaceOnDisk %; $OD_Path; $Desktop_Path; $Documents_Path; $Pictures_Path; $Always_Keep_device; $Folder_Value_PBI"
+
+# Create the object
+$Properties = [Ordered] @{
+ "ComputerName" = $env:computername
+ "UserEmail" = $env:username
+ "OneDrivePath" = $OD_Path
+ "DesktopPath" = $Desktop_Path
+ "DocumentsPath" = $Documents_Path
+ "PicturesPath" = $Pictures_Path
+ "AlwaysKeepDevice" = $Always_Keep_device
+ "HardDiskSizeMb" = $Log_Analytics_Disk_Size
+ "HardDiskSizeFreeSpaceMb" = $Log_Analytics_Disk_FreeSpace
+ "OneDriveFullSizeMb" = $LogAnalytics_OD_FullSize
+ "OneDriveSizeOnDiskMb" = $LogAnalytics_OD_SizeDisk
+ "DocumentsSizeMb" = $LogAnalytics_OD_Documents_FullSize
+ "DocumentsSizeOnDiskMb" = $LogAnalytics_OD_Documents_SizeOnDisk
+ "DesktopSizeMb" = $LogAnalytics_OD_Desktop_FullSize
+ "DesktopSizeOnDiskMb" = $LogAnalytics_OD_Desktop_SizeOnDisk
+ "PicturesSizeMb" = $LogAnalytics_OD_Pictures_FullSize
+ "PicturesSizeOnDiskMb" = $LogAnalytics_OD_Pictures_SizeOnDisk
+ "HardDiskFreeSpacePercent" = $Free_Space_percent
+ "DiskFreeSpaceState" = $Disk_FreeSpace_State
+ "ODUsedSizePercent" = $ODUsedSpaceOnDisk
+ "OneDriveUseSizeState" = $OneDrive_UseSize_State
+ "RecycleBinSize" = $Recycle_Bin_Size
+ "RecycleBinSizePercent" = $RecycleBin_size_Percent
+ "DeviceModel" = $Get_Current_Model
+ "Top10UsersFolder" = $Folders_In_Users
+ "Top10CurrentUserFolder" = $Folders_In_UserProfile
+ "Top10CFolder" = $Folders_In_C
+}
+$ODSize = New-Object -TypeName "PSObject" -Property $Properties
+
+
+
+
+write-output $ODSize
+
+# Submit the data to the API endpoint
+$ODSizeJson = $ODSize | ConvertTo-Json
+$params = @{
+ CustomerId = $customerId
+ SharedKey = $sharedKey
+ Body = ([System.Text.Encoding]::UTF8.GetBytes($ODSizeJson))
+ LogType = $LogType
+}
+$LogResponse = Post-LogAnalyticsData @params
\ No newline at end of file
diff --git a/intune/Intune Platform Scripts/LogAnalytics - BSOD Reporting.ps1 b/intune/Intune Platform Scripts/LogAnalytics - BSOD Reporting.ps1
new file mode 100644
index 0000000..10a9126
--- /dev/null
+++ b/intune/Intune Platform Scripts/LogAnalytics - BSOD Reporting.ps1
@@ -0,0 +1,656 @@
+<#
+Author: Damien VAN ROBAEYS
+Website: https://www.systanddeploy.com
+Twitter: @syst_and_deploy
+Mail: damien.vanrobaeys@gmail.com
+#>
+
+#*****************************************************************
+# Info to fill
+
+# Info about your Log Analytics workspace
+$CustomerId = "" # Log Analytics Workspace ID
+$SharedKey = '' # Log Analytics Workspace Primary Key
+$TimeStampField = ""
+
+<#
+Specify if you want to get BSOD log info
+For this you need to configure a Proactive Remediation, see below:
+https://www.systanddeploy.com/2022/03/proactive-remediation-detect-devices.html
+#>
+
+$Use_SharePoint_Logs = $False # $True or $False
+# If $True, configure SharePoint app info
+$ClientID = ""
+$Secret = ''
+$Site_URL = ""
+$Folder_Location = ""
+$Log_File_Path = ""
+
+# Info to fill
+#*****************************************************************
+
+# Log analytics functions
+# More info there: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api
+Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource)
+{
+ $xHeaders = "x-ms-date:" + $date
+ $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource
+
+ $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash)
+ $keyBytes = [Convert]::FromBase64String($sharedKey)
+
+ $sha256 = New-Object System.Security.Cryptography.HMACSHA256
+ $sha256.Key = $keyBytes
+ $calculatedHash = $sha256.ComputeHash($bytesToHash)
+ $encodedHash = [Convert]::ToBase64String($calculatedHash)
+ $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash
+ return $authorization
+}
+
+# Create the function to create and post the request
+# More info there: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api
+Function Post-LogAnalyticsData($customerId, $sharedKey, $body, $logType)
+{
+ $method = "POST"
+ $contentType = "application/json"
+ $resource = "/api/logs"
+ $rfc1123date = [DateTime]::UtcNow.ToString("r")
+ $contentLength = $body.Length
+ $signature = Build-Signature `
+ -customerId $customerId `
+ -sharedKey $sharedKey `
+ -date $rfc1123date `
+ -contentLength $contentLength `
+ -method $method `
+ -contentType $contentType `
+ -resource $resource
+ $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01"
+
+ $headers = @{
+ "Authorization" = $signature;
+ "Log-Type" = $logType;
+ "x-ms-date" = $rfc1123date;
+ "time-generated-field" = $TimeStampField;
+ }
+
+ $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing
+ return $response.StatusCode
+}
+
+# Getting a token and authenticating to your tenant using the managed identity
+$url = $env:IDENTITY_ENDPOINT
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add("X-IDENTITY-HEADER", $env:IDENTITY_HEADER)
+$headers.Add("Metadata", "True")
+$body = @{resource='https://graph.microsoft.com/' }
+$script:accessToken = (Invoke-RestMethod $url -Method 'POST' -Headers $headers -ContentType 'application/x-www-form-urlencoded' -Body $body ).access_token
+Connect-AzAccount -Identity
+$headers = @{'Authorization'="Bearer " + $accessToken}
+
+# Connexion to SharePoint (if variable $Use_SharePoint_Logs equals True)
+If($Use_SharePoint_Logs -eq $True)
+ {
+ Connect-PnPOnline -Url $Site_URL -ClientId $ClientID -ClientSecret $Secret -WarningAction Ignore
+ }
+
+# Getting all Lenovo models info
+# There we will convert models provided from Lenovo as MTM to friendly name
+# more info here: https://www.systanddeploy.com/2023/01/get-list-uptodate-of-all-lenovo-models.html
+# $URL = "https://download.lenovo.com/bsco/schemas/list.conf.txt"
+# $Get_Web_Content = Invoke-RestMethod -Uri $URL -Method GET
+# $Get_Models = $Get_Web_Content -split "`r`n"
+
+$URL = "https://download.lenovo.com/bsco/public/allModels.json"
+$Get_Models = Invoke-RestMethod -Uri $URL -Method GET
+
+# Convert BSOD code to a description
+# There we will convert BSOD codes to something more understanble, a bit more
+$BugCheck_Reference = @{}
+$BugCheck_Reference = @{
+ "0x00000001" = "APC_INDEX_MISMATCH"
+ "0x00000002" = "DEVICE_QUEUE_NOT_BUSY"
+ "0x00000003" = "INVALID_AFFINITY_SET"
+ "0x00000004" = "INVALID_DATA_ACCESS_TRAP"
+ "0x00000005" = "INVALID_PROCESS_ATTACH_ATTEMPT"
+ "0x00000006" = "INVALID_PROCESS_DETACH_ATTEMPT"
+ "0x00000007" = "INVALID_SOFTWARE_INTERRUPT"
+ "0x00000008" = "IRQL_NOT_DISPATCH_LEVEL"
+ "0x00000009" = "IRQL_NOT_GREATER_OR_EQUAL"
+ "0x0000000A" = "IRQL_NOT_LESS_OR_EQUAL"
+ "0x0000000B" = "NO_EXCEPTION_HANDLING_SUPPORT"
+ "0x0000000C" = "MAXIMUM_WAIT_OBJECTS_EXCEEDED"
+ "0x0000000D" = "MUTEX_LEVEL_NUMBER_VIOLATION"
+ "0x0000000E" = "NO_USER_MODE_CONTEXT"
+ "0x0000000F" = "SPIN_LOCK_ALREADY_OWNED"
+ "0x00000010" = "SPIN_LOCK_NOT_OWNED"
+ "0x00000011" = "THREAD_NOT_MUTEX_OWNER"
+ "0x00000012" = "TRAP_CAUSE_UNKNOWN"
+ "0x00000013" = "EMPTY_THREAD_REAPER_LIST"
+ "0x00000014" = "CREATE_DELETE_LOCK_NOT_LOCKED"
+ "0x00000015" = "LAST_CHANCE_CALLED_FROM_KMODE"
+ "0x00000016" = "CID_HANDLE_CREATION"
+ "0x00000017" = "CID_HANDLE_DELETION"
+ "0x00000018" = "REFERENCE_BY_POINTER"
+ "0x00000019" = "BAD_POOL_HEADER"
+ "0x0000001A" = "MEMORY_MANAGEMENT"
+ "0x0000001B" = "PFN_SHARE_COUNT"
+ "0x0000001C" = "PFN_REFERENCE_COUNT"
+ "0x0000001D" = "NO_SPIN_LOCK_AVAILABLE"
+ "0x0000001E" = "KMODE_EXCEPTION_NOT_HANDLED"
+ "0x0000001F" = "SHARED_RESOURCE_CONV_ERROR"
+ "0x00000020" = "KERNEL_APC_PENDING_DURING_EXIT"
+ "0x00000021" = "QUOTA_UNDERFLOW"
+ "0x00000022" = "FILE_SYSTEM"
+ "0x00000023" = "FAT_FILE_SYSTEM"
+ "0x00000024" = "NTFS_FILE_SYSTEM"
+ "0x00000025" = "NPFS_FILE_SYSTEM"
+ "0x00000026" = "CDFS_FILE_SYSTEM"
+ "0x00000027" = "RDR_FILE_SYSTEM"
+ "0x00000028" = "CORRUPT_ACCESS_TOKEN"
+ "0x00000029" = "SECURITY_SYSTEM"
+ "0x0000002A" = "INCONSISTENT_IRP"
+ "0x0000002B" = "PANIC_STACK_SWITCH"
+ "0x0000002C" = "PORT_DRIVER_INTERNAL"
+ "0x0000002D" = "SCSI_DISK_DRIVER_INTERNAL"
+ "0x0000002E" = "DATA_BUS_ERROR"
+ "0x0000002F" = "INSTRUCTION_BUS_ERROR"
+ "0x00000030" = "SET_OF_INVALID_CONTEXT"
+ "0x00000031" = "PHASE0_INITIALIZATION_FAILED"
+ "0x00000032" = "PHASE1_INITIALIZATION_FAILED"
+ "0x00000033" = "UNEXPECTED_INITIALIZATION_CALL"
+ "0x00000034" = "CACHE_MANAGER"
+ "0x00000035" = "NO_MORE_IRP_STACK_LOCATIONS"
+ "0x00000036" = "DEVICE_REFERENCE_COUNT_NOT_ZERO"
+ "0x00000037" = "FLOPPY_INTERNAL_ERROR"
+ "0x00000038" = "SERIAL_DRIVER_INTERNAL"
+ "0x00000039" = "SYSTEM_EXIT_OWNED_MUTEX"
+ "0x0000003A" = "SYSTEM_UNWIND_PREVIOUS_USER"
+ "0x0000003B" = "SYSTEM_SERVICE_EXCEPTION"
+ "0x0000003C" = "INTERRUPT_UNWIND_ATTEMPTED"
+ "0x0000003D" = "INTERRUPT_EXCEPTION_NOT_HANDLED"
+ "0x0000003E" = "MULTIPROCESSOR_CONFIGURATION_NOT_SUPPORTED"
+ "0x0000003F" = "NO_MORE_SYSTEM_PTES"
+ "0x00000040" = "TARGET_MDL_TOO_SMALL"
+ "0x00000041" = "MUST_SUCCEED_POOL_EMPTY"
+ "0x00000042" = "ATDISK_DRIVER_INTERNAL"
+ "0x00000043" = "NO_SUCH_PARTITION"
+ "0x00000044" = "MULTIPLE_IRP_COMPLETE_REQUESTS"
+ "0x00000045" = "INSUFFICIENT_SYSTEM_MAP_REGS"
+ "0x00000046" = "DEREF_UNKNOWN_LOGON_SESSION"
+ "0x00000047" = "REF_UNKNOWN_LOGON_SESSION"
+ "0x00000048" = "CANCEL_STATE_IN_COMPLETED_IRP"
+ "0x00000049" = "PAGE_FAULT_WITH_INTERRUPTS_OFF"
+ "0x0000004A" = "IRQL_GT_ZERO_AT_SYSTEM_SERVICE"
+ "0x0000004B" = "STREAMS_INTERNAL_ERROR"
+ "0x0000004C" = "FATAL_UNHANDLED_HARD_ERROR"
+ "0x0000004D" = "NO_PAGES_AVAILABLE"
+ "0x0000004E" = "PFN_LIST_CORRUPT"
+ "0x0000004F" = "NDIS_INTERNAL_ERROR"
+ "0x00000050" = "PAGE_FAULT_IN_NONPAGED_AREA"
+ "0x00000051" = "REGISTRY_ERROR"
+ "0x00000052" = "MAILSLOT_FILE_SYSTEM"
+ "0x00000053" = "NO_BOOT_DEVICE"
+ "0x00000054" = "LM_SERVER_INTERNAL_ERROR"
+ "0x00000055" = "DATA_COHERENCY_EXCEPTION"
+ "0x00000056" = "INSTRUCTION_COHERENCY_EXCEPTION"
+ "0x00000057" = "XNS_INTERNAL_ERROR"
+ "0x00000058" = "FTDISK_INTERNAL_ERROR"
+ "0x00000059" = "PINBALL_FILE_SYSTEM"
+ "0x0000005A" = "CRITICAL_SERVICE_FAILED"
+ "0x0000005B" = "SET_ENV_VAR_FAILED"
+ "0x0000005C" = "HAL_INITIALIZATION_FAILED"
+ "0x0000005D" = "UNSUPPORTED_PROCESSOR"
+ "0x0000005E" = "OBJECT_INITIALIZATION_FAILED"
+ "0x0000005F" = "SECURITY_INITIALIZATION_FAILED"
+ "0x00000060" = "PROCESS_INITIALIZATION_FAILED"
+ "0x00000061" = "HAL1_INITIALIZATION_FAILED"
+ "0x00000062" = "OBJECT1_INITIALIZATION_FAILED"
+ "0x00000063" = "SECURITY1_INITIALIZATION_FAILED"
+ "0x00000064" = "SYMBOLIC_INITIALIZATION_FAILED"
+ "0x00000065" = "MEMORY1_INITIALIZATION_FAILED"
+ "0x00000066" = "CACHE_INITIALIZATION_FAILED"
+ "0x00000067" = "CONFIG_INITIALIZATION_FAILED"
+ "0x00000068" = "FILE_INITIALIZATION_FAILED"
+ "0x00000069" = "IO1_INITIALIZATION_FAILED"
+ "0x0000006A" = "LPC_INITIALIZATION_FAILED"
+ "0x0000006B" = "PROCESS1_INITIALIZATION_FAILED"
+ "0x0000006C" = "REFMON_INITIALIZATION_FAILED"
+ "0x0000006D" = "SESSION1_INITIALIZATION_FAILED"
+ "0x0000006E" = "SESSION2_INITIALIZATION_FAILED"
+ "0x0000006F" = "SESSION3_INITIALIZATION_FAILED"
+ "0x00000070" = "SESSION4_INITIALIZATION_FAILED"
+ "0x00000071" = "SESSION5_INITIALIZATION_FAILED"
+ "0x00000072" = "ASSIGN_DRIVE_LETTERS_FAILED"
+ "0x00000073" = "CONFIG_LIST_FAILED"
+ "0x00000074" = "BAD_SYSTEM_CONFIG_INFO"
+ "0x00000075" = "CANNOT_WRITE_CONFIGURATION"
+ "0x00000076" = "PROCESS_HAS_LOCKED_PAGES"
+ "0x00000077" = "KERNEL_STACK_INPAGE_ERROR"
+ "0x00000078" = "PHASE0_EXCEPTION"
+ "0x00000079" = "MISMATCHED_HAL"
+ "0x0000007A" = "KERNEL_DATA_INPAGE_ERROR"
+ "0x0000007B" = "INACCESSIBLE_BOOT_DEVICE"
+ "0x0000007C" = "BUGCODE_NDIS_DRIVER"
+ "0x0000007D" = "INSTALL_MORE_MEMORY"
+ "0x0000007E" = "SYSTEM_THREAD_EXCEPTION_NOT_HANDLED"
+ "0x0000007F" = "UNEXPECTED_KERNEL_MODE_TRAP"
+ "0x00000080" = "NMI_HARDWARE_FAILURE"
+ "0x00000081" = "SPIN_LOCK_INIT_FAILURE"
+ "0x00000082" = "DFS_FILE_SYSTEM"
+ "0x00000085" = "SETUP_FAILURE"
+ "0x0000008B" = "MBR_CHECKSUM_MISMATCH"
+ "0x0000008E" = "KERNEL_MODE_EXCEPTION_NOT_HANDLED"
+ "0x0000008F" = "PP0_INITIALIZATION_FAILED"
+ "0x00000090" = "PP1_INITIALIZATION_FAILED"
+ "0x00000092" = "UP_DRIVER_ON_MP_SYSTEM"
+ "0x00000093" = "INVALID_KERNEL_HANDLE"
+ "0x00000094" = "KERNEL_STACK_LOCKED_AT_EXIT"
+ "0x00000096" = "INVALID_WORK_QUEUE_ITEM"
+ "0x00000097" = "BOUND_IMAGE_UNSUPPORTED"
+ "0x00000098" = "END_OF_NT_EVALUATION_PERIOD"
+ "0x00000099" = "INVALID_REGION_OR_SEGMENT"
+ "0x0000009A" = "SYSTEM_LICENSE_VIOLATION"
+ "0x0000009B" = "UDFS_FILE_SYSTEM"
+ "0x0000009C" = "MACHINE_CHECK_EXCEPTION"
+ "0x0000009E" = "USER_MODE_HEALTH_MONITOR"
+ "0x0000009F" = "DRIVER_POWER_STATE_FAILURE"
+ "0x000000A0" = "INTERNAL_POWER_ERROR"
+ "0x000000A1" = "PCI_BUS_DRIVER_INTERNAL"
+ "0x000000A2" = "MEMORY_IMAGE_CORRUPT"
+ "0x000000A3" = "ACPI_DRIVER_INTERNAL"
+ "0x000000A4" = "CNSS_FILE_SYSTEM_FILTER"
+ "0x000000A5" = "ACPI_BIOS_ERROR"
+ "0x000000A7" = "BAD_EXHANDLE"
+ "0x000000AC" = "HAL_MEMORY_ALLOCATION"
+ "0x000000AD" = "VIDEO_DRIVER_DEBUG_REPORT_REQUEST"
+ "0x000000B1" = "BGI_DETECTED_VIOLATION"
+ "0x000000B4" = "VIDEO_DRIVER_INIT_FAILURE"
+ "0x000000B8" = "ATTEMPTED_SWITCH_FROM_DPC"
+ "0x000000B9" = "CHIPSET_DETECTED_ERROR"
+ "0x000000BA" = "SESSION_HAS_VALID_VIEWS_ON_EXIT"
+ "0x000000BB" = "NETWORK_BOOT_INITIALIZATION_FAILED"
+ "0x000000BC" = "NETWORK_BOOT_DUPLICATE_ADDRESS"
+ "0x000000BD" = "INVALID_HIBERNATED_STATE"
+ "0x000000BE" = "ATTEMPTED_WRITE_TO_READONLY_MEMORY"
+ "0x000000BF" = "MUTEX_ALREADY_OWNED"
+ "0x000000C1" = "SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION"
+ "0x000000C2" = "BAD_POOL_CALLER"
+ "0x000000C4" = "DRIVER_VERIFIER_DETECTED_VIOLATION"
+ "0x000000C5" = "DRIVER_CORRUPTED_EXPOOL"
+ "0x000000C6" = "DRIVER_CAUGHT_MODIFYING_FREED_POOL"
+ "0x000000C7" = "TIMER_OR_DPC_INVALID"
+ "0x000000C8" = "IRQL_UNEXPECTED_VALUE"
+ "0x000000C9" = "DRIVER_VERIFIER_IOMANAGER_VIOLATION"
+ "0x000000CA" = "PNP_DETECTED_FATAL_ERROR"
+ "0x000000CB" = "DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS"
+ "0x000000CC" = "PAGE_FAULT_IN_FREED_SPECIAL_POOL"
+ "0x000000CD" = "PAGE_FAULT_BEYOND_END_OF_ALLOCATION"
+ "0x000000CE" = "DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS"
+ "0x000000CF" = "TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE"
+ "0x000000D0" = "DRIVER_CORRUPTED_MMPOOL"
+ "0x000000D1" = "DRIVER_IRQL_NOT_LESS_OR_EQUAL"
+ "0x000000D2" = "BUGCODE_ID_DRIVER"
+ "0x000000D3" = "DRIVER_PORTION_MUST_BE_NONPAGED"
+ "0x000000D4" = "SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD"
+ "0x000000D5" = "DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL"
+ "0x000000D6" = "DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION"
+ "0x000000D7" = "DRIVER_UNMAPPING_INVALID_VIEW"
+ "0x000000D8" = "DRIVER_USED_EXCESSIVE_PTES"
+ "0x000000D9" = "LOCKED_PAGES_TRACKER_CORRUPTION"
+ "0x000000DA" = "SYSTEM_PTE_MISUSE"
+ "0x000000DB" = "DRIVER_CORRUPTED_SYSPTES"
+ "0x000000DC" = "DRIVER_INVALID_STACK_ACCESS"
+ "0x000000DE" = "POOL_CORRUPTION_IN_FILE_AREA"
+ "0x000000DF" = "IMPERSONATING_WORKER_THREAD"
+ "0x000000E0" = "ACPI_BIOS_FATAL_ERROR"
+ "0x000000E1" = "WORKER_THREAD_RETURNED_AT_BAD_IRQL"
+ "0x000000E2" = "MANUALLY_INITIATED_CRASH"
+ "0x000000E3" = "RESOURCE_NOT_OWNED"
+ "0x000000E4" = "WORKER_INVALID"
+ "0x000000E6" = "DRIVER_VERIFIER_DMA_VIOLATION"
+ "0x000000E7" = "INVALID_FLOATING_POINT_STATE"
+ "0x000000E8" = "INVALID_CANCEL_OF_FILE_OPEN"
+ "0x000000E9" = "ACTIVE_EX_WORKER_THREAD_TERMINATION"
+ "0x000000EA" = "THREAD_STUCK_IN_DEVICE_DRIVER"
+ "0x000000EB" = "DIRTY_MAPPED_PAGES_CONGESTION"
+ "0x000000EC" = "SESSION_HAS_VALID_SPECIAL_POOL_ON_EXIT"
+ "0x000000ED" = "UNMOUNTABLE_BOOT_VOLUME"
+ "0x000000EF" = "CRITICAL_PROCESS_DIED"
+ "0x000000F0" = "STORAGE_MINIPORT_ERROR"
+ "0x000000F1" = "SCSI_VERIFIER_DETECTED_VIOLATION"
+ "0x000000F2" = "HARDWARE_INTERRUPT_STORM"
+ "0x000000F3" = "DISORDERLY_SHUTDOWN"
+ "0x000000F4" = "CRITICAL_OBJECT_TERMINATION"
+ "0x000000F5" = "FLTMGR_FILE_SYSTEM"
+ "0x000000F6" = "PCI_VERIFIER_DETECTED_VIOLATION"
+ "0x000000F7" = "DRIVER_OVERRAN_STACK_BUFFER"
+ "0x000000F8" = "RAMDISK_BOOT_INITIALIZATION_FAILED"
+ "0x000000F9" = "DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN"
+ "0x000000FA" = "HTTP_DRIVER_CORRUPTED"
+ "0x000000FC" = "ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY"
+ "0x000000FD" = "DIRTY_NOWRITE_PAGES_CONGESTION"
+ "0x000000FE" = "BUGCODE_USB_DRIVER"
+ "0x000000FF" = "RESERVE_QUEUE_OVERFLOW"
+ "0x00000100" = "LOADER_BLOCK_MISMATCH"
+ "0x00000101" = "CLOCK_WATCHDOG_TIMEOUT"
+ "0x00000102" = "DPC_WATCHDOG_TIMEOUT"
+ "0x00000103" = "MUP_FILE_SYSTEM"
+ "0x00000104" = "AGP_INVALID_ACCESS"
+ "0x00000105" = "AGP_GART_CORRUPTION"
+ "0x00000106" = "AGP_ILLEGALLY_REPROGRAMMED"
+ "0x00000108" = "THIRD_PARTY_FILE_SYSTEM_FAILURE"
+ "0x00000109" = "CRITICAL_STRUCTURE_CORRUPTION"
+ "0x0000010A" = "APP_TAGGING_INITIALIZATION_FAILED"
+ "0x0000010C" = "FSRTL_EXTRA_CREATE_PARAMETER_VIOLATION"
+ "0x0000010D" = "WDF_VIOLATION"
+ "0x0000010E" = "VIDEO_MEMORY_MANAGEMENT_INTERNAL"
+ "0x0000010F" = "RESOURCE_MANAGER_EXCEPTION_NOT_HANDLED"
+ "0x00000111" = "RECURSIVE_NMI"
+ "0x00000112" = "MSRPC_STATE_VIOLATION"
+ "0x00000113" = "VIDEO_DXGKRNL_FATAL_ERROR"
+ "0x00000114" = "VIDEO_SHADOW_DRIVER_FATAL_ERROR"
+ "0x00000115" = "AGP_INTERNAL"
+ "0x00000116" = "VIDEO_TDR_FAILURE"
+ "0x00000117" = "VIDEO_TDR_TIMEOUT_DETECTED"
+ "0x00000119" = "VIDEO_SCHEDULER_INTERNAL_ERROR"
+ "0x0000011A" = "EM_INITIALIZATION_FAILURE"
+ "0x0000011B" = "DRIVER_RETURNED_HOLDING_CANCEL_LOCK"
+ "0x0000011C" = "ATTEMPTED_WRITE_TO_CM_PROTECTED_STORAGE"
+ "0x0000011D" = "EVENT_TRACING_FATAL_ERROR"
+ "0x0000011E" = "TOO_MANY_RECURSIVE_FAULTS"
+ "0x0000011F" = "INVALID_DRIVER_HANDLE"
+ "0x00000120" = "BITLOCKER_FATAL_ERROR"
+ "0x00000121" = "DRIVER_VIOLATION"
+ "0x00000122" = "WHEA_INTERNAL_ERROR"
+ "0x00000123" = "CRYPTO_SELF_TEST_FAILURE"
+ "0x00000125" = "NMR_INVALID_STATE"
+ "0x00000126" = "NETIO_INVALID_POOL_CALLER"
+ "0x00000127" = "PAGE_NOT_ZERO"
+ "0x00000128" = "WORKER_THREAD_RETURNED_WITH_BAD_IO_PRIORITY"
+ "0x00000129" = "WORKER_THREAD_RETURNED_WITH_BAD_PAGING_IO_PRIORITY"
+ "0x0000012A" = "MUI_NO_VALID_SYSTEM_LANGUAGE"
+ "0x0000012B" = "FAULTY_HARDWARE_CORRUPTED_PAGE"
+ "0x0000012C" = "EXFAT_FILE_SYSTEM"
+ "0x0000012D" = "VOLSNAP_OVERLAPPED_TABLE_ACCESS"
+ "0x0000012E" = "INVALID_MDL_RANGE"
+ "0x0000012F" = "VHD_BOOT_INITIALIZATION_FAILED"
+ "0x00000130" = "DYNAMIC_ADD_PROCESSOR_MISMATCH"
+ "0x00000131" = "INVALID_EXTENDED_PROCESSOR_STATE"
+ "0x00000132" = "RESOURCE_OWNER_POINTER_INVALID"
+ "0x00000133" = "DPC_WATCHDOG_VIOLATION"
+ "0x00000134" = "DRIVE_EXTENDER"
+ "0x00000135" = "REGISTRY_FILTER_DRIVER_EXCEPTION"
+ "0x00000136" = "VHD_BOOT_HOST_VOLUME_NOT_ENOUGH_SPACE"
+ "0x00000137" = "WIN32K_HANDLE_MANAGER"
+ "0x00000138" = "GPIO_CONTROLLER_DRIVER_ERROR"
+ "0x00000139" = "KERNEL_SECURITY_CHECK_FAILURE"
+ "0x0000013A" = "KERNEL_MODE_HEAP_CORRUPTION"
+ "0x0000013B" = "PASSIVE_INTERRUPT_ERROR"
+ "0x0000013C" = "INVALID_IO_BOOST_STATE"
+ "0x0000013D" = "CRITICAL_INITIALIZATION_FAILURE"
+ "0x00000140" = "STORAGE_DEVICE_ABNORMALITY_DETECTED"
+ "0x00000143" = "PROCESSOR_DRIVER_INTERNAL"
+ "0x00000144" = "BUGCODE_USB3_DRIVER"
+ "0x00000145" = "SECURE_BOOT_VIOLATION"
+ "0x00000147" = "ABNORMAL_RESET_DETECTED"
+ "0x00000149" = "REFS_FILE_SYSTEM"
+ "0x0000014A" = "KERNEL_WMI_INTERNAL"
+ "0x0000014B" = "SOC_SUBSYSTEM_FAILURE"
+ "0x0000014C" = "FATAL_ABNORMAL_RESET_ERROR"
+ "0x0000014D" = "EXCEPTION_SCOPE_INVALID"
+ "0x0000014E" = "SOC_CRITICAL_DEVICE_REMOVED"
+ "0x0000014F" = "PDC_WATCHDOG_TIMEOUT"
+ "0x00000150" = "TCPIP_AOAC_NIC_ACTIVE_REFERENCE_LEAK"
+ "0x00000151" = "UNSUPPORTED_INSTRUCTION_MODE"
+ "0x00000152" = "INVALID_PUSH_LOCK_FLAGS"
+ "0x00000153" = "KERNEL_LOCK_ENTRY_LEAKED_ON_THREAD_TERMINATION"
+ "0x00000154" = "UNEXPECTED_STORE_EXCEPTION"
+ "0x00000155" = "OS_DATA_TAMPERING"
+ "0x00000157" = "KERNEL_THREAD_PRIORITY_FLOOR_VIOLATION"
+ "0x00000158" = "ILLEGAL_IOMMU_PAGE_FAULT"
+ "0x00000159" = "HAL_ILLEGAL_IOMMU_PAGE_FAULT"
+ "0x0000015A" = "SDBUS_INTERNAL_ERROR"
+ "0x0000015B" = "WORKER_THREAD_RETURNED_WITH_SYSTEM_PAGE_PRIORITY_ACTIVE"
+ "0x00000160" = "WIN32K_ATOMIC_CHECK_FAILURE"
+ "0x00000162" = "KERNEL_AUTO_BOOST_INVALID_LOCK_RELEASE"
+ "0x00000163" = "WORKER_THREAD_TEST_CONDITION"
+ "0x0000016C" = "INVALID_RUNDOWN_PROTECTION_FLAGS"
+ "0x0000016D" = "INVALID_SLOT_ALLOCATOR_FLAGS"
+ "0x0000016E" = "ERESOURCE_INVALID_RELEASE"
+ "0x00000170" = "CLUSTER_CSV_CLUSSVC_DISCONNECT_WATCHDOG"
+ "0x00000171" = "CRYPTO_LIBRARY_INTERNAL_ERROR"
+ "0x00000173" = "COREMSGCALL_INTERNAL_ERROR"
+ "0x00000174" = "COREMSG_INTERNAL_ERROR"
+ "0x00000178" = "ELAM_DRIVER_DETECTED_FATAL_ERROR"
+ "0x0000017B" = "PROFILER_CONFIGURATION_ILLEGAL"
+ "0x0000017E" = "MICROCODE_REVISION_MISMATCH"
+ "0x00000187" = "VIDEO_DWMINIT_TIMEOUT_FALLBACK_BDD"
+ "0x00000189" = "BAD_OBJECT_HEADER"
+ "0x0000018B" = "SECURE_KERNEL_ERROR"
+ "0x0000018C" = "HYPERGUARD_VIOLATION"
+ "0x0000018D" = "SECURE_FAULT_UNHANDLED"
+ "0x0000018E" = "KERNEL_PARTITION_REFERENCE_VIOLATION"
+ "0x00000191" = "PF_DETECTED_CORRUPTION"
+ "0x00000192" = "KERNEL_AUTO_BOOST_LOCK_ACQUISITION_WITH_RAISED_IRQL"
+ "0x00000196" = "LOADER_ROLLBACK_DETECTED"
+ "0x00000197" = "WIN32K_SECURITY_FAILURE"
+ "0x00000199" = "KERNEL_STORAGE_SLOT_IN_USE"
+ "0x0000019A" = "WORKER_THREAD_RETURNED_WHILE_ATTACHED_TO_SILO"
+ "0x0000019B" = "TTM_FATAL_ERROR"
+ "0x0000019C" = "WIN32K_POWER_WATCHDOG_TIMEOUT"
+ "0x000001A0" = "TTM_WATCHDOG_TIMEOUT"
+ "0x000001A2" = "WIN32K_CALLOUT_WATCHDOG_BUGCHECK"
+ "0x000001C6" = "FAST_ERESOURCE_PRECONDITION_VIOLATION"
+ "0x000001C7" = "STORE_DATA_STRUCTURE_CORRUPTION"
+ "0x000001C8" = "MANUALLY_INITIATED_POWER_BUTTON_HOLD"
+ "0x000001CA" = "SYNTHETIC_WATCHDOG_TIMEOUT"
+ "0x000001CB" = "INVALID_SILO_DETACH"
+ "0x000001CD" = "INVALID_CALLBACK_STACK_ADDRESS"
+ "0x000001CE" = "INVALID_KERNEL_STACK_ADDRESS"
+ "0x000001CF" = "HARDWARE_WATCHDOG_TIMEOUT"
+ "0x000001D0" = "CPI_FIRMWARE_WATCHDOG_TIMEOUT"
+ "0x000001D2" = "WORKER_THREAD_INVALID_STATE"
+ "0x000001D3" = "WFP_INVALID_OPERATION"
+ "0x000001D5" = "DRIVER_PNP_WATCHDOG"
+ "0x000001D6" = "WORKER_THREAD_RETURNED_WITH_NON_DEFAULT_WORKLOAD_CLASS"
+ "0x000001D7" = "EFS_FATAL_ERROR"
+ "0x000001D8" = "UCMUCSI_FAILURE"
+ "0x000001D9" = "HAL_IOMMU_INTERNAL_ERROR"
+ "0x000001DA" = "HAL_BLOCKED_PROCESSOR_INTERNAL_ERROR"
+ "0x000001DB" = "IPI_WATCHDOG_TIMEOUT"
+ "0x000001DC" = "DMA_COMMON_BUFFER_VECTOR_ERROR"
+ "0x00000356" = "XBOX_ERACTRL_CS_TIMEOUT"
+ "0x00000BFE" = "BC_BLUETOOTH_VERIFIER_FAULT"
+ "0x00000BFF" = "BC_BTHMINI_VERIFIER_FAULT"
+ "0x00020001" = "HYPERVISOR_ERROR"
+ "0x1000007E" = "SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M"
+ "0x1000007F" = "UNEXPECTED_KERNEL_MODE_TRAP_M"
+ "0x1000008E" = "KERNEL_MODE_EXCEPTION_NOT_HANDLED_M"
+ "0x100000EA" = "THREAD_STUCK_IN_DEVICE_DRIVER_M"
+ "0x4000008A" = "THREAD_TERMINATE_HELD_MUTEX"
+ "0xC0000218" = "STATUS_CANNOT_LOAD_REGISTRY_FILE"
+ "0xC000021A" = "WINLOGON_FATAL_ERROR"
+ "0xC0000221" = "STATUS_IMAGE_CHECKSUM_MISMATCH"
+ "0xDEADDEAD" = "MANUALLY_INITIATED_CRASH1"
+}
+$Error_code = $BugCheck_Reference.GetEnumerator() | Select-Object -Property Key,Value
+
+
+# Graph URL to use to list all BSOD
+$BSOD_URL = "https://graph.microsoft.com/beta/deviceManagement/userExperienceAnalyticsDevicePerformance?dtFilter=all&`$orderBy=blueScreenCount%20desc&`$filter=blueScreenCount%20ge%201%20and%20blueScreenCount%20le%20500"
+$All_BSOD = Invoke-WebRequest -Uri $BSOD_URL -Method GET -Headers $Headers -UseBasicParsing
+$All_BSOD_JsonResponse = ($All_BSOD.Content | ConvertFrom-Json)
+$Get_All_BSOD = $All_BSOD_JsonResponse.value
+
+# We will parse all pages
+If($All_BSOD_JsonResponse.'@odata.nextLink')
+{
+ do {
+ $URL = $All_BSOD_JsonResponse.'@odata.nextLink'
+ $All_BSOD = Invoke-WebRequest -Uri $URL -Method GET -Headers $Headers -UseBasicParsing
+ $All_BSOD_JsonResponse = ($All_BSOD.Content | ConvertFrom-Json)
+ $Get_All_BSOD += $All_BSOD_JsonResponse.value
+ } until ($null -eq $All_BSOD_JsonResponse.'@odata.nextLink')
+}
+
+$BSOD_Array = @()
+$BSOD_Details_Array = @()
+
+ForEach($BSOD in $Get_All_BSOD)
+ {
+ $Device_Model = $BSOD.model
+ $Device_Name = $BSOD.deviceName
+ $BSOD_Count = $BSOD.blueScreenCount
+ $DeviceID = $BSOD.id
+ $Manufacturer = $BSOD.manufacturer
+ $restartCount = $BSOD.restartCount
+
+
+ # If we choose to get logs from SharePoint, we will check if there is a file on SharePoint corresponding to the device name
+ If($Use_SharePoint_Logs -eq $True)
+ {
+ $BSOD_File_Name = "BSOD_$Device_Name.zip"
+ $BSOD_Log_File = "/sites/DWP-Support/Documents partages/Windows/BSOD/$BSOD_File_Name"
+ $Get_Log_File = Get-PnPFile -Url $BSOD_Log_File -ea SilentlyContinue
+ If($Get_Log_File -ne $null)
+ {
+ $Log_File_Link = "$Log_File_Path/$BSOD_File_Name"
+ $Log_File_Date = $Get_Log_File.TimeLastModified
+ }
+ Else
+ {
+ $Log_File_Link = "No logs"
+ $Log_File_Date = ""
+ }
+ }
+
+ If($Manufacturer -eq "lenovo")
+ {
+ # $Model_MTM = $Device_Model.Substring(0,4)
+ # $Current_Model = $Get_Models | where-object { $_ -like "*$Model_MTM*"}
+ # $Device_Model = ($Current_Model.split("("))[0]
+
+ $Model_MTM = $Device_Model.Substring(0,4)
+ $Current_Model = ($Get_Models | where-object {($_ -like "*$Model_MTM*") -and ($_ -notlike "*-UEFI Lenovo*") -and ($_ -notlike "*dTPM*") -and ($_ -notlike "*Asset*") -and ($_ -notlike "*fTPM*")})[0]
+ $Device_Model = ($Current_Model.name.split("("))[0]
+ }
+
+ # There we will get all BSOD for all device
+ $StartupHistory_url = "https://graph.microsoft.com/beta/deviceManagement/userExperienceAnalyticsDeviceStartupHistory?" + '$filter=deviceId%20eq%20%27' + "$DeviceID%27"
+ $Get_StartupHistory = Invoke-WebRequest -Uri $StartupHistory_url -Method GET -Headers $Headers -UseBasicParsing
+ $Get_BSOD_JsonResponse = ($Get_StartupHistory.Content | ConvertFrom-Json)
+
+ $Get_last_BSOD = ($Get_BSOD_JsonResponse.value | Where {$_.restartCategory -eq "blueScreen"})[-1]
+
+ $Get_All_BSOD = ($Get_BSOD_JsonResponse.value | Where {$_.restartCategory -eq "blueScreen"})
+ foreach($BSOD in $Get_All_BSOD)
+ {
+ $Get_BSOD_Date = $BSOD.startTime
+ $Get_BSOD_Code = $BSOD.restartStopCode
+ $All_BSOD_Results += "$Get_BSOD_Date ($Get_BSOD_Code)`n"
+ $Get_Error_Label = ($Error_code | Where {$_.Key -eq $Get_BSOD_Code}).Value
+
+ $BSOD_Details_Obj = New-Object PSObject
+ Add-Member -InputObject $BSOD_Details_Obj -MemberType NoteProperty -Name "Device" -Value $Device_Name
+ Add-Member -InputObject $BSOD_Details_Obj -MemberType NoteProperty -Name "Model" -Value $Device_Model
+ Add-Member -InputObject $BSOD_Details_Obj -MemberType NoteProperty -Name "AllBSODDate" -Value $Get_BSOD_Date
+ Add-Member -InputObject $BSOD_Details_Obj -MemberType NoteProperty -Name "AllBSODCode" -Value $Get_BSOD_Code
+ Add-Member -InputObject $BSOD_Details_Obj -MemberType NoteProperty -Name "AllBSODCodeInfo" -Value $Get_Error_Label
+ $BSOD_Details_Array += $BSOD_Details_Obj
+ }
+
+ $Last_BSOD_Date = ($Get_last_BSOD.startTime)
+ $Last_BSOD_Code = $Get_last_BSOD.restartStopCode
+ $OS = $Get_last_BSOD.operatingSystemVersion
+ $restartFaultBucket = $Get_last_BSOD.operatingSystemVrestartFaultBucketersion
+ $isFeatureUpdate = $Get_last_BSOD.isFeatureUpdate
+ $isFirstLogin = $Get_last_BSOD.isFirstLogin
+ $Intune_ID = $Get_last_BSOD.deviceId
+
+ $Get_Last_Error_Label = ($Error_code | Where {$_.Key -eq $Last_BSOD_Code}).Value
+
+ $Device_URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$DeviceID"
+
+ $Get_Device_Info = Invoke-WebRequest -Uri $Device_URL -Method GET -Headers $Headers -UseBasicParsing
+ $Get_Device_Info_JsonResponse = ($Get_Device_Info.Content | ConvertFrom-Json)
+
+ $Device_enrolledDateTime = $Get_Device_Info_JsonResponse.enrolledDateTime
+ $Device_lastSyncDateTime = $Get_Device_Info_JsonResponse.lastSyncDateTime
+ $Device_totalStorageSpaceInBytes = $Get_Device_Info_JsonResponse.totalStorageSpaceInBytes
+ $Device_freeStorageSpaceInBytes = $Get_Device_Info_JsonResponse.freeStorageSpaceInBytes
+ $Device_autopilotEnrolled = $Get_Device_Info_JsonResponse.autopilotEnrolled
+ $Device_physicalMemoryInBytes = $Get_Device_Info_JsonResponse.physicalMemoryInBytes
+ $Device_processorArchitecture = $Get_Device_Info_JsonResponse.processorArchitecture
+ $Device_skuFamily = $Get_Device_Info_JsonResponse.skuFamily
+ $Device_skuNumber = $Get_Device_Info_JsonResponse.skuNumber
+
+ $Hardware_info_URL = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/" + $DeviceID + "?select=hardwareinformation"
+ $Get_Hardware_Info = Invoke-WebRequest -Uri $Hardware_info_URL -Method GET -Headers $Headers -UseBasicParsing
+ $Get_Hardware_Info_JsonResponse = ($Get_Hardware_Info.Content | ConvertFrom-Json).hardwareInformation
+
+ $Device_tpmSpecificationVersion = $Get_Hardware_Info_JsonResponse.tpmSpecificationVersion
+ $Device_operatingSystemEdition = $Get_Hardware_Info_JsonResponse.operatingSystemEdition
+ $Device_deviceFullQualifiedDomainName = $Get_Hardware_Info_JsonResponse.deviceFullQualifiedDomainName
+ $Device_deviceGuardVirtualizationBasedSecurityState = $Get_Hardware_Info_JsonResponse.deviceGuardVirtualizationBasedSecurityState
+ $Device_deviceGuardLocalSystemAuthorityCredentialGuardState = $Get_Hardware_Info_JsonResponse.deviceGuardLocalSystemAuthorityCredentialGuardState
+ $Device_ipAddressV4 = $Get_Hardware_Info_JsonResponse.ipAddressV4
+ $Device_systemManagementBIOSVersion = $Get_Hardware_Info_JsonResponse.systemManagementBIOSVersion
+ $Device_tpmManufacturer = $Get_Hardware_Info_JsonResponse.tpmManufacturer
+ $Device_tpmVersion = $Get_Hardware_Info_JsonResponse.tpmVersion
+
+ $BSOD_Obj = New-Object PSObject
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "Device" -Value $Device_Name
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "Model" -Value $Device_Model
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "BSODCount" -Value $BSOD_Count
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "OSVersion" -Value $OS
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "LastBSOD" -Value $Last_BSOD_Date
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "LastCode" -Value $Last_BSOD_Code
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "LastCodeInfo" -Value $Get_Last_Error_Label
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "BSODLogFile" -Value $Log_File_Link
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "BSODLogFileDate" -Value $Log_File_Date
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "AllBSOD" -Value $All_BSOD_Results
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "restartFaultBucket" -Value $restartFaultBucket
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "isFeatureUpdate" -Value $isFeatureUpdate
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "isFirstLogin" -Value $isFirstLogin
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "IntuneID" -Value $Intune_ID
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "Manufacturer" -Value $Manufacturer
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "restartCount" -Value $restartCount
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "enrolledDateTime" -Value $Device_enrolledDateTime
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "lastSyncDateTime" -Value $Device_lastSyncDateTime
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "totalStorageSpaceInBytes" -Value $Device_totalStorageSpaceInBytes
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "freeStorageSpaceInBytes" -Value $Device_freeStorageSpaceInBytes
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "autopilotEnrolled " -Value $Device_autopilotEnrolled
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "physicalMemoryInBytes" -Value $Device_physicalMemoryInBytes
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "processorArchitecture" -Value $Device_processorArchitecture
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "skuFamily" -Value $Device_skuFamily
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "skuNumber" -Value $Device_skuNumber
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "tpmSpecificationVersion" -Value $Device_tpmSpecificationVersion
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "operatingSystemEdition" -Value $Device_operatingSystemEdition
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "deviceFullQualifiedDomainName" -Value $Device_deviceFullQualifiedDomainName
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "ipAddressV4" -Value $Device_ipAddressV4
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "FullBIOSVersion" -Value $Device_systemManagementBIOSVersion
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "tpmManufacturer" -Value $Device_tpmManufacturer
+ Add-Member -InputObject $BSOD_Obj -MemberType NoteProperty -Name "tpmVersion" -Value $Device_tpmVersion
+ $BSOD_Array += $BSOD_Obj
+ }
+
+# There we will send all info to Log Analytics
+$BSOD_Json = $BSOD_Array | ConvertTo-Json
+$params = @{
+ CustomerId = $customerId
+ SharedKey = $sharedKey
+ Body = ([System.Text.Encoding]::UTF8.GetBytes($BSOD_Json))
+ LogType = "BSOD"
+}
+$LogResponse = Post-LogAnalyticsData @params
+
+
+$BSOD_Details_Json = $BSOD_Details_Array | ConvertTo-Json
+$params = @{
+ CustomerId = $customerId
+ SharedKey = $sharedKey
+ Body = ([System.Text.Encoding]::UTF8.GetBytes($BSOD_Details_Json))
+ LogType = "BSOD_Details"
+}
+$LogResponse = Post-LogAnalyticsData @params
diff --git a/intune/Intune Platform Scripts/LogAnalytics - Dell BIOS Reporting.ps1 b/intune/Intune Platform Scripts/LogAnalytics - Dell BIOS Reporting.ps1
new file mode 100644
index 0000000..1d006eb
--- /dev/null
+++ b/intune/Intune Platform Scripts/LogAnalytics - Dell BIOS Reporting.ps1
@@ -0,0 +1,478 @@
+$CustomerId = "" # Log Analytics Workspace ID
+$SharedKey = '' # Log Analytics Workspace Primary Key
+$LogType = "DellBIOSUpdate" # Custom log to create in lo Analytics
+$TimeStampField = "" # let to blank
+#*******************************************************************************
+
+# Log analytics functions
+# More info there: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api
+Function Build-Signature ($customerId, $sharedKey, $date, $contentLength, $method, $contentType, $resource)
+{
+ $xHeaders = "x-ms-date:" + $date
+ $stringToHash = $method + "`n" + $contentLength + "`n" + $contentType + "`n" + $xHeaders + "`n" + $resource
+
+ $bytesToHash = [Text.Encoding]::UTF8.GetBytes($stringToHash)
+ $keyBytes = [Convert]::FromBase64String($sharedKey)
+
+ $sha256 = New-Object System.Security.Cryptography.HMACSHA256
+ $sha256.Key = $keyBytes
+ $calculatedHash = $sha256.ComputeHash($bytesToHash)
+ $encodedHash = [Convert]::ToBase64String($calculatedHash)
+ $authorization = 'SharedKey {0}:{1}' -f $customerId,$encodedHash
+ return $authorization
+}
+
+# Create the function to create and post the request
+# More info there: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api
+Function Post-LogAnalyticsData($customerId, $sharedKey, $body, $logType)
+{
+ $method = "POST"
+ $contentType = "application/json"
+ $resource = "/api/logs"
+ $rfc1123date = [DateTime]::UtcNow.ToString("r")
+ $contentLength = $body.Length
+ $signature = Build-Signature `
+ -customerId $customerId `
+ -sharedKey $sharedKey `
+ -date $rfc1123date `
+ -contentLength $contentLength `
+ -method $method `
+ -contentType $contentType `
+ -resource $resource
+ $uri = "https://" + $customerId + ".ods.opinsights.azure.com" + $resource + "?api-version=2016-04-01"
+
+ $headers = @{
+ "Authorization" = $signature;
+ "Log-Type" = $logType;
+ "x-ms-date" = $rfc1123date;
+ "time-generated-field" = $TimeStampField;
+ }
+
+ $response = Invoke-WebRequest -Uri $uri -Method $method -ContentType $contentType -Headers $headers -Body $body -UseBasicParsing
+ return $response.StatusCode
+}
+
+
+$WMI_computersystem = gwmi win32_computersystem
+$Manufacturer = $WMI_computersystem.manufacturer
+If($Manufacturer -notlike "*dell*")
+ {
+ write-output "Poste non Dell"
+ EXIT 0
+ }
+
+
+$ddlCategoryWeb =[xml]@'
+
+'@
+
+$Script:dictionaryCategory = @{}
+$ddlCategoryWeb.select.option | Foreach {$Script:dictionaryCategory[$_.value] = $_.'#text'.Trim()}
+
+$Script:ddlCategoryWeb =[xml]@'
+
+'@
+
+
+Class Dell
+{
+
+
+ Static hidden [String]$_vendorName = "Dell"
+ hidden [Object[]] $_deviceCatalog
+ hidden [Object[]] $_deviceImgCatalog
+
+ # Contructor
+ Dell()
+ {
+ $this._deviceCatalog = [Dell]::GetDevicesCatalog()
+ }
+
+ #####################################################################
+ # Get all Data from DELL (Gz format)
+ #####################################################################
+ # https://www.dell.com/support/components/eula/en-us/eula/api
+
+ Static hidden [Object[]]GetDevicesCatalog()
+ {
+ $result = Invoke-WebRequest -Uri "https://www.dell.com/support/home/en-us/api/catalog/autosuggest" -UseBasicParsing -Headers @{
+ "method"="GET"
+ "authority"="www.dell.com"
+ "scheme"="https"
+ "cache-control"="max-age=0"
+ "upgrade-insecure-requests"="1"
+ "accept"="text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
+ "sec-fetch-site"="none"
+ "sec-fetch-mode"="navigate"
+ "sec-fetch-user"="?1"
+ "sec-fetch-dest"="document"
+ "accept-encoding"="gzip, deflate, br"
+ "accept-language"="en-US,en;q=0.9"
+ }
+
+ $jsonObject = $($result.Content | ConvertFrom-Json) | Select-Object -Property "PN","PC"
+ return $jsonObject
+
+ }
+
+ #########################################################################
+ # Find Model Based on User input
+ #########################################################################
+
+ [Object[]]FindModel($userInputModel)
+ {
+ $SearchResultFormatted = @()
+ $userSearchResult = $this._deviceCatalog.Where({$_.PN -eq $userInputModel})
+
+ foreach($obj in $userSearchResult){
+
+ $SearchResultFormatted += [PSCustomObject]@{
+ Name=$obj.PN;
+ Guid=$obj.PC;
+ Path="/product/$($obj.PC)";
+ Image= $(
+ $obj = $this._deviceImgCatalog.Where({$_.Id -eq $obj.PC})
+ if($obj.Image){
+ "https:$($obj.Image)"
+ }else{
+ 'https://i.dell.com/is/image/DellContent/content/dam/global-site-design/product_images/esupport/icons/esupport-blank-space-v2.png'
+ }
+ )
+ }
+ }
+ return $SearchResultFormatted
+ }
+
+ #########################################################################
+ # Get Json Data for a Dell Device form its GUID
+ #########################################################################
+
+ hidden [Object[]] GetModelWebResponse($modelGUID)
+ {
+
+ # ==== For Download =======
+ $modelGzURL = "https://downloads.dell.com/published/data/drivers/$($ModelGUID).gz"
+ $gzContent = Invoke-WebRequest -Uri $modelGzURL -UseBasicParsing -Headers @{
+ "method"="GET"
+ "authority"="www.dell.com"
+ "scheme"="https"
+ "cache-control"="max-age=0"
+ "upgrade-insecure-requests"="1"
+ "accept"="text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
+ "sec-fetch-site"="none"
+ "sec-fetch-mode"="navigate"
+ "sec-fetch-user"="?1"
+ "sec-fetch-dest"="document"
+ "accept-language"="en-US,en;q=0.9"
+ }
+
+ # === Convert Stream Data to viewable Content =====
+ $data = $gzContent.Content
+
+ $memoryStream = [System.IO.MemoryStream]::new()
+ $memoryStream.Write($data, 0, $data.Length)
+ $memoryStream.Seek(0,0) | Out-Null
+
+ $gZipStream = [System.IO.Compression.GZipStream]::new($memoryStream, [System.IO.Compression.CompressionMode]::Decompress)
+ $streamReader = [System.IO.StreamReader]::new($gZipStream)
+ $xmlModelInputRaw = $streamReader.readtoend()
+
+ # === Parse content =======================
+ $xmlModelInput = New-Object -TypeName System.Xml.XmlDocument
+ $xmlModelInput.LoadXml($xmlModelInputRaw)
+
+ return $xmlModelInput
+ }
+ #########################################################################
+ # Load All Drivers to exploitable format
+ #########################################################################
+
+ hidden [Object[]]LoadDriversFromWebResponse($webresponse)
+ {
+ $DownloadItemsObj = [Collections.ArrayList]@()
+
+ if($webresponse.Product.Drivers){
+
+ $DownloadItemsRaw = $webresponse.Product.Drivers.Driver | Sort-Object -Property Title
+ $DownloadItemsRawGrouped = $DownloadItemsRaw | Group-Object -Property Title
+
+ ForEach ($Itemgroup in $DownloadItemsRawGrouped){
+ $item = $Itemgroup.group | Sort-Object -Property LastUpdateDate | Select-Object -Last 1
+
+ [Array]$ExeFiles = $item.File
+ $current = [PSCustomObject]@{
+ Title =$item.Title;
+ Category=$Script:dictionaryCategory[$item.Category];
+ Class=$item.Type;
+ OperatingSystemKeys=$item.OS.Split(",");
+
+ Files= [Array]($ExeFiles | ForEach-Object {
+ if($_){
+ [PSCustomObject]@{
+ IsSelected=$false;
+ ID=$item.ID;
+ Name=$_.FileName.Split('/')[-1];
+ Size="$([Math]::Round($_.Size/1MB, 2)) MB";
+ Type=$item.Type;
+ Version=$item.VendorVersion
+ URL="https://dl.dell.com/$($_.FileName)";
+ Priority=$item.Importance ;
+ Date=$item.LastUpdateDate
+ }
+ }
+ })
+ }
+
+ $DownloadItemsObj.Add($current) | Out-Null
+ }
+
+ # ForEach ($Itemgroup in $DownloadItemsRawGrouped){
+ # $item = $null
+ # if($Itemgroup.Group.Count -ge 2){
+ # $maximum = 0
+ # foreach($vendorVer in $Itemgroup.Group){
+
+ # if($vendorVer.VendorVersion -gt $maximum){
+ # $maximum = $vendorVer.VendorVersion
+ # $item = $vendorVer
+ # }
+ # }
+ # }else{
+ # $item = $Itemgroup.Group
+
+ # }
+
+ # [Array]$ExeFiles = $item.File
+ # $current = [PSCustomObject]@{
+ # Title =$item.Title;
+ # Category=$Script:dictionaryCategory[$item.Category];
+ # Class=$item.Type;
+ # OperatingSystemKeys=$item.OS.Split(",");
+
+ # Files= [Array]($ExeFiles | ForEach-Object {
+ # if($_){
+ # [PSCustomObject]@{
+ # IsSelected=$false;
+ # ID=$item.ID;
+ # Name=$_.FileName.Split('/')[-1];
+ # Size="$([Math]::Round($_.Size/1MB, 2)) MB";
+ # Type=$item.Type;
+ # Version=$item.VendorVersion
+ # URL="https://dl.dell.com/$($_.FileName)";
+ # Priority=$item.Importance ;
+ # Date=$item.LastUpdateDate
+ # }
+ # }
+ # })
+ # }
+
+ # $DownloadItemsObj.Add($current) | Out-Null
+ # }
+ }
+
+ return $DownloadItemsObj
+ }
+}
+
+$SerialNumber = $((Get-WmiObject -Class Win32_BIOS).SerialNumber).Trim()
+$CurrentOS = (gwmi Win32_OperatingSystem).Version
+
+Try
+ {
+ $System_SKU = $((Get-WmiObject -Class Win32_ComputerSystem).SystemSKUNumber).Trim()
+ }
+catch
+ {
+ Try
+ {
+ $System_SKU = $((Get-ItemProperty -Path HKLM:\HARDWARE\DESCRIPTION\System\BIOS).SystemSKU).Trim()
+ }
+ catch
+ {
+ $System_SKU = "Unknown"
+ }
+ }
+
+
+
+$Current_User_Profile = Get-ChildItem Registry::\HKEY_USERS -ea silentlycontinue | Where-Object { Test-Path "$($_.pspath)\Volatile Environment" } | ForEach-Object { (Get-ItemProperty "$($_.pspath)\Volatile Environment").USERPROFILE }
+$Username = $Current_User_Profile.split("\")[2]
+
+$Chassis = (Get-CimInstance -ClassName Win32_SystemEnclosure).ChassisTypes
+$Device_Chassis = [string]$chassis
+If($Chassis -eq 9 -or $Chassis -eq 10 -or $Chassis -eq 14 -or $Chassis -eq 8 -or $Chassis -eq 11 -or $Chassis -eq 12 -or $Chassis -eq 18 -or $Chassis -eq 21 -or $Chassis -eq 31 -or $Chassis -eq 32)
+ {
+ $Chassis_Type = "Laptop"
+ }
+else
+ {
+ $Chassis_Type = "Desktop"
+ }
+
+$BIOS_Version = Get-ciminstance -class win32_bios
+$Current_BIOS_Version = $BIOS_Version.SMBIOSBIOSVersion
+$Current_BIOS_Version_ID = $Current_BIOS_Version.Split("(")[0]
+
+$BIOS_release_date = (gwmi win32_bios | select *).ReleaseDate
+$Format_BIOS_release_date = [DateTime]::new((([wmi]"").ConvertToDateTime($BIOS_release_date)).Ticks, 'Local').ToUniversalTime()
+
+$Get_Current_Date = get-date
+$Diff_CurrentBIOS_and_Today = $Get_Current_Date - $Format_BIOS_release_date
+$Diff_Today_CurrentBIOS = $Diff_CurrentBIOS_and_Today.Days
+
+$BIOS_Maj_Version = $BIOS_Version.SystemBiosMajorVersion
+$BIOS_Min_Version = $BIOS_Version.SystemBiosMinorVersion
+$Script:Get_Current_BIOS_Version = "$BIOS_Maj_Version.$BIOS_Min_Version"
+$Get_Current_BIOS_Version = $Current_BIOS_Version
+$Get_Current_BIOS_Version_Formated = [System.Version]$Current_BIOS_Version
+
+
+$WMI_computersystem = gwmi win32_computersystem
+$Get_Current_Model = (($WMI_computersystem).Model)
+
+$BIOS_Ver_Model = "$Get_Current_BIOS_Version ($Get_Current_Model)"
+
+# $Get_Current_Model = "Latitude E7270"
+# $Get_Current_Model = "Latitude E5270"
+# $Get_Current_Model = "XPS 13 9360"
+# $Get_Current_Model = "Latitude 7390"
+# $Get_Current_Model = "Latitude 5320"
+# $Get_Current_Model = "Precision 5530"
+# $Get_Current_Model = "Precision 5540"
+
+
+$RunspaceScopeVendor = [Dell]::new()
+$Search_Model = $RunspaceScopeVendor.FindModel("$Get_Current_Model")
+If($Search_Model -ne $null)
+ {
+ $Get_GUID = $Search_Model.Guid
+ $wbrsp = $RunspaceScopeVendor.GetModelWebResponse("$Get_GUID")
+ $DriversModeldatas = $RunspaceScopeVendor.LoadDriversFromWebResponse($wbrsp)
+ $DriversModelDatasForOsType = [Array]($DriversModeldatas | Where-Object {($_.Title -like "*System BIOS*" )} )
+ $Get_BIOS_Update = $DriversModelDatasForOsType.files | Where {$_ -like "*EXE*"}
+ $Get_New_BIOS_Version = $Get_BIOS_Update.version
+ $Get_New_BIOS_Version_Formated = [System.Version]$Get_New_BIOS_Version
+
+ $Get_New_BIOS_Date = $Get_BIOS_Update.Date
+ $Get_New_BIOS_ID = $Get_BIOS_Update.ID
+
+ [int]$Get_New_BIOS_Date_Month = $Get_New_BIOS_Date.split("/")[0]
+ [int]$Get_New_BIOS_Date_Day = $Get_New_BIOS_Date.split("/")[1]
+ [int]$Get_New_BIOS_Date_Year = $Get_New_BIOS_Date.split("/")[2]
+
+ If($Get_New_BIOS_Date_month -lt 10)
+ {
+ $Get_Month = "0$Get_New_BIOS_Date_month"
+ }
+ Else
+ {
+ $Get_Month = "$Get_New_BIOS_Date_month"
+ }
+
+ If($Get_New_BIOS_Date_Day -lt 10)
+ {
+ $Get_Day = "0$Get_New_BIOS_Date_Day"
+ }
+ Else
+ {
+ $Get_Day = "$Get_New_BIOS_Date_Day"
+ }
+
+ $Get_New_BIOS_Date = "$Get_Month/$Get_Day/$Get_New_BIOS_Date_Year"
+
+ $Get_Converted_BIOS_Date = [Datetime]::ParseExact($Get_New_BIOS_Date, 'MM/dd/yyyy', $null)
+ # $Is_BIOS_NotUptoDate = ($Get_Current_BIOS_Version -lt $Get_New_BIOS_Version)
+ $Is_BIOS_NotUptoDate = ($Get_Current_BIOS_Version_Formated -lt $Get_New_BIOS_Version_Formated)
+
+ If($Is_BIOS_NotUptoDate -eq $null)
+ {
+ $Script:Script_Status = "Error"
+ $Script:BIOS_UpToDate = ""
+ $Script:BIOS_New_Version = $Get_New_BIOS_Version
+ $Script:BIOSDaysOld = 0
+ $Script:Exit_Status = 0
+ }
+ ElseIf($Is_BIOS_NotUptoDate -eq $True)
+ {
+ $BIOSDaysOld = ($Get_Converted_BIOS_Date - $Format_BIOS_release_date).Days
+ $Script:Script_Status = "Success"
+ $Script:BIOS_UpToDate = "No"
+ $Script:BIOS_New_Version = $Get_New_BIOS_Version
+ $Script:Exit_Status = 1
+ }
+ Else
+ {
+ $Script:Script_Status = "Success"
+ $Script:BIOS_UpToDate = "Yes"
+ $Script:BIOS_New_Version = $Get_New_BIOS_Version
+ $Script:Exit_Status = 0
+ }
+
+ If($BIOSDaysOld -ge 1 -and $BIOSDaysOld -lt 180)
+ {
+ $Diff_Delay = "1_180"
+ }
+ ElseIf($BIOSDaysOld -ge 180 -and $BIOSDaysOld -lt 365)
+ {
+ $Diff_Delay = "180_365"
+ }
+ ElseIf($BIOSDaysOld -ge 365 -and $BIOSDaysOld -lt 730)
+ {
+ $Diff_Delay = "365_730"
+ }
+ ElseIf($BIOSDaysOld -ge 730)
+ {
+ $Diff_Delay = "730_More"
+ }
+ }
+
+
+# Creating the object to send to Log Analytics custom logs
+$Properties = [Ordered] @{
+ "ScriptStatus" = $Script_Status
+ "BIOSUpToDate" = $BIOS_UpToDate
+ "ComputerName" = $env:computername
+ "UserName" = $username
+ "SerialNumber" = $SerialNumber
+ "CurrentOS" = $CurrentOS
+ "SystemSKU" = $System_SKU
+ "ModelFamilyName" = $Get_Current_Model
+ "BIOSCurrentVersion" = $Get_Current_BIOS_Version
+ "BIOSCurrentVersionFull" = $Current_BIOS_Version
+ "BIOSVersionModel" = $BIOS_Ver_Model
+ "CurrentBIOSDate" = $Format_BIOS_release_date
+ "BIOSNewVersion" = $BIOS_New_Version
+ "BIOSNewDate" = $Get_Converted_BIOS_Date
+ "GetNewBIOSID" = $Get_New_BIOS_ID
+ "NotUpdatedSince" = $BIOSDaysOld
+ "DateDiffDelay" = $Diff_Delay
+ "BIOSDaysOld" = $BIOSDaysOld
+ "DiffTodayCurrentBIOS" = $Diff_Today_CurrentBIOS
+ "ChassisDevice" = $Device_Chassis
+ "ChassisType" = $Chassis_Type
+}
+
+$BIOSUpdateResult = New-Object -TypeName "PSObject" -Property $Properties
+# $BIOSUpdateResult
+$BIOSUpdateResultJson = $BIOSUpdateResult | ConvertTo-Json
+$params = @{
+ CustomerId = $customerId
+ SharedKey = $sharedKey
+ Body = ([System.Text.Encoding]::UTF8.GetBytes($BIOSUpdateResultJson))
+ LogType = $LogType
+}
+$LogResponse = Post-LogAnalyticsData @params
+
+If($Exit_Status -eq 1)
+ {
+ EXIT 1
+ }
+Else
+ {
+ EXIT 0
+ }
+
diff --git a/intune/Intune Scripts/Disable_MSOnline.ps1 b/intune/Intune Scripts/Disable_MSOnline.ps1
deleted file mode 100644
index 89eeaa5..0000000
--- a/intune/Intune Scripts/Disable_MSOnline.ps1
+++ /dev/null
@@ -1,2 +0,0 @@
-new-item -Path HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Internet
-New-ItemProperty -Path HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Internet -Name OnlineStorage -PropertyType DWORD -Value 3
\ No newline at end of file
diff --git a/intune/Proactive Remediations/MEM_RemoveSccmClient-main/Detect_SCCMclient.ps1 b/intune/Proactive Remediations/MEM - Remove SCCM Client/Detect_SCCMclient.ps1
similarity index 100%
rename from intune/Proactive Remediations/MEM_RemoveSccmClient-main/Detect_SCCMclient.ps1
rename to intune/Proactive Remediations/MEM - Remove SCCM Client/Detect_SCCMclient.ps1
diff --git a/intune/Proactive Remediations/MEM_RemoveSccmClient-main/Fix_SCCMclient.ps1 b/intune/Proactive Remediations/MEM - Remove SCCM Client/Fix_SCCMclient.ps1
similarity index 100%
rename from intune/Proactive Remediations/MEM_RemoveSccmClient-main/Fix_SCCMclient.ps1
rename to intune/Proactive Remediations/MEM - Remove SCCM Client/Fix_SCCMclient.ps1
diff --git a/intune/Proactive Remediations/MEM_RemoveSccmClient-main/README.md b/intune/Proactive Remediations/MEM - Remove SCCM Client/README.md
similarity index 100%
rename from intune/Proactive Remediations/MEM_RemoveSccmClient-main/README.md
rename to intune/Proactive Remediations/MEM - Remove SCCM Client/README.md
diff --git a/intune/Proactive Remediations/SystemReboot-Checker/Detect_Uptime.ps1 b/intune/Proactive Remediations/System Update Check-Notifications/Detect_Uptime.ps1
similarity index 100%
rename from intune/Proactive Remediations/SystemReboot-Checker/Detect_Uptime.ps1
rename to intune/Proactive Remediations/System Update Check-Notifications/Detect_Uptime.ps1
diff --git a/intune/Proactive Remediations/SystemReboot-Checker/System_Notification.ps1 b/intune/Proactive Remediations/System Update Check-Notifications/System_Notification.ps1
similarity index 100%
rename from intune/Proactive Remediations/SystemReboot-Checker/System_Notification.ps1
rename to intune/Proactive Remediations/System Update Check-Notifications/System_Notification.ps1
diff --git a/intune/SystemRenamer/SystemRenamer-Remediation/RenameComputer-Detect.ps1 b/intune/Proactive Remediations/SystemRenamer-Remediation/RenameComputer-Detect.ps1
similarity index 100%
rename from intune/SystemRenamer/SystemRenamer-Remediation/RenameComputer-Detect.ps1
rename to intune/Proactive Remediations/SystemRenamer-Remediation/RenameComputer-Detect.ps1
diff --git a/intune/SystemRenamer/SystemRenamer-Remediation/RenameComputer-Remediate.ps1 b/intune/Proactive Remediations/SystemRenamer-Remediation/RenameComputer-Remediate.ps1
similarity index 100%
rename from intune/SystemRenamer/SystemRenamer-Remediation/RenameComputer-Remediate.ps1
rename to intune/Proactive Remediations/SystemRenamer-Remediation/RenameComputer-Remediate.ps1
diff --git a/intune/Proactive Remediations/Check-SystemHealth/Remediate.ps1 b/intune/Proactive Remediations/WIndows Image HealthCheck/Remediate.ps1
similarity index 100%
rename from intune/Proactive Remediations/Check-SystemHealth/Remediate.ps1
rename to intune/Proactive Remediations/WIndows Image HealthCheck/Remediate.ps1
diff --git a/intune/Proactive Remediations/Check-SystemHealth/detect.ps1 b/intune/Proactive Remediations/WIndows Image HealthCheck/detect.ps1
similarity index 100%
rename from intune/Proactive Remediations/Check-SystemHealth/detect.ps1
rename to intune/Proactive Remediations/WIndows Image HealthCheck/detect.ps1
diff --git a/intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Detection.ps1 b/intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Detection.ps1
deleted file mode 100644
index 4a6c14d..0000000
--- a/intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Detection.ps1
+++ /dev/null
@@ -1,47 +0,0 @@
-<#
-Version: 1.0
-Author: Jannik Reinhard (jannikreinhard.com)
-Script: Move-Windows11Taskbar
-Description:
-Change the tastkbar alignment
-Release notes:
-Version 1.0: Init
-#>
-
-
-function Test-RegistryValue {
- param (
- [parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]$Path,
-
- [parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]$Value
- )
-
- try {
- Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
- return $true
- }catch {
- return $false
- }
-}
-
-
-$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
-$value = "TaskbarAl"
-
-
-if(-not (Get-CimInstance Win32_OperatingSystem -Property *).Caption -like "*Windows 11*"){
- Exit 0
-}
-
-
-if((Test-RegistryValue -Path $path -Value $value)){
- if((Get-ItemProperty -path $path -name $value).TaskbarAl -eq "0"){
- Exit 0
- }
-}else {
- Exit 1
-}
-
-
diff --git a/intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Remediation.ps1 b/intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Remediation.ps1
deleted file mode 100644
index 2f826a9..0000000
--- a/intune/Proactive Remediations/Win11 Left Start Menu/Move-Windows11Taskbar-Remediation.ps1
+++ /dev/null
@@ -1,41 +0,0 @@
-<#
-Version: 1.0
-Author: Jannik Reinhard (jannikreinhard.com)
-Script: Move-Windows11Taskbar
-Description:
-Change the tastkbar alignment
-Release notes:
-Version 1.0: Init
-#>
-
-
-function Test-RegistryValue {
- param (
- [parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]$Path,
-
- [parameter(Mandatory=$true)]
- [ValidateNotNullOrEmpty()]$Value
- )
-
- try {
- Get-ItemProperty -Path $Path | Select-Object -ExpandProperty $Value -ErrorAction Stop | Out-Null
- return $true
- }catch {
- return $false
- }
-}
-
-$path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
-$value = "TaskbarAl"
-
-if(Test-Path $path){
- try{
- Set-ItemProperty -Path $path -Name $value -Value 0 -Force
- Exit 0
- }catch{
- Exit 1
- }
-}else{
- Exit 1
-}
diff --git a/intune/Proactive Remediations/WinVerifyTrust Signature Remediation/detect.ps1 b/intune/Proactive Remediations/WinVerifyTrust Signature Remediation/detect.ps1
new file mode 100644
index 0000000..c8f7a6e
--- /dev/null
+++ b/intune/Proactive Remediations/WinVerifyTrust Signature Remediation/detect.ps1
@@ -0,0 +1,31 @@
+function compareRegistryValue {
+ param (
+ [string]$path,
+ [string]$keyName,
+ [string]$value
+ )
+
+ $currentValue = (Get-ItemProperty -Path $path -Name $keyName).$keyName
+
+ if ($currentValue -eq $value) {
+ return $true
+ } else {
+ return $false
+ }
+}
+
+$thirtyTwo = compareRegistryValue -path "HKLM:\Software\Microsoft\Cryptography\Wintrust\Config" -keyName "EnableCertPaddingCheck" -value "1"
+
+if ((Get-WmiObject win32_operatingsystem | select osarchitecture).osarchitecture -eq "64-bit") {
+ $sixtyFour = compareRegistryValue -path "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config" -keyName "EnableCertPaddingCheck" -value "1"
+} else {
+ $sixtyFour = $true
+}
+
+if ($thirtyTwo -and $sixtyFour) {
+ Write-Output "The registry key is set to the expected value."
+ exit 0
+} else {
+ Write-Output "The registry key is not set to the expected value."
+ exit 1
+}
\ No newline at end of file
diff --git a/intune/Proactive Remediations/WinVerifyTrust Signature Remediation/remediate.ps1 b/intune/Proactive Remediations/WinVerifyTrust Signature Remediation/remediate.ps1
new file mode 100644
index 0000000..a48b4c2
--- /dev/null
+++ b/intune/Proactive Remediations/WinVerifyTrust Signature Remediation/remediate.ps1
@@ -0,0 +1,27 @@
+function createRegistryKey {
+ param (
+ [string]$path
+ )
+
+ New-Item -Path $path -Force
+}
+
+function setRegistryKey {
+ param (
+ [string]$path,
+ [string]$keyName,
+ [string]$value
+ )
+
+ Set-ItemProperty -Path $path -Name $keyName -Value $value
+}
+
+createRegistryKey -path "HKLM:\Software\Microsoft\Cryptography\Wintrust"
+createRegistryKey -path "HKLM:\Software\Microsoft\Cryptography\Wintrust\Config"
+setRegistryKey -path "HKLM:\Software\Microsoft\Cryptography\Wintrust\Config" -keyName "EnableCertPaddingCheck" -value "1"
+
+if ((Get-WmiObject win32_operatingsystem | select osarchitecture).osarchitecture -eq "64-bit") {
+ createRegistryKey -path "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust"
+ createRegistryKey -path "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config"
+ setRegistryKey -path "HKLM:\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config" -keyName "EnableCertPaddingCheck" -value "1"
+}