intune deployment for Defender fixes

KelvinTegelaar · KelvinTegelaar · commit a308f034213d · 2024-08-19T12:53:57.000+02:00
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1
@@ -35,8 +35,14 @@ Function Invoke-AddDefenderDeployment {
                 iosMobileApplicationManagementEnabled               = [bool]$Compliance.appSync
                 microsoftDefenderForEndpointAttachEnabled           = [bool]$true
             } | ConvertTo-Json -Compress
-            $SettingsRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/' -tenantid $tenant -type POST -body $SettingsObj -AsApp $true
-            "$($Tenant): Successfully set Defender Compliance and Reporting settings"
+            $ExistingSettings = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/fc780465-2017-40d4-a0c5-307022471b92' -tenantid $tenant
+            if ($ExistingSettings) {
+                "Defender Intune Configuration already active for $($Tenant). Skipping"
+            } else {
+                $SettingsRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/mobileThreatDefenseConnectors/' -tenantid $tenant -type POST -body $SettingsObj -AsApp $true
+                "$($Tenant): Successfully set Defender Compliance and Reporting settings"
+            }
+
 
             $Settings = switch ($PolicySettings) {
                 { $_.ScanArchives } {
@@ -210,7 +216,7 @@ Function Invoke-AddDefenderDeployment {
                 settings          = @($EDRSettings)
             }
             Write-Host ( $EDRbody)
-            $CheckExististingEDR = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant | Where-Object -Property Name -eq 'EDR Configuration'
+            $CheckExististingEDR = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $tenant | Where-Object -Property Name -EQ 'EDR Configuration'
             if ('EDR Configuration' -in $CheckExististingEDR.Name) {
                 "$($Tenant): EDR Policy already exists. Skipping"
             } else {
