Signin Freq Intune Enrollment

<# .SYNOPSIS Sign-in Frequency for Intune Enrollment .DESCRIPTION Ensures Conditional Access policies require frequent sign-in for device enrollment .NOTES NL Baseline v2.0 #> #Requires -Version 5.1 #Requires -Modules Microsoft.Graph [CmdletBinding()] param([switch]$Monitoring) $ErrorActionPreference = 'Stop' Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "Sign-in Frequency Intune Enrollment" -ForegroundColor Cyan Write-Host "========================================`n" -ForegroundColor Cyan function Invoke-Monitoring { try { Connect-MgGraph -Scopes "Policy.Read.All" -ErrorAction Stop -NoWelcome $policies = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies" $result = @{ enrollmentPolicies = 0; policies = @() } foreach ($policy in $policies.value) { if ($policy.state -eq 'enabled' -and $policy.sessionControls.signInFrequency) { if ($policy.conditions.applications.includeUserActions -contains 'urn:user:registerdevice') { $result.enrollmentPolicies++ $result.policies += $policy.displayName Write-Host " [OK] ENROLLMENT POLICY: $($policy.displayName)" -ForegroundColor Green Write-Host " Sign-in frequency: $($policy.sessionControls.signInFrequency.value) $($policy.sessionControls.signInFrequency.type)" -ForegroundColor Cyan } } } Write-Host "`n Summary:" -ForegroundColor Cyan Write-Host " Enrollment sign-in frequency policies: $($result.enrollmentPolicies)" -ForegroundColor $( if ($result.enrollmentPolicies -gt 0) { 'Green' }else { 'Yellow' } ) Write-Host "`n Security Benefits:" -ForegroundColor Cyan Write-Host " • Requires frequent re-authentication" -ForegroundColor Gray Write-Host " • Reduces device compromise risk" -ForegroundColor Gray Write-Host " • Ensures active user verification" -ForegroundColor Gray if ($result.enrollmentPolicies -gt 0) { Write-Host "`n[OK] COMPLIANT - Enrollment policies configured" -ForegroundColor Green exit 0 } else { Write-Host "`n[FAIL] NON-COMPLIANT - No enrollment sign-in frequency!" -ForegroundColor Red exit 1 } } catch { Write-Host "ERROR: $_" -ForegroundColor Red exit 2 } } try { if ($Monitoring) { Invoke-Monitoring } else { Write-Host "Use: -Monitoring" -ForegroundColor Yellow } } catch { throw } finally { Write-Host "`n========================================`n" -ForegroundColor Cyan } function Invoke-Remediation { <# .SYNOPSIS Herstelt de configuratie naar de gewenste staat .DESCRIPTION Dit is een monitoring-only control, remediation delegeert naar monitoring #> [CmdletBinding()] param() Write-Host "[INFO] Dit is een monitoring-only control" -ForegroundColor Yellow Write-Host "[INFO] Running monitoring check..." -ForegroundColor Cyan Invoke-Monitoring }