-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathProvision-SurfaceHub.ps1
85 lines (68 loc) · 4.87 KB
/
Provision-SurfaceHub.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#Requires -Modules @{ModuleName="AzureADPreview";ModuleVersion="2.0.2.85"}
#Pre-Reqs
##Exchange access to create mailbox
##AAD access to create group, license user
##Azure subscription with rights to create resources
#This script will
#Create Surface Hub account
#Set location usage & Meeting Room license
#Create Dynamic AAD Device Group on OS = SurfaceHub
#Provision Azure Log Analytics workspace and retrieve customerID & key, Install SurfaceHub Solution
#Configure Intune policies for Surface Hub and set LA tenant info
#PowerShell modules required
#AzureADPreview
#Azure
#Microsoft.Graph.Intune
#ExchangeOnlineManagement
#User Input Required
$UPN = "[email protected]"
$usagelocation = "US"
$workspacename = "surfacehub"
$ResourceGroupName = "USE-SurfaceHub-RG"
$RGLocation = "eastus"
$emailowner = "[email protected]"
#Calculated Variables
$alias = $upn.split("@")[0]
$password = (New-Guid).tostring()
$params1 = @{"OwnerEmail"="$emailowner"}
#Connect to resources
Connect-AzureAD
Connect-MSGraph
Connect-ExchangeOnline
Add-AzAccount
$subscription = get-azsubscription |out-gridview -passthru
Select-azsubscription -subscription $subscription
#Create Surface Hub account
New-Mailbox -MicrosoftOnlineServicesID $UPN -Alias $alias -Name $UPN -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "$password" -AsPlainText -Force)
Start-Sleep 15
Set-CalendarProcessing -Identity $UPN -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
$user = Get-AzureADUser -SearchString "$($alias)"
#Set Usage Location
Set-AzureADUser -ObjectId $user.ObjectId -UsageLocation $usagelocation
# Create the objects we'll need to add and remove Meeting Room license
$license = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
$licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
# Find the SkuID of the license we want to add - in this example we'll use the O365_BUSINESS_PREMIUM license
$license.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value "MEETING_ROOM" -EQ).SkuID
# Set the Office license as the license we want to add in the $licenses object
$licenses.AddLicenses = $license
# Call the Set-AzureADUserLicense cmdlet to set the license.
Set-AzureADUserLicense -ObjectId $user.objectid -AssignedLicenses $licenses
#Create AAD Device Group
$group = New-AzureADMSGroup -DisplayName "Surface Hub Device Group" -Description "Surface Hub Devices" -MailEnabled $False -MailNickName "SurfaceHubDeviceGroup" -SecurityEnabled $True -GroupTypes "DynamicMembership" -MembershipRule "(device.deviceOSType -eq ""SurfaceHub"")" -MembershipRuleProcessingState "On"
#Provision Azure Log Analytics workspace
New-AzResourceGroup -Name $ResourceGroupName -Location $RGLocation -Tag $params1
$LAWorkspace = New-AzOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupName -Name $workspacename -Location $RGLocation -Sku standalone
$LAWorkspaceCustomerId = $LAWorkspace.CustomerId.Guid
$LAWorkspaceKey = (Get-AzOperationalInsightsWorkspaceSharedKey -ResourceGroupName $ResourceGroupName -Name $workspacename).PrimarySharedKey
Set-AzOperationalInsightsIntelligencePack -ResourceGroupName $ResourceGroupName -WorkspaceName $workspacename -IntelligencePackName SurfaceHub -Enabled $true
#Configure Intune policies
$IntuneHubPolicy1 = New-IntuneDeviceConfigurationPolicy -displayName "Surface Hub Microsoft Teams" -windows10TeamGeneralConfiguration -azureOperationalInsightsBlockTelemetry $false -azureOperationalInsightsWorkspaceId $LAWorkspaceCustomerId -azureOperationalInsightsWorkspaceKey $LAWorkspaceKey -welcomeScreenMeetingInformation showOrganizerAndTimeAndSubject -maintenanceWindowStartTime 00:00:00.0000000 -maintenanceWindowDurationInHours 4
New-IntuneDeviceConfigurationPolicyAssignment -deviceConfigurationId $IntuneHubPolicy1.id -target (New-Object PSObject -Property ([Ordered]@{'@odata.type' = '#microsoft.graph.groupAssignmentTarget'; groupId = $group.Id}))
#$IntuneHubPolicy2 = New-IntuneDeviceConfigurationPolicy -displayName "Surface Hub Microsoft Teams" -omaSettings (New-Object PSObject -Property ([Ordered]@{'@odata.type' = '#microsoft.graph.omaSettingInteger'; 'displayName' = 'Teams Mode'; 'omaUri' = './Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode'; 'value' = '1'}))
#New-IntuneDeviceConfigurationPolicyAssignment -deviceConfigurationId $IntuneHubPolicy2.id -target (New-Object PSObject -Property ([Ordered]@{'@odata.type' = '#microsoft.graph.groupAssignmentTarget'; groupId = $group.Id}))
##Clean-up
#Remove-Mailbox -Identity $UPN -Confirm
#Remove-AzureADMSGroup -Id $group.Id
#Remove-AzResourceGroup -Name $ResourceGroupName
#Remove-IntuneDeviceConfigurationPolicy -deviceConfigurationId $IntuneHubPolicy1.deviceConfigurationId