forked from microsoft/Microsoft365DSC
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AADLifecycleWorkflowSettings - Initial Release
- Loading branch information
1 parent
7fef33f
commit 684af2d
Showing
8 changed files
with
587 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
368 changes: 368 additions & 0 deletions
368
...DSC/DSCResources/MSFT_AADLifecycleWorkflowSettings/MSFT_AADLifecycleWorkflowSettings.psm1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,368 @@ | ||
| function Get-TargetResource | ||
| { | ||
| [CmdletBinding()] | ||
| [OutputType([System.Collections.Hashtable])] | ||
| param | ||
| ( | ||
| [Parameter(Mandatory = $true)] | ||
| [System.String] | ||
| $IsSingleInstance, | ||
|
|
||
| [Parameter()] | ||
| [System.UInt32] | ||
| $WorkflowScheduleIntervalInHours, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $SenderDomain, | ||
|
|
||
| [Parameter()] | ||
| [System.Boolean] | ||
| $UseCompanyBranding, | ||
|
|
||
| [Parameter()] | ||
| [System.Management.Automation.PSCredential] | ||
| $Credential, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $ApplicationId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $TenantId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $CertificateThumbprint, | ||
|
|
||
| [Parameter()] | ||
| [Switch] | ||
| $ManagedIdentity, | ||
|
|
||
| [Parameter()] | ||
| [System.String[]] | ||
| $AccessTokens | ||
| ) | ||
|
|
||
| New-M365DSCConnection -Workload 'MicrosoftGraph' ` | ||
| -InboundParameters $PSBoundParameters | Out-Null | ||
|
|
||
| #Ensure the proper dependencies are installed in the current environment. | ||
| Confirm-M365DSCDependencies | ||
|
|
||
| #region Telemetry | ||
| $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
| $CommandName = $MyInvocation.MyCommand | ||
| $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
| -CommandName $CommandName ` | ||
| -Parameters $PSBoundParameters | ||
| Add-M365DSCTelemetryEvent -Data $data | ||
| #endregion | ||
|
|
||
| $nullResult = $PSBoundParameters | ||
| try | ||
| { | ||
| $instance = Get-MgBetaIdentityGovernanceLifecycleWorkflowSetting -ErrorAction SilentlyContinue | ||
| if ($null -eq $instance) | ||
| { | ||
| return $nullResult | ||
| } | ||
|
|
||
| $results = @{ | ||
| IsSingleInstance = 'Yes' | ||
| WorkflowScheduleIntervalInHours = $instance.WorkflowScheduleIntervalInHours | ||
| SenderDomain = $instance.EmailSettings.SenderDomain | ||
| UseCompanyBranding = $instance.EmailSettings.UseCompanyBranding | ||
| Credential = $Credential | ||
| ApplicationId = $ApplicationId | ||
| TenantId = $TenantId | ||
| CertificateThumbprint = $CertificateThumbprint | ||
| ManagedIdentity = $ManagedIdentity.IsPresent | ||
| AccessTokens = $AccessTokens | ||
| } | ||
| return [System.Collections.Hashtable] $results | ||
| } | ||
| catch | ||
| { | ||
| Write-Verbose -Message $_ | ||
| New-M365DSCLogEntry -Message 'Error retrieving data:' ` | ||
| -Exception $_ ` | ||
| -Source $($MyInvocation.MyCommand.Source) ` | ||
| -TenantId $TenantId ` | ||
| -Credential $Credential | ||
|
|
||
| return $nullResult | ||
| } | ||
| } | ||
|
|
||
| function Set-TargetResource | ||
| { | ||
| [CmdletBinding()] | ||
| param | ||
| ( | ||
| [Parameter(Mandatory = $true)] | ||
| [System.String] | ||
| $IsSingleInstance, | ||
|
|
||
| [Parameter()] | ||
| [System.UInt32] | ||
| $WorkflowScheduleIntervalInHours, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $SenderDomain, | ||
|
|
||
| [Parameter()] | ||
| [System.Boolean] | ||
| $UseCompanyBranding, | ||
|
|
||
| [Parameter()] | ||
| [ValidateSet('Present', 'Absent')] | ||
| [System.String] | ||
| $Ensure = 'Present', | ||
|
|
||
| [Parameter()] | ||
| [System.Management.Automation.PSCredential] | ||
| $Credential, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $ApplicationId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $TenantId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $CertificateThumbprint, | ||
|
|
||
| [Parameter()] | ||
| [Switch] | ||
| $ManagedIdentity, | ||
|
|
||
| [Parameter()] | ||
| [System.String[]] | ||
| $AccessTokens | ||
| ) | ||
|
|
||
| #Ensure the proper dependencies are installed in the current environment. | ||
| Confirm-M365DSCDependencies | ||
|
|
||
| #region Telemetry | ||
| $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
| $CommandName = $MyInvocation.MyCommand | ||
| $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
| -CommandName $CommandName ` | ||
| -Parameters $PSBoundParameters | ||
| Add-M365DSCTelemetryEvent -Data $data | ||
| #endregion | ||
|
|
||
| $updateSettings = @{ | ||
| WorkflowScheduleIntervalInHours = $WorkflowScheduleIntervalInHours | ||
| EmailSettings = @{ | ||
| SenderDomain = $SenderDomain | ||
| UseCompanyBranding = $UseCompanyBranding | ||
| } | ||
| } | ||
| Write-Verbose -Message "Updating the lifecycle workflow settings with payload: $payload" | ||
| Update-MgBetaIdentityGovernanceLifecycleWorkflowSetting @updateSettings | ||
| } | ||
|
|
||
| function Test-TargetResource | ||
| { | ||
| [CmdletBinding()] | ||
| [OutputType([System.Boolean])] | ||
| param | ||
| ( | ||
| [Parameter(Mandatory = $true)] | ||
| [System.String] | ||
| $IsSingleInstance, | ||
|
|
||
| [Parameter()] | ||
| [System.UInt32] | ||
| $WorkflowScheduleIntervalInHours, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $SenderDomain, | ||
|
|
||
| [Parameter()] | ||
| [System.Boolean] | ||
| $UseCompanyBranding, | ||
|
|
||
| [Parameter()] | ||
| [ValidateSet('Present', 'Absent')] | ||
| [System.String] | ||
| $Ensure = 'Present', | ||
|
|
||
| [Parameter()] | ||
| [System.Management.Automation.PSCredential] | ||
| $Credential, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $ApplicationId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $TenantId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $CertificateThumbprint, | ||
|
|
||
| [Parameter()] | ||
| [Switch] | ||
| $ManagedIdentity, | ||
|
|
||
| [Parameter()] | ||
| [System.String[]] | ||
| $AccessTokens | ||
| ) | ||
|
|
||
| #Ensure the proper dependencies are installed in the current environment. | ||
| Confirm-M365DSCDependencies | ||
|
|
||
| #region Telemetry | ||
| $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
| $CommandName = $MyInvocation.MyCommand | ||
| $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
| -CommandName $CommandName ` | ||
| -Parameters $PSBoundParameters | ||
| Add-M365DSCTelemetryEvent -Data $data | ||
| #endregion | ||
|
|
||
| $CurrentValues = Get-TargetResource @PSBoundParameters | ||
| $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() | ||
|
|
||
| Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" | ||
| Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" | ||
|
|
||
| $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` | ||
| -Source $($MyInvocation.MyCommand.Source) ` | ||
| -DesiredValues $PSBoundParameters ` | ||
| -ValuesToCheck $ValuesToCheck.Keys | ||
|
|
||
| Write-Verbose -Message "Test-TargetResource returned $testResult" | ||
|
|
||
| return $testResult | ||
| } | ||
|
|
||
| function Export-TargetResource | ||
| { | ||
| [CmdletBinding()] | ||
| [OutputType([System.String])] | ||
| param | ||
| ( | ||
| [Parameter()] | ||
| [System.Management.Automation.PSCredential] | ||
| $Credential, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $ApplicationId, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $TenantId, | ||
|
|
||
| [Parameter()] | ||
| [System.Management.Automation.PSCredential] | ||
| $ApplicationSecret, | ||
|
|
||
| [Parameter()] | ||
| [System.String] | ||
| $CertificateThumbprint, | ||
|
|
||
| [Parameter()] | ||
| [Switch] | ||
| $ManagedIdentity, | ||
|
|
||
| [Parameter()] | ||
| [System.String[]] | ||
| $AccessTokens | ||
| ) | ||
|
|
||
| $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` | ||
| -InboundParameters $PSBoundParameters | ||
|
|
||
| #Ensure the proper dependencies are installed in the current environment. | ||
| Confirm-M365DSCDependencies | ||
|
|
||
| #region Telemetry | ||
| $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') | ||
| $CommandName = $MyInvocation.MyCommand | ||
| $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` | ||
| -CommandName $CommandName ` | ||
| -Parameters $PSBoundParameters | ||
| Add-M365DSCTelemetryEvent -Data $data | ||
| #endregion | ||
|
|
||
| try | ||
| { | ||
| $Script:ExportMode = $true | ||
| [array] $Script:exportedInstances = Get-MgBetaIdentityGovernanceLifecycleWorkflowSetting -ErrorAction Stop | ||
|
|
||
| $i = 1 | ||
| $dscContent = '' | ||
| if ($Script:exportedInstances.Length -eq 0) | ||
| { | ||
| Write-Host $Global:M365DSCEmojiGreenCheckMark | ||
| } | ||
| else | ||
| { | ||
| Write-Host "`r`n" -NoNewline | ||
| } | ||
| foreach ($config in $Script:exportedInstances) | ||
| { | ||
| if ($null -ne $Global:M365DSCExportResourceInstancesCount) | ||
| { | ||
| $Global:M365DSCExportResourceInstancesCount++ | ||
| } | ||
|
|
||
| $displayedKey = $config.Id | ||
| Write-Host " |---[$i/$($Script:exportedInstances.Count)] $displayedKey" -NoNewline | ||
| $params = @{ | ||
| IsSingleInstance = 'Yes' | ||
| Credential = $Credential | ||
| ApplicationId = $ApplicationId | ||
| TenantId = $TenantId | ||
| CertificateThumbprint = $CertificateThumbprint | ||
| ManagedIdentity = $ManagedIdentity.IsPresent | ||
| AccessTokens = $AccessTokens | ||
| } | ||
|
|
||
| $Results = Get-TargetResource @Params | ||
| $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` | ||
| -Results $Results | ||
|
|
||
| $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` | ||
| -ConnectionMode $ConnectionMode ` | ||
| -ModulePath $PSScriptRoot ` | ||
| -Results $Results ` | ||
| -Credential $Credential | ||
| $dscContent += $currentDSCBlock | ||
| Save-M365DSCPartialExport -Content $currentDSCBlock ` | ||
| -FileName $Global:PartialExportFileName | ||
| $i++ | ||
| Write-Host $Global:M365DSCEmojiGreenCheckMark | ||
| } | ||
| return $dscContent | ||
| } | ||
| catch | ||
| { | ||
| Write-Host $Global:M365DSCEmojiRedX | ||
|
|
||
| New-M365DSCLogEntry -Message 'Error during Export:' ` | ||
| -Exception $_ ` | ||
| -Source $($MyInvocation.MyCommand.Source) ` | ||
| -TenantId $TenantId ` | ||
| -Credential $Credential | ||
|
|
||
| return '' | ||
| } | ||
| } | ||
|
|
||
| Export-ModuleMember -Function *-TargetResource |
15 changes: 15 additions & 0 deletions
15
...CResources/MSFT_AADLifecycleWorkflowSettings/MSFT_AADLifecycleWorkflowSettings.schema.mof
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| [ClassVersion("1.0.0.0"), FriendlyName("AADLifecycleWorkflowSettings")] | ||
| class MSFT_AADLifecycleWorkflowSettings : OMI_BaseResource | ||
| { | ||
| [Key, Description("Only valid value is 'Yes'."), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance; | ||
| [Write, Description("Specifies the domain that should be used when sending email notifications. This domain must be verified in order to be used. We recommend that you use a domain that has the appropriate DNS records to facilitate email validation, like SPF, DKIM, DMARC, and MX, because this then complies with the RFC compliance for sending and receiving email. For details, see Learn more about Exchange Online Email Routing.")] String SenderDomain; | ||
| [Write, Description("The interval in hours at which all workflows running in the tenant should be scheduled for execution. This interval has a minimum value of 1 and a maximum value of 24. The default value is 3 hours.")] UInt32 WorkflowScheduleIntervalInHours; | ||
| [Write, Description("Specifies if the organization's banner logo should be included in email notifications. The banner logo will replace the Microsoft logo at the top of the email notification. If true the banner logo will be taken from the tenant's branding settings. This value can only be set to true if the organizationalBranding bannerLogo property is set.")] Boolean UseCompanyBranding; | ||
|
|
||
| [Write, Description("Credentials of the workload's Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; | ||
| [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; | ||
| [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; | ||
| [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; | ||
| [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; | ||
| [Write, Description("Access token used for authentication.")] String AccessTokens[]; | ||
| }; |
Oops, something went wrong.