Skip to content

Commit

Permalink
Merge branch 'Dev' into fix3730
Browse files Browse the repository at this point in the history
  • Loading branch information
NikCharlebois authored Dec 19, 2023
2 parents a404233 + 51f548d commit 11bf517
Show file tree
Hide file tree
Showing 13 changed files with 39 additions and 36 deletions.
1 change: 1 addition & 0 deletions .github/workflows/CodeCoverage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ jobs:
shell: pwsh
run: |
Install-Module ReverseDSC -Force -Scope AllUsers
Install-Module DSCParser -Force -Scope AllUsers
Install-Module PSDesiredStateConfiguration -Force -Scope AllUsers
Install-Module Pester -Force -SkipPublisherCheck -Scope AllUsers
[System.Environment]::SetEnvironmentVariable('M365DSCTelemetryEnabled', $false, [System.EnvironmentVariableTarget]::Machine);
Expand Down
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
* IntuneDeviceEnrollmentPlatformRestriction
* Fix Set-TargetResource due to an issue were the bodyparameter not cast correctly
FIXES [#3730](https://github.com/microsoft/Microsoft365DSC/issues/3730)
* IntuneEndpointDetectionAndResponsePolicyWindows10
* Fix issue when trying to remove policy and Identity is set to a random GUID
or from another tenant
FIXES [#4041](https://github.com/microsoft/Microsoft365DSC/issues/4041)

# 1.23.1213.1

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ function Test-TargetResource
Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"

if ($null -ne $CurrentValues.CustomSettings -and $null -ne $CustomSettings)
if ($null -ne $CurrentValues.CustomSettings -and $CurrentValues.CustomSettings.Length -gt 0 -and $null -ne $CustomSettings)
{
$value = Test-M365DSCAppConfigurationPolicyCustomSetting -Current $CurrentValues.CustomSettings -Desired $CustomSettings
if ($value -eq $false)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,9 @@ function Get-TargetResource
if ($null -eq $policyInfo)
{
Write-Verbose -Message "Searching for Policy using DisplayName {$DisplayName}"
$policyInfo = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -Filter "displayName eq '$DisplayName'" -ExpandProperty Apps, assignments `
-ErrorAction Stop
$policyInfoArray = Get-MgBetaDeviceAppManagementAndroidManagedAppProtection -ExpandProperty Apps, assignments `
-ErrorAction Stop -All:$true
$policyInfo = $policyInfoArray | Where-Object -FilterScript {$_.displayName -eq $DisplayName}
}
if ($null -eq $policyInfo)
{
Expand Down Expand Up @@ -628,10 +629,6 @@ function Set-TargetResource
}
}
}
else
{
#write-host 'value' $param 'not specified'
}
}

# handle complex parameters - manually for now
Expand Down Expand Up @@ -992,29 +989,22 @@ function Test-TargetResource
Write-Verbose -Message ('Unspecified Parameter in Config: ' + $param + ' Current Value Will be retained: ' + $CurrentValues.$param)
}
}

Write-Verbose -Message "Starting Assignments Check"
# handle complex parameters - manually for now
if ($PSBoundParameters.keys -contains 'Assignments' )
{
$targetvalues.add('Assignments', $psboundparameters.Assignments)
}
else
{
Write-Verbose -Message 'Unspecified Parameter in Config: Assignments - Current Value is:' $CurrentValues.Assignments `
"`r`nNOTE: Assignments interacts with other values - not specifying may lead to unexpected output"
}

Write-Verbose -Message "Starting Exluded Groups Check"
if ($PSBoundParameters.keys -contains 'ExcludedGroups' )
{
$targetvalues.add('ExcludedGroups', $psboundparameters.ExcludedGroups)
}
else
{
Write-Verbose -Message 'Unspecified Parameter in Config: ExcludedGroups - Current Value is:' $CurrentValues.ExcludedGroups `
"`r`nNOTE: ExcludedGroups interacts with other values - not specifying may lead to unexpected output"
}

# set the apps values
Write-Verbose -Message "AppGroupType: $AppGroupType"
Write-Verbose -Message "apps: $apps"
$AppsHash = set-AppsHash -AppGroupType $AppGroupType -apps $apps
$targetvalues.add('Apps', $AppsHash.Apps)
$targetvalues.add('AppGroupType', $AppsHash.AppGroupType)
Expand Down Expand Up @@ -1285,12 +1275,8 @@ function Set-ManagedBrowserValues
# edge - edge, true, empty id strings
# any app - not configured, false, empty strings
# unmanaged browser not configured, true, strings must not be empty

Write-Host 'Setting Managed Browser Properties'

if (!$ManagedBrowserToOpenLinksRequired)
{
Write-Host 'Setting Managed Browser to Any App'
$ManagedBrowser = 'notConfigured'
$ManagedBrowserToOpenLinksRequired = $false
$CustomBrowserDisplayName = ''
Expand All @@ -1301,15 +1287,13 @@ function Set-ManagedBrowserValues
{
if (($CustomBrowserDisplayName -ne '') -and ($CustomBrowserPackageId -ne ''))
{
Write-Host 'Setting Managed Browser to Custom Browser'
$ManagedBrowser = 'notConfigured'
$ManagedBrowserToOpenLinksRequired = $true
$CustomBrowserDisplayName = $CustomBrowserDisplayName
$CustomBrowserPackageId = $CustomBrowserPackageId
}
else
{
Write-Host 'Setting Managed Browser to Microsoft Edge'
$ManagedBrowser = 'microsoftEdge'
$ManagedBrowserToOpenLinksRequired = $true
$CustomBrowserDisplayName = ''
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -725,7 +725,16 @@ function Set-TargetResource
{
if (-not [String]::IsNullOrEmpty($createParameters.$duration))
{
$createParameters.$duration = [TimeSpan]::parse($createParameters.$duration)
Write-Verbose -Message "Parsing {$($createParameters.$duration)} into TimeSpan"
if ($createParameters.$duration.startswith('P'))
{
$timespan = [System.Xml.XmlConvert]::ToTimeSpan($createParameters.$duration)
}
else
{
$timespan = [TimeSpan]$createParameters.$duration
}
$createParameters.$duration = $timespan
}
}
$myExemptedAppProtocols = @()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,10 @@ function Get-TargetResource
try
{
#Retrieve policy general settings
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop

if (-not [System.String]::IsNullOrEmpty($Identity))
{
$policy = Get-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop
}
if ($null -eq $policy)
{
Write-Verbose -Message "No Endpoint Protection Policy {id: '$Identity'} was found"
Expand Down Expand Up @@ -957,7 +959,10 @@ function Get-IntuneSettingCatalogPolicySetting
-SettingValueName $settingValueName `
-SettingValueType $settingValueType `
-SettingValueTemplateId $settingValueTemplateId
$settingInstance += ($settingValue)
if ($null -ne $settingValue)
{
$settingInstance += [Hashtable]$settingValue
}

$settingInstances += @{
'@odata.type' = '#microsoft.graph.deviceManagementConfigurationSetting'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,7 @@ function Set-TargetResource
elseif ($Ensure -eq 'Absent' -and $currentPolicy.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing Endpoint Protection Policy {$($currentPolicy.DisplayName)}"
Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity
Remove-MgBetaDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $currentPolicy.Identity
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -363,7 +363,7 @@ function Set-TargetResource

if ($policy.id)
{
Update-MgDeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
Update-MgBetaDeviceManagementConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id `
-Targets $assignmentsHash `
-Repository 'deviceManagement/deviceConfigurations'
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ function Test-TargetResource
Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule."
}

$result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0
$result = ($instances.Length - $DSCConvertedInstances.Length) -eq 0

if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Configuration Example
{
DisplayName = 'test'
deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
WindowsHelloForBusinessBlocked = $true
WindowsHelloForBusinessBlocked = $false
PinMinimumLength = 5
PinSpecialCharactersUsage = 'required'
Ensure = 'Present'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ Configuration Example
{
DisplayName = 'test'
deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
WindowsHelloForBusinessBlocked = $true
WindowsHelloForBusinessBlocked = $false
PinMinimumLength = 10 # Updated Property
PinSpecialCharactersUsage = 'required'
Ensure = 'Present'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
{
DisplayName = 'test'
deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
WindowsHelloForBusinessBlocked = $true
WindowsHelloForBusinessBlocked = $false
PinMinimumLength = 5
PinSpecialCharactersUsage = 'required'
Ensure = 'Present'
Expand Down
4 changes: 2 additions & 2 deletions docs/docs/resources/intune/IntuneAccountProtectionPolicy.md
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ Configuration Example
{
DisplayName = 'test'
deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
WindowsHelloForBusinessBlocked = $true
WindowsHelloForBusinessBlocked = $false
PinMinimumLength = 5
PinSpecialCharactersUsage = 'required'
Ensure = 'Present'
Expand Down Expand Up @@ -130,7 +130,7 @@ Configuration Example
{
DisplayName = 'test'
deviceGuardLocalSystemAuthorityCredentialGuardSettings = "notConfigured"
WindowsHelloForBusinessBlocked = $true
WindowsHelloForBusinessBlocked = $false
PinMinimumLength = 10 # Updated Property
PinSpecialCharactersUsage = 'required'
Ensure = 'Present'
Expand Down

0 comments on commit 11bf517

Please sign in to comment.