From a18f29d1173e83102e5a2c7111d3fad23ee637c9 Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Sat, 30 Dec 2023 22:31:19 +0100 Subject: [PATCH 01/69] Added resource 'EXORecipientPermission' --- .../MSFT_EXORecipientPermission.psm1 | 473 ++++++++++++++++++ .../MSFT_EXORecipientPermission.schema.mof | 16 + .../MSFT_EXORecipientPermission/readme.md | 5 + .../MSFT_EXORecipientPermission/settings.json | 53 ++ .../1-EXORecipientPermission.ps1 | 30 ++ 5 files changed, 577 insertions(+) create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md create mode 100644 Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/settings.json create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 new file mode 100644 index 0000000000..399d1f64ac --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 @@ -0,0 +1,473 @@ +function Get-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = $true)] + [System.String] + $Identity, + + [Parameter(Mandatory = $true)] + [System.String] + $Trustee, + + [Parameter(Mandatory = $true)] + [ValidateSet('SendAs')] + [System.String[]] + $AccessRights, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Getting configuration of Office 365 Recipient permission $Identity" + if ($Script:ExportMode) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $nullReturn = $PSBoundParameters + $nullReturn.Ensure = 'Absent' + + try + { + + if ($null -ne $Script:recipientPermissions -and $Script:ExportMode) + { + $recipientPermission = $Script:recipientPermissions | Where-Object -FilterScript { + $_.Identity -eq $Identity -and $_.Trustee -eq $Trustee -and $_.AccessRights -eq $AccessRights + } + } + else + { + #Could include a switch for the different propertySets to retrieve https://learn.microsoft.com/en-us/powershell/exchange/cmdlet-property-sets?view=exchange-ps#get-exomailbox-property-sets + #Could include a switch for the different recipientTypeDetails to retrieve + $recipientPermission = Get-EXORecipientPermission -Identity $Identity -Trustee $Trustee -AccessRights $AccessRights -ErrorAction Stop + } + + if ($null -eq $recipientPermission) + { + Write-Verbose -Message "The specified Recipient Permission doesn't already exist." + return $nullReturn + } + + #endregion + + $result = @{ + Identity = $Identity + Trustee = $recipientPermission.Trustee + AccessRights = $recipientPermission.AccessRights + + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + TenantId = $TenantId + } + + Write-Verbose -Message "Found an existing instance of Recipient permissions '$($DisplayName)'" + return $result + } + catch + { + New-M365DSCLogEntry -Message 'Error retrieving data:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return $nullReturn + } +} + +function Set-TargetResource +{ + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Trustee, + + [Parameter()] + [ValidateSet('SendAs')] + [System.String] + $AccessRights, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + Write-Verbose -Message "Setting Mail Contact configuration for $Name" + + $currentState = Get-TargetResource @PSBoundParameters + + if ($Global:CurrentModeIsExport) + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + } + else + { + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters + } + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + $parameters = $PSBoundParameters + $parameters.Remove('Credential') | Out-Null + $parameters.Remove('ApplicationId') | Out-Null + $parameters.Remove('TenantId') | Out-Null + $parameters.Remove('CertificateThumbprint') | Out-Null + $parameters.Remove('CertificatePath') | Out-Null + $parameters.Remove('CertificatePassword') | Out-Null + $parameters.Remove('ManagedIdentity') | Out-Null + $parameters.Remove('Ensure') | Out-Null + + # Receipient Permission doesn't exist but it should + if ($Ensure -eq 'Present' -and $currentState.Ensure -eq 'Absent') + { + Write-Verbose -Message "The Receipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' does not exist but it should. Adding it." + Add-RecipientPermission @parameters -Confirm:$false + } + # Receipient Permission exists but shouldn't + elseif ($Ensure -eq 'Absent' -and $currentState.Ensure -eq 'Present') + { + Write-Verbose -Message "Receipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' exists but shouldn't. Removing it." + Remove-RecipientPermission @parameters -Confirm:$false + } + elseif ($Ensure -eq 'Present' -and $currentState.Ensure -eq 'Present') + { + Write-Verbose -Message "Receipient Permission for '$Trustee' with Access Rights '$($AccessRights -join ', ')' on mailbox '$Identity' exists." + } +} + +function Test-TargetResource +{ + [CmdletBinding()] + [OutputType([System.Boolean])] + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Trustee, + + [Parameter()] + [ValidateSet('SendAs')] + [System.String] + $AccessRights, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + Write-Verbose -Message "Testing configuration of Office 365 Recipient permissions $DisplayName" + + $currentValues = Get-TargetResource @PSBoundParameters + + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $currentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + + $testResult = Test-M365DSCParameterState -CurrentValues $currentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck @('Ensure', 'Identity') + + Write-Verbose -Message "Test-TargetResource returned $testResult" + + return $testResult +} + +function Export-TargetResource +{ + [CmdletBinding()] + [OutputType([System.String])] + [CmdletBinding()] + param + ( + [Parameter()] + [System.String] + $Identity, + + [Parameter()] + [System.String] + $Trustee, + + [Parameter()] + [ValidateSet('SendAs')] + [System.String] + $AccessRights, + + [Parameter()] + [ValidateSet('Present', 'Absent')] + [System.String] + $Ensure = 'Present', + + [Parameter()] + [System.Management.Automation.PSCredential] + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [System.String] + $CertificatePath, + + [Parameter()] + [System.Management.Automation.PSCredential] + $CertificatePassword, + + [Parameter()] + [Switch] + $ManagedIdentity + ) + + $ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' ` + -InboundParameters $PSBoundParameters ` + -SkipModuleReload $true + + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies + + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + + try + { + $Script:ExportMode = $true + + [array]$Script:recipientPermissions = Get-EXORecipientPermission -ResultSize Unlimited + + $dscContent = '' + $i = 1 + if ($recipientPermissions.Length -eq 0) + { + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host "`r`n" -NoNewline + } + foreach ($recipientPermission in $recipientPermissions) + { + Write-Host " |---[$i/$($recipientPermissions.Length)] $($recipientPermission.Identity)" -NoNewline + + $params = @{ + Identity = $recipientPermission.Identity + Trustee = $recipientPermission.Trustee + AccessRights = $recipientPermission.AccessRights + + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePassword = $CertificatePassword + Managedidentity = $ManagedIdentity.IsPresent + CertificatePath = $CertificatePath + } + + $Results = Get-TargetResource @Params + + if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) + { + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + $dscContent += $currentDSCBlock + + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName + + Write-Host $Global:M365DSCEmojiGreenCheckMark + } + else + { + Write-Host $Global:M365DSCEmojiRedX + } + + $i++ + + } + return $dscContent + } + catch + { + Write-Host $Global:M365DSCEmojiRedX + + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + + return '' + } +} + +Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof new file mode 100644 index 0000000000..40d874461b --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof @@ -0,0 +1,16 @@ +[ClassVersion("1.0.0.0"), FriendlyName("EXORecipientPermission")] +class MSFT_EXORecipientPermission : OMI_BaseResource +{ + [Write, Description("The mailbox the permission should be given on.")] String Identity; + [Write, Description("The account to give the permission to.")] String Trustee; + [Write, Description("The access rights granted to the account. Only 'SendAs' is supported.")] String AccessRights; + + [Write, Description("Present ensures the group exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; + [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; + [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; +}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md new file mode 100644 index 0000000000..054863a71a --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md @@ -0,0 +1,5 @@ +# EXORecipientPermission + +## Description + +This resource allows users to retrieve Office 365 Recipient Permission. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/settings.json new file mode 100644 index 0000000000..4506c76525 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/settings.json @@ -0,0 +1,53 @@ +{ + "resourceName": "EXORecipientPermission", + "description": "", + "roles": { + "read": [ + "Global Reader" + ], + "update": [ + "Exchange Administrator" + ] + }, + "permissions": { + "graph": { + "delegated": { + "read": [], + "update": [] + }, + "application": { + "read": [], + "update": [] + } + }, + "exchange": { + "requiredroles": [ + "Mail Enabled Public Folders", + "MyName", + "Public Folders", + "Compliance Admin", + "User Options", + "Message Tracking", + "View-Only Recipients", + "Role Management", + "Legal Hold", + "Audit Logs", + "Retention Management", + "Distribution Groups", + "Move Mailboxes", + "Information Rights Management", + "Mail Recipient Creation", + "Reset Password", + "View-Only Audit Logs", + "Mail Recipients", + "Mailbox Search", + "UM Mailboxes", + "Security Group Creation and Membership", + "Mailbox Import Export", + "MyMailboxDelegation", + "MyDisplayName" + ], + "requiredrolegroups": "Organization Management" + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 new file mode 100644 index 0000000000..c6d219bc54 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 @@ -0,0 +1,30 @@ + +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + node localhost + { + EXORecipientPermission 'AddSendAs' + { + + Identity = 'John' + Trustee = "admin@$OrganizationName" + AccessRights = 'SendAs' + Ensure = 'Present' + Credential = $Credscredential + } + } +} From 6012798fc1db8eb963681be16bb16216571880e3 Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Thu, 4 Jan 2024 18:00:07 +0100 Subject: [PATCH 02/69] Added missing key properties --- .../MSFT_EXORecipientPermission.schema.mof | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof index 40d874461b..4a12e9bdce 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof @@ -1,8 +1,8 @@ [ClassVersion("1.0.0.0"), FriendlyName("EXORecipientPermission")] class MSFT_EXORecipientPermission : OMI_BaseResource { - [Write, Description("The mailbox the permission should be given on.")] String Identity; - [Write, Description("The account to give the permission to.")] String Trustee; + [Key, Description("The mailbox the permission should be given on.")] String Identity; + [Key, Description("The account to give the permission to.")] String Trustee; [Write, Description("The access rights granted to the account. Only 'SendAs' is supported.")] String AccessRights; [Write, Description("Present ensures the group exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; From d8e620ab8df155e606817aea48624fa5d2f4a9ef Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Fri, 5 Jan 2024 16:46:59 +0100 Subject: [PATCH 03/69] Fix nested change detection in CIMInstance --- .../Modules/M365DSCReport.psm1 | 260 +++++++++--------- 1 file changed, 132 insertions(+), 128 deletions(-) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 7330466d83..97a8412f20 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -722,83 +722,85 @@ function Compare-M365DSCConfigurations { [string]$key = Get-M365DSCCimInstanceKey -CIMInstance $instance - if ($null -ne $key) - { - $destinationResourceInstances = $destinationResource.$destinationPropertyName | Where-Object -FilterScript {$_."$key" -eq $instance."$key"} + $destinationResourceInstances = $destinationResource.$destinationPropertyName | Where-Object -FilterScript {$_."$key" -eq $instance."$key"} - if ($null -ne $destinationResourceInstances) + if ($null -ne $destinationResourceInstances) + { + # There is a chance we found 2 instances of a CIMInstance based on its key property. + # If that's the case, loop through each instance found and if at least one of them is + # a perfect match, then don't consider this a drift. + $foundOneMatch = $false + $drift = $null + foreach ($destinationResourceInstance in $destinationResourceInstances) { - # There is a chance we found 2 instances of a CIMInstance based on its key property. - # If that's the case, loop through each instance found and if at least of of them is - # a perfect match, then don't consider this a drift. - $foundOneMatch = $false - $drift = $null - foreach ($destinationResourceInstance in $destinationResourceInstances) + $foundResourceMatch = $true + [array]$driftProperties = @() + foreach ($property in $instance.Keys) { - $foundResourceMatch = $true - foreach ($property in $instance.Keys) + if ($null -eq $destinationResourceInstance."$property" -or $null -ne (Compare-Object -ReferenceObject ($instance."$property")` + -DifferenceObject ($destinationResourceInstance."$property"))) { - if ($null -eq $destinationResourceInstance."$property" -or $null -ne (Compare-Object -ReferenceObject ($instance."$property")` - -DifferenceObject ($destinationResourceInstance."$property"))) - { - $drift = @{ - ResourceName = $sourceResource.ResourceName - ResourceInstanceName = $destinationResource.ResourceInstanceName - Key = $propertyName - KeyValue = $instance."$key" - Properties = @(@{ - ParameterName = $property - CIMInstanceKey = $key - CIMInstanceValue = $instance."$Key" - ValueInSource = $instance."$property" - ValueInDestination = $destinationResourceInstance."$property" - }) - } - $foundResourceMatch = $false + $driftProperties += @{ + ParameterName = $property + CIMInstanceKey = $key + CIMInstanceValue = $instance."$Key" + ValueInSource = $instance."$property" + ValueInDestination = $destinationResourceInstance."$property" } - } - if ($foundResourceMatch) - { - $foundOneMatch = $true + $foundResourceMatch = $false } } - if ($foundOneMatch) + if ($foundResourceMatch) { - # If a match was found, clear the drift. - $drift = $null + $foundOneMatch = $true } else { - $Delta += , $drift - $drift = $null + $drift = @{ + ResourceName = $sourceResource.ResourceName + ResourceInstanceName = $destinationResource.ResourceInstanceName + Key = $propertyName + KeyValue = $instance."$key" + Properties = $driftProperties + } } } + if ($foundOneMatch) + { + # If a match was found, clear the drift. + $drift = $null + } else { - # We have detected a drift where the CIM Instance exists in the Source but NOT in the Destination - $drift = @{ - ResourceName = $sourceResource.ResourceName - ResourceInstanceName = $destinationResource.ResourceInstanceName - Key = $propertyName - KeyValue = $instance."$key" - Properties = @(@{ - ParameterName = $propertyName - CIMInstanceKey = $key - CIMInstanceValue = $instance."$Key" - ValueInSource = $instance - ValueInDestination = $null - }) - } - if ($null -ne $drift) - { - $Delta += , $drift - $drift = $null - } + $Delta += , $drift + $drift = $null + } + } + else + { + # We have detected a drift where the CIM Instance exists in the Source but NOT in the Destination + $drift = @{ + ResourceName = $sourceResource.ResourceName + ResourceInstanceName = $destinationResource.ResourceInstanceName + Key = $propertyName + KeyValue = $instance."$key" + Properties = @(@{ + ParameterName = $propertyName + CIMInstanceKey = $key + CIMInstanceValue = $instance."$Key" + ValueInSource = $instance + ValueInDestination = $null + }) + } + if ($null -ne $drift) + { + $Delta += , $drift + $drift = $null } } } } - # Needs to be a separate nested if statement otherwise the ReferenceObject an be null and it will error out; + # Needs to be a separate nested if statement otherwise the ReferenceObject can be null and it will error out; elseif ($destinationResource.ContainsKey($destinationPropertyName) -eq $false -or (-not [System.String]::IsNullOrEmpty($propertyName) -and $null -ne (Compare-Object -ReferenceObject ($sourceResource.$propertyName)` -DifferenceObject ($destinationResource.$destinationPropertyName))) -and @@ -853,8 +855,8 @@ function Compare-M365DSCConfigurations } } - # Do the scan the other way around because there's a chance that the property, if null, wasn't part of the source - # object. By scanning against the destination we will catch properties that are not null on the source but not null in destination; + # Do the scan the other way around because there's a chance that the property, if null, wasn't part of the source object. + # By scanning against the destination we will catch properties that are not null on the source but not null in destination; foreach ($propertyName in $destinationResource.Keys) { if ($propertyName -notin $filteredProperties) @@ -871,89 +873,91 @@ function Compare-M365DSCConfigurations { [string]$key = Get-M365DSCCimInstanceKey -CIMInstance $instance - if ($null -ne $key) - { - $sourceResourceInstances = $sourceResource.$sourcePropertyName | Where-Object -FilterScript {$_."$key" -eq $instance."$key"} + $sourceResourceInstances = $sourceResource.$sourcePropertyName | Where-Object -FilterScript {$_."$key" -eq $instance."$key"} - if ($null -ne $sourceResourceInstances) + if ($null -ne $sourceResourceInstances) + { + # There is a chance we found 2 instances of a CIMInstance based on its key property. + # If that's the case, loop through each instance found and if at least one of them is + # a perfect match, then don't consider this a drift. + $foundOneMatch = $false + $drift = $null + foreach ($sourceResourceInstance in $sourceResourceInstances) { - # There is a chance we found 2 instances of a CIMInstance based on its key property. - # If that's the case, loop through each instance found and if at least of of them is - # a perfect match, then don't consider this a drift. - $foundOneMatch = $false - $drift = $null - foreach ($sourceResourceInstance in $sourceResourceInstances) + $innerDrift = $null + foreach ($property in $instance.Keys) { - foreach ($property in $instance.Keys) + if ($null -eq $sourceResourceInstance."$property" -or $null -ne (Compare-Object -ReferenceObject ($instance."$property")` + -DifferenceObject ($sourceResourceInstance."$property"))) { - if ($null -eq $sourceResourceInstance."$property" -or $null -ne (Compare-Object -ReferenceObject ($instance."$property")` - -DifferenceObject ($sourceResourceInstance."$property"))) + # Make sure we haven't already added this drift in the delta return object to prevent duplicates. + $existing = $delta | Where-Object -FilterScript {$_.ResourceName -eq $destinationResource.ResourceName -and ` + $_.ResourceInstanceName -eq $destinationResource.ResourceInstanceName} + + $sameEntry = $null + if ($null -ne $existing) { - # Make sure we haven't already added this drift in the delta return object to prevent duplicates. - $existing = $delta | Where-Object -FilterScript {$_.ResourceName -eq $destinationResource.ResourceName -and ` - $_.ResourceInstanceName -eq $destinationResource.ResourceInstanceName} - - $sameEntry = $null - if ($null -ne $existing) - { - $sameEntry = $existing.Properties | Where-Object -FilterScript {$_.ParameterName -eq $property -and ` - $_.CIMInstanceKey -eq $key -and ` - $_.CIMInstanceValue -eq ($instance."$key") -and ` - $_.ValueInSource -eq $sourceResourceInstance."$property" -and ` - $_.ValueInDestination -eq $instance."$property"} - } + $sameEntry = $existing.Properties | Where-Object -FilterScript {$_.ParameterName -eq $property -and ` + $_.CIMInstanceKey -eq $key -and ` + $_.CIMInstanceValue -eq ($instance."$key") -and ` + $_.ValueInSource -eq $sourceResourceInstance."$property" -and ` + $_.ValueInDestination -eq $instance."$property"} + } - if ($null -eq $sameEntry) - { - $drift = @{ - ResourceName = $destinationResource.ResourceName - ResourceInstanceName = $destinationResource.ResourceInstanceName - Key = $propertyName - KeyValue = $instance."$key" - Properties = @(@{ - ParameterName = $property - CIMInstanceKey = $key - CIMInstanceValue = $instance."$Key" - ValueInSource = $sourceResourceInstance."$property" - ValueInDestination = $instance."$property" - }) - } + if ($null -eq $sameEntry) + { + $innerDrift = @{ + ResourceName = $destinationResource.ResourceName + ResourceInstanceName = $destinationResource.ResourceInstanceName + Key = $propertyName + KeyValue = $instance."$key" + Properties = @(@{ + ParameterName = $property + CIMInstanceKey = $key + CIMInstanceValue = $instance."$Key" + ValueInSource = $sourceResourceInstance."$property" + ValueInDestination = $instance."$property" + }) } } } - if ($null -eq $drift) - { - $foundOneMatch = $true - } } - if ($foundOneMatch) + if ($null -eq $innerDrift) { - # If a match was found, clear the drift. - $drift = $null + $foundOneMatch = $true } - } - else - { - # We have detected a drift where the CIM Instance exists in the Destination but NOT in the Source - $drift = @{ - ResourceName = $destinationResource.ResourceName - ResourceInstanceName = $destinationResource.ResourceInstanceName - Key = $propertyName - KeyValue = $instance."$key" - Properties = @(@{ - ParameterName = $propertyName - CIMInstanceKey = $key - CIMInstanceValue = $instance."$Key" - ValueInSource = $null - ValueInDestination = $instance - }) - } - if ($null -ne $drift) + else { - $Delta += , $drift - $drift = $null + $drift = $innerDrift } } + if ($foundOneMatch) + { + # If a match was found, clear the drift. + $drift = $null + } + } + else + { + # We have detected a drift where the CIM Instance exists in the Destination but NOT in the Source + $drift = @{ + ResourceName = $destinationResource.ResourceName + ResourceInstanceName = $destinationResource.ResourceInstanceName + Key = $propertyName + KeyValue = $instance."$key" + Properties = @(@{ + ParameterName = $propertyName + CIMInstanceKey = $key + CIMInstanceValue = $instance."$Key" + ValueInSource = $null + ValueInDestination = $instance + }) + } + if ($null -ne $drift) + { + $Delta += , $drift + $drift = $null + } } } } From 71295a4c6993e21d060d2ab105920fc77b73a816 Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Fri, 5 Jan 2024 16:47:54 +0100 Subject: [PATCH 04/69] Fix enrollment platform restriction comparison during report creation --- CHANGELOG.md | 6 ++++++ Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80c14b376f..e461866fec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* M365DSCReport + * Fix nested change detection for CIMInstances + * Fix IntuneDeviceEnrolllmentPlatformRestriction comparison in report + # 1.24.110.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 97a8412f20..3fabb2eff1 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -1155,6 +1155,10 @@ function Get-M365DSCResourceKey { return @('Id') } + if ($Resource.ResourceName -eq 'IntuneDeviceEnrollmentPlatformRestriction' -and $Resource.Keys.Where({ $_ -like "*Restriction"})) + { + return @('ResourceInstanceName') + } if ($Resource.ResourceName -eq 'TeamsChannel' -and -not [System.String]::IsNullOrEmpty($Resource.TeamName)) { # Teams Channel displaynames are not tenant-unique (e.g. "General" is almost in every team), but should be unique per team From 64ba4e76086676ed20d03910207e8998913011a9 Mon Sep 17 00:00:00 2001 From: Vasily Date: Mon, 15 Jan 2024 17:52:08 +0100 Subject: [PATCH 05/69] Update MSFT_AADGroup.psm1 line 1050 changed from if ($Filter -like "*endsWith*") to if ($Filter -like "*endsWith*" -or $Filter -like "*onPremisesSyncEnabled eq null*" -or $Filter -like "*onPremisesSyncEnabled ne true*") it resolves the issue in #3935 --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index 293ac6fd29..b29de29524 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1047,7 +1047,7 @@ function Export-TargetResource All = [switch]$true ErrorAction = 'Stop' } - if ($Filter -like "*endsWith*") { + if ($Filter -like "*endsWith*" -or $Filter -like "*onPremisesSyncEnabled eq null*" -or $Filter -like "*onPremisesSyncEnabled ne true*") { $ExportParameters.Add('CountVariable', 'count') $ExportParameters.Add('ConsistencyLevel', 'eventual') } From 41b2de219af8a769014c9096f8e08d3983fe21a3 Mon Sep 17 00:00:00 2001 From: Vasily Date: Tue, 16 Jan 2024 11:50:16 +0100 Subject: [PATCH 06/69] Update MSFT_AADGroup.psm1 line 1050 changed from if ($Filter -like "endsWith") to if ($Filter -like "endsWith" -or $Filter -like "onPremisesSyncEnabled eq null") removing "onPremisesSyncEnabled ne true" per https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http#group-properties This Pull Request (PR) fixes the following issues it resolves the issue in #3935 --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index b29de29524..a38c38f8f2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1047,7 +1047,7 @@ function Export-TargetResource All = [switch]$true ErrorAction = 'Stop' } - if ($Filter -like "*endsWith*" -or $Filter -like "*onPremisesSyncEnabled eq null*" -or $Filter -like "*onPremisesSyncEnabled ne true*") { + if ($Filter -like "*endsWith*" -or $Filter -like "*onPremisesSyncEnabled eq null*") { $ExportParameters.Add('CountVariable', 'count') $ExportParameters.Add('ConsistencyLevel', 'eventual') } From d1232d9de6a4d780d4bb9564e9c1e6d09e3e9a07 Mon Sep 17 00:00:00 2001 From: Vasily Date: Tue, 16 Jan 2024 14:58:14 +0100 Subject: [PATCH 07/69] Update MSFT_AADGroup.psm1 added the block to check allowed advanced Group properties from the table https://learn.microsoft.com/en-us/graph/aad-advanced-queries?tabs=http#group-properties that support eq null. --- .../MSFT_AADGroup/MSFT_AADGroup.psm1 | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index a38c38f8f2..f9d6d4232c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1047,10 +1047,36 @@ function Export-TargetResource All = [switch]$true ErrorAction = 'Stop' } - if ($Filter -like "*endsWith*" -or $Filter -like "*onPremisesSyncEnabled eq null*") { + + # Define the list of attributes + $attributesToCheck = @( + "description", + "displayName", + "hasMembersWithLicenseErrors", + "mail", + "mailNickname", + "onPremisesSecurityIdentifier", + "onPremisesSyncEnabled", + "preferredLanguage" + ) + + # Initialize a flag to indicate whether any attribute matches the condition + $matchConditionFound = $false + + # Check each attribute in the list + foreach ($attribute in $attributesToCheck) { + if ($Filter -like "*$attribute eq null*") { + $matchConditionFound = $true + break + } + } + + # If any attribute matches, add parameters to $ExportParameters + if ($matchConditionFound) { $ExportParameters.Add('CountVariable', 'count') $ExportParameters.Add('ConsistencyLevel', 'eventual') } + [array] $Script:exportedGroups = Get-MgGroup @ExportParameters $Script:exportedGroups = $Script:exportedGroups | Where-Object -FilterScript { -not ($_.MailEnabled -and ($null -eq $_.GroupTypes -or $_.GroupTypes.Length -eq 0)) -and ` From ab9714b7d887e17ed7d1db8e19b927e3fe97378e Mon Sep 17 00:00:00 2001 From: Vasily Date: Tue, 16 Jan 2024 15:07:04 +0100 Subject: [PATCH 08/69] Update MSFT_AADGroup.psm1 added "endWIth" into condition to switch to advanced query if ($matchConditionFound -or $Filter -like "*endsWith*")) { --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index f9d6d4232c..1e9eacab06 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1072,7 +1072,7 @@ function Export-TargetResource } # If any attribute matches, add parameters to $ExportParameters - if ($matchConditionFound) { + if ($matchConditionFound -or $Filter -like "*endsWith*")) { $ExportParameters.Add('CountVariable', 'count') $ExportParameters.Add('ConsistencyLevel', 'eventual') } From 74d0367c656f96fcaacf090846ba9cb80c528a8b Mon Sep 17 00:00:00 2001 From: Philippe Kernevez Date: Fri, 19 Jan 2024 12:15:31 +0100 Subject: [PATCH 09/69] Move limit from 100 to 1000 with a log message if max is reach --- CHANGELOG.md | 3 +++ .../MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78bafaa588..530326f417 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,9 @@ * Removed the ability to specify a value of Absent for the Ensure property. * AADCrossTenantAccessPolicyCOnfigurationDefault * Removed the ability to specify a value of Absent for the Ensure property. +* TeamsCallQueue + * Optimize performances by doing 1 request instead of n+1 + FIXES [[#4192](https://github.com/microsoft/Microsoft365DSC/issues/4192)] # 1.24.117.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 index 6c3f10b87a..f9b4b9d430 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallQueue/MSFT_TeamsCallQueue.psm1 @@ -892,7 +892,12 @@ function Export-TargetResource { $i = 1 $Script:ExportMode = $true - [array] $Script:exportedInstances = Get-CsCallQueue -ErrorAction Stop + $Script:MaxSize = 1000 + [array] $Script:exportedInstances = Get-CsCallQueue -ErrorAction Stop -First $Script:MaxSize + if ($Script:exportedInstances.Count -eq $Script:MaxSize){ + Write-Verbose -Message "WARNING: CsCallQueue isn't exporting all of them, you reach the max size." + } + $dscContent = [System.Text.StringBuilder]::New() Write-Host "`r`n" -NoNewline foreach ($instance in $exportedInstances) From aa69bc488a3f83469a312aeddb53fc41bd02c582 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Fri, 26 Jan 2024 01:47:08 +0000 Subject: [PATCH 10/69] Fix condition when resource is absent --- CHANGELOG.md | 20 +++++++++++++++++-- ...urationPolicyAndroidOpenSourceProject.psm1 | 2 +- ...otectionPolicyWindows10SettingCatalog.psm1 | 2 +- .../MSFT_IntuneRoleAssignment.psm1 | 2 +- .../MSFT_IntuneRoleDefinition.psm1 | 2 +- ...SettingCatalogASRRulesPolicyWindows10.psm1 | 2 +- ...ationPolicyAndroidDeviceAdministrator.psm1 | 2 +- ...ionPolicyAndroidEnterpriseDeviceOwner.psm1 | 2 +- ...ionPolicyAndroidEnterpriseWorkProfile.psm1 | 2 +- ...WifiConfigurationPolicyAndroidForWork.psm1 | 2 +- ...urationPolicyAndroidOpenSourceProject.psm1 | 2 +- ...MSFT_IntuneWifiConfigurationPolicyIOS.psm1 | 2 +- ...FT_IntuneWifiConfigurationPolicyMacOS.psm1 | 2 +- ...ntuneWifiConfigurationPolicyWindows10.psm1 | 2 +- .../MSFT_TeamsCallParkPolicy.psm1 | 2 +- 15 files changed, 32 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 531a56fd91..5e2eae0a07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,21 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationPolicyAndroidOpenSourceProject, + IntuneExploitProtectionPolicyWindows10SettingCatalog, IntuneRoleAssignment, + IntuneRoleDefinition, IntuneSettingCatalogASRRulesPolicyWindows10, + IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator, + IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner, + IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile, + IntuneWifiConfigurationPolicyAndroidForWork, + IntuneWifiConfigurationPolicyAndroidOpenSourceProject, + IntuneWifiConfigurationPolicyIOS, IntuneWifiConfigurationPolicyMacOS, + IntuneWifiConfigurationPolicyWindows10, TeamsCallParkPolicy + * Fix condition in Test-TargetResource when resource is absent + FIXES [#3897](https://github.com/microsoft/Microsoft365DSC/issues/3897) + FIXES [#4256](https://github.com/microsoft/Microsoft365DSC/issues/4256) + # 1.24.124.1 * AADAuthenticationMethodPolicyAuthenticator @@ -20,7 +36,7 @@ * Remove the logic path to create a new instance in favor of the update flow. * AADConditionalAccessPolicy * Fix issue when not all parameters are specified - FIXES [[#4202](https://github.com/microsoft/Microsoft365DSC/issues/4202)] + FIXES [#4202](https://github.com/microsoft/Microsoft365DSC/issues/4202) * AADCrossTenantAccessPolicy * Removed the ability to specify a value of Absent for the Ensure property. * AADCrossTenantAccessPolicyCOnfigurationDefault @@ -39,7 +55,7 @@ * DEPRECATED Resource. * SCAutoSensitivityLabelRule * Correct export indentation, which caused an issue with report conversion to JSON. - FIXES [[#4240](https://github.com/microsoft/Microsoft365DSC/issues/4240)] + FIXES [#4240](https://github.com/microsoft/Microsoft365DSC/issues/4240) * SPOSharingSettings * Fixed an Issue where the MySiteSharingCapability could be returned as an empty string instead of a null value from the Get method. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 index d98004d87a..72f8b9ab6e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -589,7 +589,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 index 8811c5d473..45cfe819b4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog/MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog.psm1 @@ -430,7 +430,7 @@ function Test-TargetResource $ValuesToCheck.Remove('ApplicationSecret') | Out-Null $ValuesToCheck.Remove('Identity') | Out-Null - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message 'The policy was not found' return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index 058a2e58d7..5cd954e832 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -559,7 +559,7 @@ function Test-TargetResource } $PSBoundParameters.Set_Item('ResourceScopes', $ResourceScopes) - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 index 2c0ee65b94..51e23548ee 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleDefinition/MSFT_IntuneRoleDefinition.psm1 @@ -403,7 +403,7 @@ function Test-TargetResource $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 index 5fff32e897..1544d5a942 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10/MSFT_IntuneSettingCatalogASRRulesPolicyWindows10.psm1 @@ -716,7 +716,7 @@ function Test-TargetResource $ValuesToCheck.Remove('TenantId') | Out-Null $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message 'The policy was not found' return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 index 550848afb0..063e280aa2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator/MSFT_IntuneWiFiConfigurationPolicyAndroidDeviceAdministrator.psm1 @@ -474,7 +474,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 index e76afffc7c..18122fecbc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner.psm1 @@ -565,7 +565,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 index a053896d55..1c43c44ddd 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile/MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile.psm1 @@ -472,7 +472,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 index 65f8ed0088..f662b18c5e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidForWork/MSFT_IntuneWifiConfigurationPolicyAndroidForWork.psm1 @@ -471,7 +471,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 index 70ed28d0bf..35f605ec13 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject/MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject.psm1 @@ -497,7 +497,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 index e710718398..fa1376d8fa 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyIOS/MSFT_IntuneWifiConfigurationPolicyIOS.psm1 @@ -551,7 +551,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 index d1bf3f164c..fa8ad74a13 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyMacOS/MSFT_IntuneWifiConfigurationPolicyMacOS.psm1 @@ -538,7 +538,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 index 62701eca3b..2dc45c9668 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneWifiConfigurationPolicyWindows10/MSFT_IntuneWifiConfigurationPolicyWindows10.psm1 @@ -581,7 +581,7 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 index aaba733498..5f6cbc06d0 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsCallParkPolicy/MSFT_TeamsCallParkPolicy.psm1 @@ -295,7 +295,7 @@ function Test-TargetResource $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() $ValuesToCheck.Remove('Identity') | Out-Null - if ($CurrentValues.Ensure -eq 'Absent') + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false From 92a6e411c9b94d969087122a4037ed791a11fe3e Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Fri, 26 Jan 2024 01:49:50 +0000 Subject: [PATCH 11/69] Add default value to parameter Ensure --- CHANGELOG.md | 2 ++ .../MSFT_TeamsFilesPolicy/MSFT_TeamsFilesPolicy.psm1 | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e2eae0a07..f5ed6f43d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ * Fix condition in Test-TargetResource when resource is absent FIXES [#3897](https://github.com/microsoft/Microsoft365DSC/issues/3897) FIXES [#4256](https://github.com/microsoft/Microsoft365DSC/issues/4256) +* TeamsFilesPolicy + * Add default value ('Present') to parameter Ensure # 1.24.124.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFilesPolicy/MSFT_TeamsFilesPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFilesPolicy/MSFT_TeamsFilesPolicy.psm1 index 62af2c60f4..36b91fb1a5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFilesPolicy/MSFT_TeamsFilesPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsFilesPolicy/MSFT_TeamsFilesPolicy.psm1 @@ -21,7 +21,7 @@ function Get-TargetResource [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] - $Ensure, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -112,7 +112,7 @@ function Set-TargetResource [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] - $Ensure, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] @@ -225,7 +225,7 @@ function Test-TargetResource [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] - $Ensure, + $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] From fabafadacaa9283a74e322ed1719df6c8a7e632e Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Tue, 30 Jan 2024 19:48:11 +0100 Subject: [PATCH 12/69] Fixed parameters and set default value for 'AccessRights' --- .../MSFT_EXORecipientPermission.psm1 | 28 +++++++++---------- .../MSFT_EXORecipientPermission.schema.mof | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 index 399d1f64ac..95b8ae0583 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 @@ -12,10 +12,10 @@ function Get-TargetResource [System.String] $Trustee, - [Parameter(Mandatory = $true)] + [Parameter()] [ValidateSet('SendAs')] [System.String[]] - $AccessRights, + $AccessRights = 'SendAs', [Parameter()] [ValidateSet('Present', 'Absent')] @@ -138,18 +138,18 @@ function Set-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Trustee, [Parameter()] [ValidateSet('SendAs')] - [System.String] - $AccessRights, + [System.String[]] + $AccessRights = 'SendAs', [Parameter()] [ValidateSet('Present', 'Absent')] @@ -248,18 +248,18 @@ function Test-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Trustee, [Parameter()] [ValidateSet('SendAs')] - [System.String] - $AccessRights, + [System.String[]] + $AccessRights = 'SendAs', [Parameter()] [ValidateSet('Present', 'Absent')] @@ -331,18 +331,18 @@ function Export-TargetResource [CmdletBinding()] param ( - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Identity, - [Parameter()] + [Parameter(Mandatory = $true)] [System.String] $Trustee, [Parameter()] [ValidateSet('SendAs')] - [System.String] - $AccessRights, + [System.String[]] + $AccessRights = 'SendAs', [Parameter()] [ValidateSet('Present', 'Absent')] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof index 4a12e9bdce..6efdab4c07 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.schema.mof @@ -3,7 +3,7 @@ class MSFT_EXORecipientPermission : OMI_BaseResource { [Key, Description("The mailbox the permission should be given on.")] String Identity; [Key, Description("The account to give the permission to.")] String Trustee; - [Write, Description("The access rights granted to the account. Only 'SendAs' is supported.")] String AccessRights; + [Write, Description("The access rights granted to the account. Only 'SendAs' is supported.")] String AccessRights[]; [Write, Description("Present ensures the group exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Exchange Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; From c8499c9854b94c6b7bbc3ba86205f15a6d311a4d Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Tue, 30 Jan 2024 19:51:11 +0100 Subject: [PATCH 13/69] Fixed typo --- .../DSCResources/MSFT_EXORecipientPermission/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md index 054863a71a..611e51a3f4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/readme.md @@ -2,4 +2,4 @@ ## Description -This resource allows users to retrieve Office 365 Recipient Permission. +This resource allows users to retrieve Office 365 Recipient Permissions. From 2925bf71fa3d14780418ea3e86d70c16d339fe42 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 31 Jan 2024 09:15:33 +0000 Subject: [PATCH 14/69] Added support for Certificate Authentication --- CHANGELOG.md | 3 + .../MSFT_TeamsUserCallingSettings.psm1 | 94 ++++++++++++++++--- .../MSFT_TeamsUserCallingSettings.schema.mof | 6 +- 3 files changed, 90 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0072b6ac1f..e41d2b7bfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,9 @@ * TeamsEmergencyCallRoutingPolicy * Fix deletion of resource FIXES [#4261](https://github.com/microsoft/Microsoft365DSC/issues/4261) +* TeamsUserCallingSettings + * Add support for Certificate Authentication + FIXES [#3180](https://github.com/microsoft/Microsoft365DSC/issues/3180) * TEAMS * Added support for ManagedIdentity Authentication across Teams resources. * DEPENDENCIES diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 index 040d5b62b2..c9cc4664d5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.psm1 @@ -61,9 +61,25 @@ function Get-TargetResource [System.String] $Ensure = 'Present', - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] - $Credential + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity ) Write-Verbose -Message "Getting the Teams Calling Policy $($Identity)" @@ -111,6 +127,10 @@ function Get-TargetResource ForwardingTarget = $instance.ForwardingTarget Ensure = 'Present' Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } } catch @@ -187,9 +207,25 @@ function Set-TargetResource [System.String] $Ensure = 'Present', - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] - $Credential + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity ) Write-Verbose -Message 'Setting Teams User Calling Settings' @@ -297,9 +333,25 @@ function Test-TargetResource [System.String] $Ensure = 'Present', - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] - $Credential + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -339,9 +391,25 @@ function Export-TargetResource [OutputType([System.String])] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.Management.Automation.PSCredential] - $Credential + $Credential, + + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint, + + [Parameter()] + [Switch] + $ManagedIdentity ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' ` -InboundParameters $PSBoundParameters @@ -371,9 +439,13 @@ function Export-TargetResource { Write-Host " |---[$i/$($allUsers.Length)] $($user.UserPrincipalName)" -NoNewline $params = @{ - Identity = $user.UserPrincipalName - Ensure = 'Present' - Credential = $Credential + Identity = $user.UserPrincipalName + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent } $Results = Get-TargetResource @Params diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof index 86a7b83d7b..b73f7d0db3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof @@ -14,6 +14,8 @@ class MSFT_TeamsUserCallingSettings : OMI_BaseResource [Write, Description("The forwarding target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. Voicemail is only supported for Immediate forwarding."), ValueMap{"Group","MyDelegates","SingleTarget","Voicemail"}, Values{"Group","MyDelegates","SingleTarget","Voicemail"}] String ForwardingTargetType; [Write, Description("The forwarding target. Supported types of values are ObjectId's, SIP addresses and phone numbers. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.")] String ForwardingTarget; [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; - [Required, Description("Credentials of the Teams Global Admin."), EmbeddedInstance("MSFT_Credential")] String Credential; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Credentials of the Teams Global Admin."), EmbeddedInstance("MSFT_Credential")] String Credential; + [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; + [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; + [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; }; From 978303c63526104c42a59eee203ccf9df6fc2372 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 31 Jan 2024 09:15:47 +0000 Subject: [PATCH 15/69] Missed in previous --- CHANGELOG.md | 2 +- .../MSFT_TeamsUserCallingSettings.schema.mof | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e41d2b7bfd..ab400da4ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,7 @@ * Fix deletion of resource FIXES [#4261](https://github.com/microsoft/Microsoft365DSC/issues/4261) * TeamsUserCallingSettings - * Add support for Certificate Authentication + * Added support for Certificate Authentication FIXES [#3180](https://github.com/microsoft/Microsoft365DSC/issues/3180) * TEAMS * Added support for ManagedIdentity Authentication across Teams resources. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof index b73f7d0db3..a3a372cde5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsUserCallingSettings/MSFT_TeamsUserCallingSettings.schema.mof @@ -18,4 +18,5 @@ class MSFT_TeamsUserCallingSettings : OMI_BaseResource [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; + [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; }; From 1661e0af19e7c18f5cc3e25ede6a02a1ee171aa0 Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Wed, 31 Jan 2024 10:35:09 +0100 Subject: [PATCH 16/69] Fixes --- .../MSFT_EXORecipientPermission.psm1 | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 index 95b8ae0583..06759e50af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXORecipientPermission/MSFT_EXORecipientPermission.psm1 @@ -90,14 +90,12 @@ function Get-TargetResource } else { - #Could include a switch for the different propertySets to retrieve https://learn.microsoft.com/en-us/powershell/exchange/cmdlet-property-sets?view=exchange-ps#get-exomailbox-property-sets - #Could include a switch for the different recipientTypeDetails to retrieve - $recipientPermission = Get-EXORecipientPermission -Identity $Identity -Trustee $Trustee -AccessRights $AccessRights -ErrorAction Stop + $recipientPermission = Get-RecipientPermission -Identity $Identity -Trustee $Trustee -AccessRights $AccessRights -ErrorAction Stop } if ($null -eq $recipientPermission) { - Write-Verbose -Message "The specified Recipient Permission doesn't already exist." + Write-Verbose -Message "The specified Recipient Permission doesn't exist." return $nullReturn } @@ -222,6 +220,7 @@ function Set-TargetResource $parameters.Remove('CertificatePassword') | Out-Null $parameters.Remove('ManagedIdentity') | Out-Null $parameters.Remove('Ensure') | Out-Null + $parameters.AccessRights = $AccessRights #Parameters with default values are not part PSBoundParameters # Receipient Permission doesn't exist but it should if ($Ensure -eq 'Present' -and $currentState.Ensure -eq 'Absent') @@ -298,26 +297,28 @@ function Test-TargetResource #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies + $param = $PSBoundParameters + #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` - -Parameters $PSBoundParameters + -Parameters $param Add-M365DSCTelemetryEvent -Data $data #endregion Write-Verbose -Message "Testing configuration of Office 365 Recipient permissions $DisplayName" - $currentValues = Get-TargetResource @PSBoundParameters + $currentValues = Get-TargetResource @param Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $currentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $param)" $testResult = Test-M365DSCParameterState -CurrentValues $currentValues ` -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck @('Ensure', 'Identity') + -DesiredValues $param ` + -ValuesToCheck Ensure, Identity, Trustee, AccessRights Write-Verbose -Message "Test-TargetResource returned $testResult" @@ -331,11 +332,11 @@ function Export-TargetResource [CmdletBinding()] param ( - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Identity, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $Trustee, @@ -398,7 +399,7 @@ function Export-TargetResource { $Script:ExportMode = $true - [array]$Script:recipientPermissions = Get-EXORecipientPermission -ResultSize Unlimited + [array]$Script:recipientPermissions = Get-RecipientPermission -ResultSize Unlimited $dscContent = '' $i = 1 From 0c96f72614f53437c2ec22ab0312efbe928352ba Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Wed, 31 Jan 2024 10:35:16 +0100 Subject: [PATCH 17/69] Added unit tests --- ...oft365DSC.EXORecipientPermission.Tests.ps1 | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 new file mode 100644 index 0000000000..bd23cf9f61 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 @@ -0,0 +1,161 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource EXORecipientPermission -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + + BeforeAll { + $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Add-RecipientPermission -MockWith { + } + + Mock -CommandName Remove-RecipientPermission -MockWith { + } + + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + } + + # Test contexts + Context -Name 'Permission doesnt exist and it should' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + Identity = 'john.smith' + Trustee = 'john.doe' + } + + Mock -CommandName Get-EXORecipientPermission -MockWith { + return $null + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should return absent from the Get Method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should add the permission in the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Add-RecipientPermission -Exactly 1 + } + } + + Context -Name 'Permission exists and is not the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Present' + Credential = $Credential + Identity = 'john.smith' + Trustee = 'john.doe' + } + + Mock -CommandName Get-RecipientPermission -MockWith { + return $null + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should return present from the Get Method' { + (Get-TargetResource @testParams).Ensure | Should -Be Absent + } + } + + Context -Name 'Permission exist and it should not' -Fixture { + BeforeAll { + $testParams = @{ + Ensure = 'Absent' + Credential = $Credential + Identity = 'john.smith' + Trustee = 'john.doe' + } + + Mock -CommandName Get-RecipientPermission -MockWith { + return @{ + Identity = 'john.smith' + Trustee = 'john.doe' + 'AccessControlType' = 'Allow' + AccessRights = @('SendAs') + IsInherited = $false + InheritanceType = 'None' + } + } + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should return absent from the Get Method' { + (Get-TargetResource @testParams).Ensure | Should -Be Present + } + + It 'Should remove the permission in the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-RecipientPermission -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-RecipientPermission -MockWith { + return @{ + Identity = 'john.smith' + Trustee = 'john.doe' + 'AccessControlType' = 'Allow' + AccessRights = @('SendAs') + IsInherited = $false + InheritanceType = 'None' + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope From f3e4dbcd523bb14e012772baef5592fb07929ed7 Mon Sep 17 00:00:00 2001 From: Raimund Andree Date: Wed, 31 Jan 2024 11:05:13 +0100 Subject: [PATCH 18/69] Bug fix --- .../Microsoft365DSC.EXORecipientPermission.Tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 index bd23cf9f61..ca1f3f0b94 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXORecipientPermission.Tests.ps1 @@ -52,7 +52,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Trustee = 'john.doe' } - Mock -CommandName Get-EXORecipientPermission -MockWith { + Mock -CommandName Get-RecipientPermission -MockWith { return $null } } From 342d577f528d246a24aabb747a8e72e04a0f1c92 Mon Sep 17 00:00:00 2001 From: Tayhall <4ndrewhall@gmail.com> Date: Mon, 5 Feb 2024 17:29:56 +0000 Subject: [PATCH 19/69] First commit DLPCompliance params --- .../MSFT_SCDLPComplianceRule.psm1 | 521 ++++++++++++++++-- .../MSFT_SCDLPComplianceRule.schema.mof | 33 ++ .../SCDLPComplianceRule.md | 34 +- 3 files changed, 545 insertions(+), 43 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 981dd8ac89..6e2493dbc6 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -138,10 +138,144 @@ function Get-TargetResource [System.Boolean] $DocumentIsPasswordProtected, - [Parameter()] + [Parameter()] [System.Boolean] $ExceptIfDocumentIsPasswordProtected, + [Parameter()] + [System.String[]] + $MessageTypeMatches, + + [Parameter()] + [System.String[]] + $ExceptIfMessageTypeMatches, + + [Parameter()] + [ValidateSet('InOrganization', 'NotInOrganization')] + [System.String[]] + $FromScope, + + [Parameter()] + [ValidateSet('InOrganization', 'NotInOrganization')] + [System.String[]] + $ExceptIfFromScope, + + [Parameter()] + [System.String[]] + $SubjectContainsWords, + + [Parameter()] + [System.String[]] + $SubjectMatchesPatterns, + + [Parameter()] + [System.String[]] + $SubjectOrBodyContainsWords, + + [Parameter()] + [System.String[]] + $SubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.String[]] + $ContentCharacterSetContainsWords, + + [Parameter()] + [System.String[]] + $DocumentNameMatchesPatterns, + + [Parameter()] + [System.String[]] + $DocumentNameMatchesWords, + + [Parameter()] + [System.String[]] + $ExceptIfAnyOfRecipientAddressContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfAnyOfRecipientAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfContentCharacterSetContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfContentPropertyContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfDocumentNameMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfDocumentNameMatchesWords, + + [Parameter()] + [System.String[]] + $ExceptIfFromAddressContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfFromAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $FromAddressContainsWords, + + [Parameter()] + [System.String[]] + $FromAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSenderDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSenderIPRanges, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectOrBodyContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.String[]] + $SentToMemberOf, + + [Parameter()] + [System.String[]] + $DocumentContainsWords, + + [Parameter()] + [System.Boolean] + $ContentIsNotLabeled, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -231,6 +365,11 @@ function Get-TargetResource $AnyOfRecipientAddressContainsWords = $PolicyRule.AnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') } + if ($null -ne $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords -and $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords.count -gt 0) + { + $ExceptIfAnyOfRecipientAddressContainsWords = $PolicyRule.ExceptIfAnyOfRecipientAddressContainsWords.Replace(' ', '').Split(',') + } + if ($null -ne $PolicyRule.AnyOfRecipientAddressMatchesPatterns -and $PolicyRule.AnyOfRecipientAddressMatchesPatterns -gt 0) { $AnyOfRecipientAddressMatchesPatterns = $PolicyRule.AnyOfRecipientAddressMatchesPatterns.Replace(' ', '').Split(',') @@ -247,46 +386,75 @@ function Get-TargetResource } $result = @{ - Ensure = 'Present' - Name = $PolicyRule.Name - Policy = $PolicyRule.ParentPolicyName - AccessScope = $PolicyRule.AccessScope - BlockAccess = $PolicyRule.BlockAccess - BlockAccessScope = $PolicyRule.BlockAccessScope - Comment = $PolicyRule.Comment - ContentContainsSensitiveInformation = $PolicyRule.ContentContainsSensitiveInformation - ExceptIfContentContainsSensitiveInformation = $PolicyRule.ExceptIfContentContainsSensitiveInformation - ContentPropertyContainsWords = $PolicyRule.ContentPropertyContainsWords - Disabled = $PolicyRule.Disabled - GenerateAlert = $PolicyRule.GenerateAlert - GenerateIncidentReport = $PolicyRule.GenerateIncidentReport - IncidentReportContent = $ArrayIncidentReportContent - NotifyAllowOverride = $NotifyAllowOverrideValue - NotifyEmailCustomText = $PolicyRule.NotifyEmailCustomText - NotifyPolicyTipCustomText = $PolicyRule.NotifyPolicyTipCustomText - NotifyUser = $PolicyRule.NotifyUser - ReportSeverityLevel = $PolicyRule.ReportSeverityLevel - RuleErrorAction = $PolicyRule.RuleErrorAction - RemoveRMSTemplate = $PolicyRule.RemoveRMSTemplate - StopPolicyProcessing = $PolicyRule.StopPolicyProcessing - DocumentIsUnsupported = $PolicyRule.DocumentIsUnsupported - ExceptIfDocumentIsUnsupported = $PolicyRule.ExceptIfDocumentIsUnsupported - HasSenderOverride = $PolicyRule.HasSenderOverride - ExceptIfHasSenderOverride = $PolicyRule.ExceptIfHasSenderOverride - ProcessingLimitExceeded = $PolicyRule.ProcessingLimitExceeded - ExceptIfProcessingLimitExceeded = $PolicyRule.ExceptIfProcessingLimitExceeded - DocumentIsPasswordProtected = $PolicyRule.DocumentIsPasswordProtected - ExceptIfDocumentIsPasswordProtected = $PolicyRule.ExceptIfDocumentIsPasswordProtected - AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords - AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns - ContentExtensionMatchesWords = $ContentExtensionMatchesWords - ExceptIfContentExtensionMatchesWords = $ExceptIfContentExtensionMatchesWords - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - CertificateThumbprint = $CertificateThumbprint - CertificatePath = $CertificatePath - CertificatePassword = $CertificatePassword + Ensure = 'Present' + Name = $PolicyRule.Name + Policy = $PolicyRule.ParentPolicyName + AccessScope = $PolicyRule.AccessScope + BlockAccess = $PolicyRule.BlockAccess + BlockAccessScope = $PolicyRule.BlockAccessScope + Comment = $PolicyRule.Comment + ContentContainsSensitiveInformation = $PolicyRule.ContentContainsSensitiveInformation + ExceptIfContentContainsSensitiveInformation = $PolicyRule.ExceptIfContentContainsSensitiveInformation + ContentPropertyContainsWords = $PolicyRule.ContentPropertyContainsWords + Disabled = $PolicyRule.Disabled + GenerateAlert = $PolicyRule.GenerateAlert + GenerateIncidentReport = $PolicyRule.GenerateIncidentReport + IncidentReportContent = $ArrayIncidentReportContent + NotifyAllowOverride = $NotifyAllowOverrideValue + NotifyEmailCustomText = $PolicyRule.NotifyEmailCustomText + NotifyPolicyTipCustomText = $PolicyRule.NotifyPolicyTipCustomText + NotifyUser = $PolicyRule.NotifyUser + ReportSeverityLevel = $PolicyRule.ReportSeverityLevel + RuleErrorAction = $PolicyRule.RuleErrorAction + RemoveRMSTemplate = $PolicyRule.RemoveRMSTemplate + StopPolicyProcessing = $PolicyRule.StopPolicyProcessing + DocumentIsUnsupported = $PolicyRule.DocumentIsUnsupported + ExceptIfDocumentIsUnsupported = $PolicyRule.ExceptIfDocumentIsUnsupported + HasSenderOverride = $PolicyRule.HasSenderOverride + ExceptIfHasSenderOverride = $PolicyRule.ExceptIfHasSenderOverride + ProcessingLimitExceeded = $PolicyRule.ProcessingLimitExceeded + ExceptIfProcessingLimitExceeded = $PolicyRule.ExceptIfProcessingLimitExceeded + DocumentIsPasswordProtected = $PolicyRule.DocumentIsPasswordProtected + ExceptIfDocumentIsPasswordProtected = $PolicyRule.ExceptIfDocumentIsPasswordProtected + MessageTypeMatches = $PolicyRule.MessageTypeMatches + ExceptIfMessageTypeMatches = $PolicyRule.ExceptIfMessageTypeMatches + FromScope = $PolicyRule.FromScope + ExceptIfFromScope = $PolicyRule.ExceptIfFromScope + SubjectContainsWords = $PolicyRule.SubjectContainsWords + SubjectMatchesPatterns = $PolicyRule.SubjectMatchesPatterns + SubjectOrBodyContainsWords = $PolicyRule.SubjectOrBodyContainsWords + SubjectOrBodyMatchesPatterns = $PolicyRule.SubjectOrBodyMatchesPatterns + ContentCharacterSetContainsWords = $PolicyRule.ContentCharacterSetContainsWords + DocumentNameMatchesPatterns = $PolicyRule.DocumentNameMatchesPatterns + DocumentNameMatchesWords = $PolicyRule.DocumentNameMatchesWords + ExceptIfAnyOfRecipientAddressMatchesPatterns = $PolicyRule.ExceptIfAnyOfRecipientAddressMatchesPatterns + ExceptIfContentCharacterSetContainsWords = $PolicyRule.ExceptIfContentCharacterSetContainsWords + ExceptIfContentPropertyContainsWords = $PolicyRule.ExceptIfContentPropertyContainsWords + ExceptIfDocumentNameMatchesPatterns = $PolicyRule.ExceptIfDocumentNameMatchesPatterns + ExceptIfDocumentNameMatchesWords = $PolicyRule.ExceptIfDocumentNameMatchesWords + RecipientDomainIs = $PolicyRule.RecipientDomainIs + ExceptIfRecipientDomainIs = $PolicyRule.ExceptIfRecipientDomainIs + ExceptIfSenderDomainIs = $PolicyRule.ExceptIfSenderDomainIs + ExceptIfSenderIPRanges = $PolicyRule.ExceptIfSenderIPRanges + ExceptIfSentTo = $PolicyRule.ExceptIfSentTo + ExceptIfSubjectContainsWords = $PolicyRule.ExceptIfSubjectContainsWords + ExceptIfSubjectMatchesPatterns = $PolicyRule.ExceptIfSubjectMatchesPatterns + ExceptIfSubjectOrBodyContainsWords = $PolicyRule.ExceptIfSubjectOrBodyContainsWords + ExceptIfSubjectOrBodyMatchesPatterns = $PolicyRule.ExceptIfSubjectOrBodyMatchesPatterns + FromAddressMatchesPatterns = $PolicyRule.FromAddressMatchesPatterns + SentToMemberOf = $PolicyRule.FromAddressMatchesPatterns + DocumentContainsWords = $PolicyRule.DocumentContainsWords + ContentIsNotLabeled = $PolicyRule.ContentIsNotLabeled + AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords + AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns + ContentExtensionMatchesWords = $ContentExtensionMatchesWords + ExceptIfContentExtensionMatchesWords = $ExceptIfContentExtensionMatchesWords + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + CertificatePath = $CertificatePath + CertificatePassword = $CertificatePassword } $paramsToRemove = @() @@ -458,10 +626,144 @@ function Set-TargetResource [System.Boolean] $DocumentIsPasswordProtected, - [Parameter()] + [Parameter()] [System.Boolean] $ExceptIfDocumentIsPasswordProtected, + [Parameter()] + [System.String[]] + $MessageTypeMatches, + + [Parameter()] + [System.String[]] + $ExceptIfMessageTypeMatches, + + [Parameter()] + [ValidateSet('InOrganization', 'NotInOrganization')] + [System.String[]] + $FromScope, + + [Parameter()] + [ValidateSet('InOrganization', 'NotInOrganization')] + [System.String[]] + $ExceptIfFromScope, + + [Parameter()] + [System.String[]] + $SubjectContainsWords, + + [Parameter()] + [System.String[]] + $SubjectMatchesPatterns, + + [Parameter()] + [System.String[]] + $SubjectOrBodyContainsWords, + + [Parameter()] + [System.String[]] + $SubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.String[]] + $ContentCharacterSetContainsWords, + + [Parameter()] + [System.String[]] + $DocumentNameMatchesPatterns, + + [Parameter()] + [System.String[]] + $DocumentNameMatchesWords, + + [Parameter()] + [System.String[]] + $ExceptIfAnyOfRecipientAddressContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfAnyOfRecipientAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfContentCharacterSetContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfContentPropertyContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfDocumentNameMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfDocumentNameMatchesWords, + + [Parameter()] + [System.String[]] + $ExceptIfFromAddressContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfFromAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $FromAddressContainsWords, + + [Parameter()] + [System.String[]] + $FromAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSenderDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSenderIPRanges, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectOrBodyContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.String[]] + $SentToMemberOf, + + [Parameter()] + [System.String[]] + $DocumentContainsWords, + + [Parameter()] + [System.Boolean] + $ContentIsNotLabeled, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] @@ -561,6 +863,7 @@ function Set-TargetResource $CreationParams.Remove('ManagedIdentity') | Out-Null $CreationParams.Remove('ApplicationSecret') | Out-Null + Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" New-DLPComplianceRule @CreationParams } @@ -772,6 +1075,140 @@ function Test-TargetResource [System.Boolean] $ExceptIfDocumentIsPasswordProtected, + [Parameter()] + [System.String[]] + $MessageTypeMatches, + + [Parameter()] + [System.String[]] + $ExceptIfMessageTypeMatches, + + [Parameter()] + [ValidateSet('InOrganization', 'NotInOrganization')] + [System.String[]] + $FromScope, + + [Parameter()] + [ValidateSet('InOrganization', 'NotInOrganization')] + [System.String[]] + $ExceptIfFromScope, + + [Parameter()] + [System.String[]] + $SubjectContainsWords, + + [Parameter()] + [System.String[]] + $SubjectMatchesPatterns, + + [Parameter()] + [System.String[]] + $SubjectOrBodyContainsWords, + + [Parameter()] + [System.String[]] + $SubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.String[]] + $ContentCharacterSetContainsWords, + + [Parameter()] + [System.String[]] + $DocumentNameMatchesPatterns, + + [Parameter()] + [System.String[]] + $DocumentNameMatchesWords, + + [Parameter()] + [System.String[]] + $ExceptIfAnyOfRecipientAddressContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfAnyOfRecipientAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfContentCharacterSetContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfContentPropertyContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfDocumentNameMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfDocumentNameMatchesWords, + + [Parameter()] + [System.String[]] + $ExceptIfFromAddressContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfFromAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $FromAddressContainsWords, + + [Parameter()] + [System.String[]] + $FromAddressMatchesPatterns, + + [Parameter()] + [System.String[]] + $RecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfRecipientDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSenderDomainIs, + + [Parameter()] + [System.String[]] + $ExceptIfSenderIPRanges, + + [Parameter()] + [System.String[]] + $ExceptIfSentTo, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectMatchesPatterns, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectOrBodyContainsWords, + + [Parameter()] + [System.String[]] + $ExceptIfSubjectOrBodyMatchesPatterns, + + [Parameter()] + [System.String[]] + $SentToMemberOf, + + [Parameter()] + [System.String[]] + $DocumentContainsWords, + + [Parameter()] + [System.Boolean] + $ContentIsNotLabeled, + [Parameter()] [ValidateSet('Present', 'Absent')] [System.String] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof index 851847008e..af95ed23e7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof @@ -72,6 +72,39 @@ class MSFT_SCDLPComplianceRule : OMI_BaseResource [Write, Description("The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn't complete.")] Boolean ExceptIfProcessingLimitExceeded; [Write, Description("The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files.")] Boolean DocumentIsPasswordProtected; [Write, Description("The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ")] Boolean ExceptIfDocumentIsPasswordProtected; + [Write, Description("The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns.")] String MessageTypeMatches[]; + [Write, Description("The FromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.")] String FromScope[]; + [Write, Description("The ExceptIfFromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.")] String ExceptIfFromScope[]; + [Write, Description("The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.")] String SubjectContainsWords[]; + [Write, Description("The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.")] String SubjectMatchesPatterns[]; + [Write, Description("The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.")] String SubjectOrBodyContainsWords[]; + [Write, Description("The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages.")] String SubjectOrBodyMatchesPatterns[]; + [Write, Description("The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.")] String ContentCharacterSetContainsWords[]; + [Write, Description("The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.")] String DocumentNameMatchesPatterns[]; + [Write, Description("The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. ")] String DocumentNameMatchesWords[]; + [Write, Description("he ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses.")] String ExceptIfAnyOfRecipientAddressContainsWords[]; + [Write, Description("The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.")] String ExceptIfAnyOfRecipientAddressMatchesPatterns[]; + [Write, Description("The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages.")] String ExceptIfContentCharacterSetContainsWords[]; + [Write, Description("The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content.")] String ExceptIfContentPropertyContainsWords[]; + [Write, Description("The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.")] String ExceptIfDocumentNameMatchesPatterns[]; + [Write, Description("The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments.")] String ExceptIfDocumentNameMatchesWords[]; + [Write, Description("The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address.")] String ExceptIfFromAddressContainsWords[]; + [Write, Description("The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions.")] String ExceptIfFromAddressMatchesPatterns[]; + [Write, Description("The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address.")] String FromAddressContainsWords[]; + [Write, Description("The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. ")] String FromAddressMatchesPatterns[]; + [Write, Description("The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type.")] String ExceptIfMessageTypeMatches[]; + [Write, Description("The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains.")] String RecipientDomainIs[]; + [Write, Description("The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains.")] String ExceptIfRecipientDomainIs[]; + [Write, Description("The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. ")] String ExceptIfSenderDomainIs[]; + [Write, Description("The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.")] String ExceptIfSenderIPRanges[]; + [Write, Description("The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address.")] String ExceptIfSentTo[]; + [Write, Description("The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages.")] String ExceptIfSubjectContainsWords[]; + [Write, Description("The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.")] String ExceptIfSubjectMatchesPatterns[]; + [Write, Description("The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.")] String ExceptIfSubjectOrBodyContainsWords[]; + [Write, Description("The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages.")] String ExceptIfSubjectOrBodyMatchesPatterns[]; + [Write, Description("The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.")] String DocumentContainsWords[]; + [Write, Description("The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.")] String SentToMemberOf[]; + [Write, Description("The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition.")] Boolean ContentIsNotLabeled; [Write, Description("The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.")] String ContentExtensionMatchesWords[]; [Write, Description("The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.")] String ExceptIfContentExtensionMatchesWords[]; }; diff --git a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md index 2dbbf71950..aebe4746c6 100644 --- a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md @@ -44,7 +44,39 @@ | **ExceptIfDocumentIsPasswordProtected** | Write | Boolean | The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. | | | **ContentExtensionMatchesWords** | Write | StringArray[] | The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | | | **ExceptIfContentExtensionMatchesWords** | Write | StringArray[] | The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | | - +| **MessageTypeMatches** | Write | StringArray[] | The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns.| | +| **FromScope** | Write | StringArray[] | The FromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.| | +| **ExceptIfFromScope** | Write | StringArray[] | The parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.| | +| **SubjectContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.| | +| **SubjectMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.| | +| **SubjectOrBodyContainsWords** | Write | StringArray[] | The parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.| | +| **SubjectOrBodyMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages.| | +| **ContentCharacterSetContainsWords** | Write | StringArray[] | The parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.| | +| **DocumentNameMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.| | +| **DocumentNameMatchesWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. | | +**ExceptIfAnyOfRecipientAddressContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses.| | +| **ExceptIfAnyOfRecipientAddressMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.| | +| **ExceptIfContentCharacterSetContainsWords** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for character set names in messages.| | +| **ExceptIfContentPropertyContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that's based on a property match in content.| | +| **ExceptIfDocumentNameMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.| | +| **ExceptIfDocumentNameMatchesWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments.| | +| **ExceptIfFromAddressContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address.| | +| **ExceptIfFromAddressMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions.| | +| **FromAddressContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address.| | +| **FromAddressMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. | | +| **ExceptIfMessageTypeMatches** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for messages of the specified type.| | +| **RecipientDomainIs** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains.| | +| **ExceptIfRecipientDomainIs** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains.| | +| **ExceptIfSenderDomainIs** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. | | +| **ExceptIfSenderIpRanges** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.| | +| **ExceptIfSentTo** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address.| | +| **ExceptIfSubjectContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages.| | +| **ExceptIfSubjectMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.| | +| **ExceptIfSubjectOrBodyContainsWords** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.| | +| **ExceptIfSubjectOrBodyMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages.| | +| **DocumentContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.| | +| **SentToMemberOf** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.| | +| **ContentIsNotLabeled** | Write | Boolean | The parameter specifies if the content is labeled. A True or False condition. | | ### MSFT_SCDLPSensitiveInformation #### Parameters From 4b25e9bb2a03008efc43cffcfa7f557594b2c035 Mon Sep 17 00:00:00 2001 From: Devin Power Date: Tue, 6 Feb 2024 09:41:04 -0500 Subject: [PATCH 20/69] Update powershell7-support.md Fixes typo under Issues loading PnP.Powershell Module section --- docs/docs/user-guide/get-started/powershell7-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/user-guide/get-started/powershell7-support.md b/docs/docs/user-guide/get-started/powershell7-support.md index b060a665e9..5b699bac5b 100644 --- a/docs/docs/user-guide/get-started/powershell7-support.md +++ b/docs/docs/user-guide/get-started/powershell7-support.md @@ -25,7 +25,7 @@ To solve this, make sure the Microsoft365DSC is properly installed under C:\Prog **Issues loading the PnP.PowerShell Module** -The PnP.PowerShell module, which is currently being used by the SharePoint Online and OndeDrive for Business workloads needs to be loaded using Windows PowerShell. In PowerShell 7+, this is done by running the **Import-Module** cmdlet using the **-UseWindowsPowerShell** switch, and requires the modules to be located under C:\Program Files\WindowsPowerShell. In order for Microsoft365DSC to work for SharePoint Online and OneDrive for Business with PowerShell 7, you need to make sure that the PnP.PowerShell module is located under C:\Program Files\WindowsPowerShell\Modules\PnP.PowerShell. This can be achieve =d by either manually moving the module to that location, or by using PowerShell 5.1 to install it using the following line: +The PnP.PowerShell module, which is currently being used by the SharePoint Online and OndeDrive for Business workloads needs to be loaded using Windows PowerShell. In PowerShell 7+, this is done by running the **Import-Module** cmdlet using the **-UseWindowsPowerShell** switch, and requires the modules to be located under C:\Program Files\WindowsPowerShell. In order for Microsoft365DSC to work for SharePoint Online and OneDrive for Business with PowerShell 7, you need to make sure that the PnP.PowerShell module is located under C:\Program Files\WindowsPowerShell\Modules\PnP.PowerShell. This can be achieved by either manually moving the module to that location, or by using PowerShell 5.1 to install it using the following line: ``` Install-Module PnP.PowerShell -Force -Scope AllUsers From ed4e62cb3ae82b8c7e8b7c8bb2eae33bab9f2cd8 Mon Sep 17 00:00:00 2001 From: Tayhall <4ndrewhall@gmail.com> Date: Tue, 6 Feb 2024 15:46:05 +0000 Subject: [PATCH 21/69] added setheader and none for blockaccessscope --- .../MSFT_SCDLPComplianceRule.psm1 | 19 ++++++++++++++++--- .../MSFT_SCDLPComplianceRule.schema.mof | 3 ++- .../SCDLPComplianceRule.md | 1 + 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 6e2493dbc6..603ba9521a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -22,7 +22,7 @@ function Get-TargetResource $BlockAccess, [Parameter()] - [ValidateSet('All', 'PerUser')] + [ValidateSet('All', 'PerUser','None')] [System.String] $BlockAccessScope, @@ -272,6 +272,10 @@ function Get-TargetResource [System.String[]] $DocumentContainsWords, + [Parameter()] + [System.String[]] + $SetHeader, + [Parameter()] [System.Boolean] $ContentIsNotLabeled, @@ -445,6 +449,7 @@ function Get-TargetResource SentToMemberOf = $PolicyRule.FromAddressMatchesPatterns DocumentContainsWords = $PolicyRule.DocumentContainsWords ContentIsNotLabeled = $PolicyRule.ContentIsNotLabeled + SetHeader = $PolicyRule.SetHeader AnyOfRecipientAddressContainsWords = $AnyOfRecipientAddressContainsWords AnyOfRecipientAddressMatchesPatterns = $AnyOfRecipientAddressMatchesPatterns ContentExtensionMatchesWords = $ContentExtensionMatchesWords @@ -510,7 +515,7 @@ function Set-TargetResource $BlockAccess, [Parameter()] - [ValidateSet('All', 'PerUser')] + [ValidateSet('All', 'PerUser','None')] [System.String] $BlockAccessScope, @@ -760,6 +765,10 @@ function Set-TargetResource [System.String[]] $DocumentContainsWords, + [Parameter()] + [System.String[]] + $SetHeader, + [Parameter()] [System.Boolean] $ContentIsNotLabeled, @@ -955,7 +964,7 @@ function Test-TargetResource $BlockAccess, [Parameter()] - [ValidateSet('All', 'PerUser')] + [ValidateSet('All', 'PerUser','None')] [System.String] $BlockAccessScope, @@ -1205,6 +1214,10 @@ function Test-TargetResource [System.String[]] $DocumentContainsWords, + [Parameter()] + [System.String[]] + $SetHeader, + [Parameter()] [System.Boolean] $ContentIsNotLabeled, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof index af95ed23e7..b8c38f51da 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.schema.mof @@ -38,7 +38,7 @@ class MSFT_SCDLPComplianceRule : OMI_BaseResource [Required, Description("Name of the associated DLP Compliance Policy.")] String Policy; [Write, Description("The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope."), ValueMap{"InOrganization","NotInOrganization", "None"}, Values{"InOrganization","NotInOrganization", "None"}] String AccessScope; [Write, Description("The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value.")] Boolean BlockAccess; - [Write, Description("The BlockAccessScope parameter specifies the scope of the block access action."), ValueMap{"All", "PerUser"}, Values{"All", "PerUser"}] String BlockAccessScope; + [Write, Description("The BlockAccessScope parameter specifies the scope of the block access action."), ValueMap{"All", "PerUser","None"}, Values{"All", "PerUser","None"}] String BlockAccessScope; [Write, Description("The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.")] String Comment; [Write, Description("The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type."), EmbeddedInstance("MSFT_SCDLPContainsSensitiveInformation")] String ContentContainsSensitiveInformation; [Write, Description("The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type."), EmbeddedInstance("MSFT_SCDLPContainsSensitiveInformation")] String ExceptIfContentContainsSensitiveInformation; @@ -105,6 +105,7 @@ class MSFT_SCDLPComplianceRule : OMI_BaseResource [Write, Description("The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.")] String DocumentContainsWords[]; [Write, Description("The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.")] String SentToMemberOf[]; [Write, Description("The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition.")] Boolean ContentIsNotLabeled; + [Write, Description("The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas")] String SetHeader[]; [Write, Description("The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.")] String ContentExtensionMatchesWords[]; [Write, Description("The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.")] String ExceptIfContentExtensionMatchesWords[]; }; diff --git a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md index aebe4746c6..f0679370ee 100644 --- a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md @@ -77,6 +77,7 @@ | **DocumentContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.| | | **SentToMemberOf** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.| | | **ContentIsNotLabeled** | Write | Boolean | The parameter specifies if the content is labeled. A True or False condition. | | +| **SetHeader** | Write | StringArray[] | The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas"| | ### MSFT_SCDLPSensitiveInformation #### Parameters From f82ee382ac1c99753f5c7cc1b273ae93ef9bfec3 Mon Sep 17 00:00:00 2001 From: Tayhall <4ndrewhall@gmail.com> Date: Tue, 6 Feb 2024 15:47:41 +0000 Subject: [PATCH 22/69] removed quote --- docs/docs/resources/security-compliance/SCDLPComplianceRule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md index f0679370ee..0d09c8ef2e 100644 --- a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md @@ -77,7 +77,7 @@ | **DocumentContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.| | | **SentToMemberOf** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.| | | **ContentIsNotLabeled** | Write | Boolean | The parameter specifies if the content is labeled. A True or False condition. | | -| **SetHeader** | Write | StringArray[] | The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas"| | +| **SetHeader** | Write | StringArray[] | The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas| | ### MSFT_SCDLPSensitiveInformation #### Parameters From f5fa6f429fd9f028755b12e5ed7227a592d551bf Mon Sep 17 00:00:00 2001 From: Fabien Tschanz Date: Tue, 6 Feb 2024 20:08:20 +0100 Subject: [PATCH 23/69] Fix nested array resource comparison --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 25e04b1dc7..ee57b6ed24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * M365DSCReport * Fix nested change detection for CIMInstances * Fix IntuneDeviceEnrolllmentPlatformRestriction comparison in report + FIXES [#4291](https://github.com/microsoft/Microsoft365DSC/issues/4291) # 1.24.131.2 diff --git a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 index 3fabb2eff1..db573948a1 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCReport.psm1 @@ -726,10 +726,11 @@ function Compare-M365DSCConfigurations if ($null -ne $destinationResourceInstances) { - # There is a chance we found 2 instances of a CIMInstance based on its key property. + # There is a chance we found multiple instances of a CIMInstance based on its key property. # If that's the case, loop through each instance found and if at least one of them is # a perfect match, then don't consider this a drift. $foundOneMatch = $false + $foundMatchResource = $null $drift = $null foreach ($destinationResourceInstance in $destinationResourceInstances) { @@ -753,6 +754,7 @@ function Compare-M365DSCConfigurations if ($foundResourceMatch) { $foundOneMatch = $true + $foundMatchResource = $destinationResourceInstance } else { @@ -769,6 +771,7 @@ function Compare-M365DSCConfigurations { # If a match was found, clear the drift. $drift = $null + $destinationResource.$destinationPropertyName = $destinationResource.$destinationPropertyName | Where-Object { $_ -ne $foundMatchResource } } else { From 96c17f512b68448b279643ccfd272f7134fcd76f Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 6 Feb 2024 22:19:28 +0000 Subject: [PATCH 24/69] Added priority parameter --- CHANGELOG.md | 6 +++ ...neDeviceEnrollmentPlatformRestriction.psm1 | 53 ++++++++++++++++--- ...ceEnrollmentPlatformRestriction.schema.mof | 1 + 3 files changed, 52 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0229cd0383..17a056725f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceEnrollmentPlatformRestriction + * Added Priority parameter + FIXES [#4081](https://github.com/microsoft/Microsoft365DSC/issues/4081) + # 1.24.131.2 * TeamsMeetingPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 7214303fba..f0d87f5f74 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -57,6 +57,10 @@ function Get-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + [Parameter()] + [System.Int32] + $Priority, + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -107,7 +111,12 @@ function Get-TargetResource try { - $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction silentlyContinue + try { + $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction Stop + } + catch { + $config = $null + } if ($null -eq $config) { @@ -127,6 +136,7 @@ function Get-TargetResource DisplayName = $config.DisplayName Description = $config.Description DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType.toString() + Priority = $config.Priority Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -229,6 +239,10 @@ function Set-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + [Parameter()] + [System.Int32] + $Priority, + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -258,6 +272,7 @@ function Set-TargetResource [Switch] $ManagedIdentity ) + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -332,11 +347,20 @@ function Set-TargetResource $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments Update-DeviceConfigurationPolicyAssignment ` - -DeviceConfigurationPolicyId $policy.id ` + -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceEnrollmentConfigurations' } } + + if ($Priority) + { + $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity + $Body = @{ + priority = $Priority + } + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body + } } elseif ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Present') { @@ -380,21 +404,30 @@ function Set-TargetResource #Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20) Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration ` -BodyParameter ([hashtable]$PSBoundParameters) ` - -DeviceEnrollmentConfigurationId $Identity + -DeviceEnrollmentConfigurationId $currentCategory.Identity #Assignments from DefaultPolicy are not editable and will raise an alert - if ($Identity -notlike '*_DefaultPlatformRestrictions') + if ($currentCategory.Identity -notlike '*_DefaultPlatformRestrictions') { if ($null -ne $Assignments -and $Assignments -ne @()) { $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments Update-DeviceConfigurationPolicyAssignment ` - -DeviceConfigurationPolicyId $Identity ` - -Targets $assignmentsHash ` - -Repository 'deviceManagement/deviceEnrollmentConfigurations' + -DeviceConfigurationPolicyId $currentCategory.Identity ` + -Targets $assignmentsHash ` + -Repository 'deviceManagement/deviceEnrollmentConfigurations' } } + + if ($Priority) + { + $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity + $Body = @{ + priority = $Priority + } + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body + } } elseif ($Ensure -eq 'Absent' -and $currentCategory.Ensure -eq 'Present') { @@ -402,7 +435,7 @@ function Set-TargetResource $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" ` | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } - Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $config.id + Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $currentCategory.Identity } } @@ -465,6 +498,10 @@ function Test-TargetResource [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + [Parameter()] + [System.Int32] + $Priority, + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof index 673102cc1e..86c13038c2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.schema.mof @@ -36,6 +36,7 @@ class MSFT_IntuneDeviceEnrollmentPlatformRestriction : OMI_BaseResource [Write, Description("Mac restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string MacRestriction; [Write, Description("Mac OS restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string MacOSRestriction; [Write, Description("Assignments of the policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] string Assignments[]; + [Write, Description("Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration.")] UInt32 Priority; [Write, Description("Present ensures the restriction exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; [Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; From 89b69e5494aad03cf160b8e1c929c4671807b17a Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 6 Feb 2024 22:28:24 +0000 Subject: [PATCH 25/69] Not a problem but we can use Id of the new policy here --- .../MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index f0d87f5f74..3807bec308 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -347,7 +347,7 @@ function Set-TargetResource $assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments Update-DeviceConfigurationPolicyAssignment ` - -DeviceConfigurationPolicyId $policy.id ` + -DeviceConfigurationPolicyId $policy.Id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceEnrollmentConfigurations' } @@ -355,7 +355,7 @@ function Set-TargetResource if ($Priority) { - $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity + $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $policy.Id $Body = @{ priority = $Priority } From ef759b1d1f602932258624afdfe0c4cd8048b8cc Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Tue, 6 Feb 2024 22:31:53 +0000 Subject: [PATCH 26/69] Policy doesn't need to be retrieved again to be removed --- .../MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 | 2 -- 1 file changed, 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index 3807bec308..da34e7f09a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -432,8 +432,6 @@ function Set-TargetResource elseif ($Ensure -eq 'Absent' -and $currentCategory.Ensure -eq 'Present') { Write-Verbose -Message "Removing Device Enrollment Platform Restriction {$DisplayName}" - $config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" ` - | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' } Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $currentCategory.Identity } From b9cfa05dd1dd5acb9e258d678fbb5049c75a9b19 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 7 Feb 2024 09:27:49 +0000 Subject: [PATCH 27/69] Set priority only if different than current --- ...neDeviceEnrollmentPlatformRestriction.psm1 | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index da34e7f09a..e5d66e85fe 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -291,6 +291,12 @@ function Set-TargetResource $currentCategory = Get-TargetResource @PSBoundParameters $PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters $PSBoundParameters.Remove('Identity') | Out-Null + $PriorityPresent = $false + if ($PSBoundParameters.Keys.Contains('Priority')) + { + $PriorityPresent = $true + $PSBoundParameters.Remove('Priority') | Out-Null + } if ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Absent') { @@ -351,15 +357,15 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceEnrollmentConfigurations' } - } - if ($Priority) - { - $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $policy.Id - $Body = @{ - priority = $Priority + if ($PriorityPresent -and $Priority -ne $policy.Priority) + { + $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $policy.Id + $Body = @{ + priority = $Priority + } + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body } - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body } } elseif ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Present') @@ -420,7 +426,7 @@ function Set-TargetResource } } - if ($Priority) + if ($PriorityPresent -and $Priority -ne $currentCategory.Priority) { $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity $Body = @{ From d52aa6796ae8061fee133b33b02729f77edc51e6 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Wed, 7 Feb 2024 09:37:30 +0000 Subject: [PATCH 28/69] Only set priority if not default policy --- ..._IntuneDeviceEnrollmentPlatformRestriction.psm1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 index e5d66e85fe..b6f2f20f3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceEnrollmentPlatformRestriction/MSFT_IntuneDeviceEnrollmentPlatformRestriction.psm1 @@ -424,15 +424,15 @@ function Set-TargetResource -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceEnrollmentConfigurations' } - } - if ($PriorityPresent -and $Priority -ne $currentCategory.Priority) - { - $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity - $Body = @{ - priority = $Priority + if ($PriorityPresent -and $Priority -ne $currentCategory.Priority) + { + $Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity + $Body = @{ + priority = $Priority + } + Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body } - Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body } } elseif ($Ensure -eq 'Absent' -and $currentCategory.Ensure -eq 'Present') From 82415743e742aa3e7107b0f29a089d8a5ae83e7b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 09:32:02 -0500 Subject: [PATCH 29/69] Updates to EXO Integration Tests --- CHANGELOG.md | 2 ++ .../Dependencies/Manifest.psd1 | 2 +- ...XORecipientPermission.ps1 => 1-Create.ps1} | 5 ++-- .../EXORecipientPermission/3-Remove.ps1 | 30 +++++++++++++++++++ 4 files changed, 36 insertions(+), 3 deletions(-) rename Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/{1-EXORecipientPermission.ps1 => 1-Create.ps1} (79%) create mode 100644 Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/3-Remove.ps1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 0229cd0383..3cc23a140d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ * Fixed issue with missing ManagedIdentity parameter in Test signature. * TeamsUpdateManagementPolicy * Fixed issue with missing ManagedIdentity parameter in Set signature. +* DEPENDENCIES + * Updated MSCloudLoginAssistant to version 1.1.11 # 1.24.131.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 9cc63defeb..ce18e9c422 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.10" + RequiredVersion = "1.1.11" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 similarity index 79% rename from Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 rename to Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 index c6d219bc54..8df472f8f0 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-EXORecipientPermission.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 @@ -15,13 +15,14 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXORecipientPermission 'AddSendAs' { - Identity = 'John' - Trustee = "admin@$OrganizationName" + Identity = 'AdeleV@$Domain' + Trustee = "admin@$Domain" AccessRights = 'SendAs' Ensure = 'Present' Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/3-Remove.ps1 new file mode 100644 index 0000000000..f263aba8e4 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/3-Remove.ps1 @@ -0,0 +1,30 @@ + +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + $Domain = $Credscredential.Username.Split('@')[1] + node localhost + { + EXORecipientPermission 'AddSendAs' + { + + Identity = 'AdeleV@$Domain' + Trustee = "admin@$Domain" + Ensure = 'Absent' + Credential = $Credscredential + } + } +} From 736458fe86f5988f558443903860812550fc49d4 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 09:32:07 -0500 Subject: [PATCH 30/69] Update Microsoft365.psm1 --- Tests/Unit/Stubs/Microsoft365.psm1 | 968 +++++++++++++++++++++++++---- 1 file changed, 864 insertions(+), 104 deletions(-) diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1 index dc213dcafb..72f1b9c480 100644 --- a/Tests/Unit/Stubs/Microsoft365.psm1 +++ b/Tests/Unit/Stubs/Microsoft365.psm1 @@ -131,6 +131,27 @@ function Add-MailboxPermission $InheritanceType ) } +function Add-RecipientPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $AccessRights, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $Trustee + ) +} function Disable-JournalRule { [CmdletBinding()] @@ -552,8 +573,12 @@ function Get-DistributionGroup [CmdletBinding()] param( [Parameter()] - [System.String] - $SortBy, + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromWithDisplayNames, [Parameter()] [System.Management.Automation.PSCredential] @@ -579,13 +604,21 @@ function Get-DistributionGroup [System.String] $Filter, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames, + [Parameter()] [System.Object] $ResultSize, [Parameter()] [System.String] - $Anr + $Anr, + + [Parameter()] + [System.String] + $SortBy ) } function Get-DistributionGroupMember @@ -640,6 +673,39 @@ function Get-GlobalAddressList $DefaultOnly ) } +function Get-Group +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SortBy, + + [Parameter()] + [System.Object] + $OrganizationalUnit, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object[]] + $RecipientTypeDetails, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.String] + $Anr + ) +} function Get-HostedConnectionFilterPolicy { [CmdletBinding()] @@ -735,10 +801,6 @@ function Get-Mailbox { [CmdletBinding()] param( - [Parameter()] - [System.Management.Automation.SwitchParameter] - $ServiceSafetyConfiguration, - [Parameter()] [System.String] $SortBy, @@ -767,6 +829,18 @@ function Get-Mailbox [System.Management.Automation.SwitchParameter] $SoftDeletedMailbox, + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromWithDisplayNames, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames, + [Parameter()] [System.Object] $ResultSize, @@ -842,17 +916,82 @@ function Get-MailboxCalendarFolder $Identity ) } -function Get-MailboxFolderStatistics +function Get-MailboxFolder { [CmdletBinding()] param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $MailFolderOnly, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $GetChildren, + [Parameter()] [System.Object] $Identity, + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Recurse + ) +} +function Get-MailboxFolderStatistics +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Object] + $Database, + [Parameter()] [System.String] - $FolderScope + $DiagnosticInfo, + + [Parameter()] + [System.Object] + $StoreMailboxIdentity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeOldestAndNewestItems, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UseCustomRouting, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Archive, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeSoftDeletedRecipients, + + [Parameter()] + [System.Int32] + $SkipCount, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeAnalysis, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.Object] + $FolderScope, + + [Parameter()] + [System.Object] + $Identity ) } function Get-MailboxPermission @@ -1340,6 +1479,100 @@ function Get-QuarantinePolicy $QuarantinePolicyType ) } +function Get-Recipient +{ + [CmdletBinding()] + param( + [Parameter()] + [System.String] + $SortBy, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.String] + $RecipientPreviewFilter, + + [Parameter()] + [System.String] + $Anr, + + [Parameter()] + [System.String] + $BookmarkDisplayName, + + [Parameter()] + [System.Object] + $Capabilities, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.Object[]] + $RecipientTypeDetails, + + [Parameter()] + [System.String[]] + $Properties, + + [Parameter()] + [System.Object] + $PropertySet, + + [Parameter()] + [System.Object] + $AuthenticationType, + + [Parameter()] + [System.String] + $Filter, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $IncludeSoftDeletedRecipients, + + [Parameter()] + [System.Object[]] + $RecipientType, + + [Parameter()] + [System.Object] + $OrganizationalUnit, + + [Parameter()] + [System.Boolean] + $IncludeBookmarkObject + ) +} +function Get-RecipientPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $ReadFromDomainController, + + [Parameter()] + [System.Object] + $AccessRights, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ResultSize, + + [Parameter()] + [System.Object] + $Trustee + ) +} function Get-RemoteDomain { [CmdletBinding()] @@ -1368,7 +1601,11 @@ function Get-ReportSubmissionRule param( [Parameter()] [System.Object] - $Identity + $Identity, + + [Parameter()] + [System.Object] + $State ) } function Get-ResourceConfig @@ -2001,37 +2238,45 @@ function New-App [CmdletBinding()] param( [Parameter()] - [System.String] - $Etoken, + [System.Uri] + $Url, [Parameter()] - [System.IO.Stream] - $FileStream, + [System.String] + $Identity, [Parameter()] [System.Boolean] $Enabled, [Parameter()] - [System.Uri] - $Url, + [System.Object] + $AddInOverrides, [Parameter()] [System.Object] $Mailbox, + [Parameter()] + [System.IO.Stream] + $FileStream, + [Parameter()] [System.String] $MarketplaceServicesUrl, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PrivateCatalog, + [System.String] + $Etoken, [Parameter()] [System.String] $MarketplaceCorrelationID, + [Parameter()] + [System.String] + $Version, + [Parameter()] [System.Object] $DefaultStateForUser, @@ -2044,6 +2289,10 @@ function New-App [System.String] $MarketplaceUserProfileType, + [Parameter()] + [System.Object] + $AllowSetting, + [Parameter()] [System.Management.Automation.SwitchParameter] $DownloadOnly, @@ -2056,10 +2305,18 @@ function New-App [System.Object] $UserList, + [Parameter()] + [System.String] + $AppState, + [Parameter()] [System.Management.Automation.SwitchParameter] $OrganizationApp, + [Parameter()] + [System.String] + $AppType, + [Parameter()] [System.String] $MarketplaceAssetID, @@ -2074,9 +2331,17 @@ function New-App [Parameter()] [System.Management.Automation.SwitchParameter] - $AllowReadWriteMailbox - ) -} + $AllowReadWriteMailbox, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $PrivateCatalog, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $UpdateAppState + ) +} function New-ApplicationAccessPolicy { [CmdletBinding()] @@ -2245,35 +2510,6 @@ function New-ClientAccessRule $Scope ) } -function New-DataClassification -{ - [CmdletBinding()] - param( - [Parameter()] - [System.String] - $Description, - - [Parameter()] - [System.String] - $Name, - - [Parameter()] - [System.Globalization.CultureInfo] - $Locale, - - [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm, - - [Parameter()] - [System.Object] - $Fingerprints, - - [Parameter()] - [System.Object] - $ClassificationRuleCollectionIdentity - ) -} function New-DataEncryptionPolicy { [CmdletBinding()] @@ -4353,7 +4589,277 @@ function New-ReportSubmissionPolicy { [CmdletBinding()] param( + [Parameter()] + [System.String] + $PostSubmitMessage, + + [Parameter()] + [System.Object] + $ReportJunkAddresses, + + [Parameter()] + [System.Boolean] + $NotificationsForPhishMalwareSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForNotJunk, + + [Parameter()] + [System.Boolean] + $EnableCustomizedMsg, + + [Parameter()] + [System.Object] + $NotificationSenderAddress, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForJunk, + + [Parameter()] + [System.Boolean] + $NotificationsForSpamSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageForPhishing, + + [Parameter()] + [System.Boolean] + $EnableThirdPartyAddress, + + [Parameter()] + [System.String] + $PreSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String] + $PreSubmitMessageForJunk, + + [Parameter()] + [System.Int32] + $UserSubmissionOptions, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForPhishing, + + [Parameter()] + [System.String] + $PreSubmitMessageForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForNotJunk, + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForPhishing, + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForPhishing, + + [Parameter()] + [System.String] + $NotificationFooterMessage, + + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + + [Parameter()] + [System.String] + $PreSubmitMessageForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForPhishing, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, + + [Parameter()] + [System.String] + $PreSubmitMessageTitleForJunk, + + [Parameter()] + [System.Boolean] + $ReportChatMessageEnabled, + + [Parameter()] + [System.Object] + $ThirdPartyReportAddresses, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Boolean] + $NotificationsForCleanSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageForNotJunk, + + [Parameter()] + [System.Object] + $MultiLanguageSetting, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageForJunk, + + [Parameter()] + [System.Boolean] + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Object] + $ReportNotJunkAddresses, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForJunk, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForJunk, + + [Parameter()] + [System.Boolean] + $DisableUserSubmissionOptions, + + [Parameter()] + [System.Boolean] + $OnlyShowPhishingDisclaimer, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String] + $PreSubmitMessage, + + [Parameter()] + [System.String] + $PreSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String] + $JunkReviewResultMessage, + + [Parameter()] + [System.Boolean] + $EnableCustomNotificationSender, + + [Parameter()] + [System.Boolean] + $ReportChatMessageToCustomizedAddressEnabled, + + [Parameter()] + [System.Object] + $ReportPhishAddresses, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForJunk, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, + + [Parameter()] + [System.Boolean] + $NotificationsForSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.Boolean] + $PreSubmitMessageEnabled, + + [Parameter()] + [System.Boolean] + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForPhishing, + + [Parameter()] + [System.String] + $UserSubmissionOptionsMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageForPhishing, + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress ) } function New-ReportSubmissionRule @@ -4364,17 +4870,25 @@ function New-ReportSubmissionRule [System.String] $Name, + [Parameter()] + [System.Object[]] + $SentTo, + [Parameter()] [System.String] $Comments, [Parameter()] - [System.String[]] - $SentTo, + [System.Object] + $ReportSubmissionPolicy, [Parameter()] - [System.String] - $ReportSubmissionPolicy + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Boolean] + $Enabled ) } function New-RoleAssignmentPolicy @@ -5503,6 +6017,10 @@ function Remove-App [System.Object] $Identity, + [Parameter()] + [System.String] + $AppType, + [Parameter()] [System.Management.Automation.SwitchParameter] $OrganizationApp, @@ -6073,8 +6591,45 @@ function Remove-QuarantinePolicy $Identity, [Parameter()] - [System.Object] - $DomainController + [System.Object] + $DomainController + ) +} +function Remove-RecipientPermission +{ + [CmdletBinding()] + param( + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SkipDomainValidationForMailContact, + + [Parameter()] + [System.Object] + $AccessRights, + + [Parameter()] + [System.Object] + $Trustee, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Deny, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SkipDomainValidationForMailUser, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $SkipDomainValidationForSharedMailbox ) } function Remove-RemoteDomain @@ -6104,12 +6659,12 @@ function Remove-ReportSubmissionRule [CmdletBinding()] param( [Parameter()] - [System.Object] - $Identity, + [System.Management.Automation.SwitchParameter] + $Confirm, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm + [System.Object] + $Identity ) } function Remove-RoleAssignmentPolicy @@ -9232,6 +9787,10 @@ function Set-MailContact [System.String] $CustomAttribute15, + [Parameter()] + [System.Object] + $UserSMimeCertificate, + [Parameter()] [System.Object] $ExtensionCustomAttribute1, @@ -9278,7 +9837,7 @@ function Set-MailContact [Parameter()] [System.Object] - $GrantSendOnBehalfTo, + $UserCertificate, [Parameter()] [System.Object] @@ -9296,6 +9855,10 @@ function Set-MailContact [System.Management.Automation.SwitchParameter] $ForceUpgrade, + [Parameter()] + [System.Object] + $GrantSendOnBehalfTo, + [Parameter()] [System.String] $CustomAttribute12 @@ -10042,6 +10605,10 @@ function Set-OrganizationConfig [System.Boolean] $MailTipsAllTipsEnabled, + [Parameter()] + [System.Boolean] + $PostponeRoamingSignaturesUntilLater, + [Parameter()] [System.Object] $RemotePublicFolderMailboxes, @@ -11430,107 +11997,283 @@ function Set-ReportSubmissionPolicy param( [Parameter()] [System.String] - $Identity, + $PostSubmitMessage, [Parameter()] - [System.Boolean] - $DisableQuarantineReportingOption, + [System.Object] + $ReportJunkAddresses, [Parameter()] [System.Boolean] - $EnableCustomNotificationSender, + $NotificationsForPhishMalwareSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PhishingReviewResultMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageTitle, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForNotJunk, [Parameter()] [System.Boolean] - $EnableOrganizationBranding, + $EnableCustomizedMsg, + + [Parameter()] + [System.Object] + $NotificationSenderAddress, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForJunk, [Parameter()] [System.Boolean] - $EnableReportToMicrosoft, + $NotificationsForSpamSubmissionAirInvestigationsEnabled, + + [Parameter()] + [System.String] + $PostSubmitMessageForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageForPhishing, [Parameter()] [System.Boolean] $EnableThirdPartyAddress, [Parameter()] - [System.Boolean] - $EnableUserEmailNotification, + [System.String] + $PreSubmitMessageTitleForPhishing, [Parameter()] [System.String] - $JunkReviewResultMessage, + $PreSubmitMessageForJunk, + + [Parameter()] + [System.Int32] + $UserSubmissionOptions, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonTextForPhishing, [Parameter()] [System.String] - $NotJunkReviewResultMessage, + $PreSubmitMessageForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForNotJunk, + + [Parameter()] + [System.Boolean] + $ReportJunkToCustomizedAddress, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForPhishing, + + [Parameter()] + [System.Boolean] + $ReportNotJunkToCustomizedAddress, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForPhishing, [Parameter()] [System.String] $NotificationFooterMessage, + [Parameter()] + [System.Boolean] + $EnableOrganizationBranding, + [Parameter()] [System.String] - $NotificationSenderAddress, + $PreSubmitMessageForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForNotJunk, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForPhishing, + + [Parameter()] + [System.Boolean] + $EnableReportToMicrosoft, [Parameter()] [System.String] - $PhishingReviewResultMessage, + $PreSubmitMessageTitleForJunk, + + [Parameter()] + [System.Boolean] + $ReportChatMessageEnabled, + + [Parameter()] + [System.Object] + $ThirdPartyReportAddresses, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Boolean] + $NotificationsForCleanSubmissionAirInvestigationsEnabled, [Parameter()] [System.String] - $PostSubmitMessage, + $PostSubmitMessageForNotJunk, + + [Parameter()] + [System.Object] + $MultiLanguageSetting, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageForJunk, [Parameter()] [System.Boolean] - $PostSubmitMessageEnabled, + $DisableQuarantineReportingOption, + + [Parameter()] + [System.Management.Automation.SwitchParameter] + $Confirm, + + [Parameter()] + [System.Object] + $ReportNotJunkAddresses, + + [Parameter()] + [System.Boolean] + $EnableUserEmailNotification, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageForJunk, [Parameter()] [System.String] - $PostSubmitMessageTitle, + $PostSubmitMessageTitleForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePreSubmitMessageTitleForJunk, + + [Parameter()] + [System.Boolean] + $DisableUserSubmissionOptions, + + [Parameter()] + [System.Boolean] + $OnlyShowPhishingDisclaimer, + + [Parameter()] + [System.String] + $PostSubmitMessageTitleForNotJunk, [Parameter()] [System.String] $PreSubmitMessage, [Parameter()] - [System.Boolean] - $PreSubmitMessageEnabled, + [System.String] + $PreSubmitMessageTitleForNotJunk, [Parameter()] [System.String] - $PreSubmitMessageTitle, + $JunkReviewResultMessage, [Parameter()] - [System.String[]] - $ReportJunkAddresses = @(), + [System.Boolean] + $EnableCustomNotificationSender, [Parameter()] [System.Boolean] - $ReportJunkToCustomizedAddress, + $ReportChatMessageToCustomizedAddressEnabled, + + [Parameter()] + [System.Object] + $ReportPhishAddresses, [Parameter()] [System.String[]] - $ReportNotJunkAddresses = @(), + $MultiLanguagePostSubmitMessageTitleForJunk, + + [Parameter()] + [System.String] + $NotJunkReviewResultMessage, [Parameter()] [System.Boolean] - $ReportNotJunkToCustomizedAddress, + $NotificationsForSubmissionAirInvestigationsEnabled, [Parameter()] - [System.String[]] - $ReportPhishAddresses = @(), + [System.Boolean] + $PreSubmitMessageEnabled, [Parameter()] [System.Boolean] - $ReportPhishToCustomizedAddress, + $PostSubmitMessageEnabled, + + [Parameter()] + [System.String] + $PreSubmitMessageTitle, [Parameter()] [System.String[]] - $ThirdPartyReportAddresses = @(), + $MultiLanguagePreSubmitMessageTitleForPhishing, [Parameter()] - [System.Management.Automation.SwitchParameter] - $Confirm + [System.String[]] + $MultiLanguagePreSubmitMessageButtonTextForPhishing, + + [Parameter()] + [System.String] + $UserSubmissionOptionsMessage, + + [Parameter()] + [System.String] + $PostSubmitMessageForPhishing, + + [Parameter()] + [System.String[]] + $MultiLanguagePostSubmitMessageButtonLinkForJunk, + + [Parameter()] + [System.Object] + $Identity, + + [Parameter()] + [System.Boolean] + $ReportPhishToCustomizedAddress ) } function Set-ReportSubmissionRule @@ -11539,15 +12282,23 @@ function Set-ReportSubmissionRule param( [Parameter()] [System.String] - $Identity, + $Name, + + [Parameter()] + [System.Object[]] + $SentTo, [Parameter()] [System.String] $Comments, [Parameter()] - [System.String[]] - $SentTo, + [System.Object] + $Identity, + + [Parameter()] + [System.Object] + $ReportSubmissionPolicy, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -12927,7 +13678,11 @@ function Set-User param( [Parameter()] [System.String] - $Company, + $MailboxRegion, + + [Parameter()] + [System.Boolean] + $IsShadowMailbox, [Parameter()] [System.String] @@ -12982,8 +13737,8 @@ function Set-User $Force, [Parameter()] - [System.String] - $LastName, + [System.Object] + $ManagedOnboardingType, [Parameter()] [System.Management.Automation.SwitchParameter] @@ -13022,8 +13777,8 @@ function Set-User $AssistantName, [Parameter()] - [System.Object] - $OtherHomePhone, + [System.String] + $Company, [Parameter()] [System.String] @@ -13046,12 +13801,12 @@ function Set-User $Notes, [Parameter()] - [System.Management.Automation.SwitchParameter] - $PermanentlyClearPreviousMailboxInfo, + [System.String] + $LastName, [Parameter()] - [System.String] - $MailboxRegion, + [System.Management.Automation.SwitchParameter] + $PermanentlyClearPreviousMailboxInfo, [Parameter()] [System.Object] @@ -13097,6 +13852,10 @@ function Set-User [System.Object] $WindowsEmailAddress, + [Parameter()] + [System.String] + $StreetAddress, + [Parameter()] [System.Boolean] $RemotePowerShellEnabled, @@ -13110,8 +13869,8 @@ function Set-User $GeoCoordinates, [Parameter()] - [System.String] - $StreetAddress, + [System.Object] + $OtherHomePhone, [Parameter()] [System.Object] @@ -13144,6 +13903,7 @@ function Update-RoleGroupMember ) } #endregion + #region Microsoft.Graph.Applications function Get-MgApplication { From 1b3201205ac1c1d3a7fbb546a54ed18cfaab5213 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 09:35:54 -0500 Subject: [PATCH 31/69] Updated * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180 --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cc23a140d..5369cd8e5e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * TeamsUpdateManagementPolicy * Fixed issue with missing ManagedIdentity parameter in Set signature. * DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. * Updated MSCloudLoginAssistant to version 1.1.11 # 1.24.131.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index ce18e9c422..db8d949b4a 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -78,7 +78,7 @@ }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' - RequiredVersion = '2.0.178' + RequiredVersion = '2.0.180' }, @{ ModuleName = 'MicrosoftTeams' From c9f71d6123502bd08000231bb7657a27e7bae1e9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 10:05:46 -0500 Subject: [PATCH 32/69] Updated ReverseDSC --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5369cd8e5e..a8ef3cb3e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. * Updated MSCloudLoginAssistant to version 1.1.11 + * Updated ReverseDSC to version 2.0.0.19 # 1.24.131.1 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index db8d949b4a..6c1877c352 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -94,7 +94,7 @@ }, @{ ModuleName = 'ReverseDSC' - RequiredVersion = '2.0.0.18' + RequiredVersion = '2.0.0.19' } ) } From 20221fc88d4724b893455ee13edfc5a4ed74d89c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 10:22:16 -0500 Subject: [PATCH 33/69] Fixes Unit Tests --- CHANGELOG.md | 11 +++++++---- .../Microsoft365DSC.EXODataClassification.Tests.ps1 | 7 ------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a8ef3cb3e2..7bbf82467b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,15 +1,18 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. + * Updated MSCloudLoginAssistant to version 1.1.11 + * Updated ReverseDSC to version 2.0.0.19 + # 1.24.131.2 * TeamsMeetingPolicy * Fixed issue with missing ManagedIdentity parameter in Test signature. * TeamsUpdateManagementPolicy * Fixed issue with missing ManagedIdentity parameter in Set signature. -* DEPENDENCIES - * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. - * Updated MSCloudLoginAssistant to version 1.1.11 - * Updated ReverseDSC to version 2.0.0.19 # 1.24.131.1 diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 index e2c9b7fe7d..061e44f6e2 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXODataClassification.Tests.ps1 @@ -31,9 +31,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { return 'Credentials' } - Mock -CommandName New-DataClassification -MockWith { - } - Mock -CommandName Set-DataClassification -MockWith { } @@ -58,10 +55,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { Mock -CommandName Get-DataClassification -MockWith { return $null } - - Mock -CommandName New-DataClassification -MockWith { - - } } It 'Should return False from the Get method' { From e5b1b37ba0ba7719d937f07b6b125115140b95dc Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 11:02:10 -0500 Subject: [PATCH 34/69] TeamsMeetingPolicy --- CHANGELOG.md | 3 +++ .../MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bbf82467b..7e8641e984 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* TeamsMeetingPolicy + * Ignore the AllowUserToJoinExternalMeeting parameterfor drift evaluation + since it doesn't do anything based on official documentation. * DEPENDENCIES * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. * Updated MSCloudLoginAssistant to version 1.1.11 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index 494656a498..a3cf1bedbb 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -1118,6 +1118,9 @@ function Test-TargetResource # The AllowIPVideo is temporarly not working, therefore we won't check the value. $ValuesToCheck.Remove('AllowIPVideo') | Out-Null + # The AllowUserToJoinExternalMeeting doesn't do anything based on official documentation + $ValuesToCheck.Remove('AllowUserToJoinExternalMeeting') | Out-Null + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` From acee04fdc1790ae01a98774b2a5bc29234f91b5d Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 13:04:34 -0500 Subject: [PATCH 35/69] SCDLPCOmplianceRule Fancy Quotes Handling --- CHANGELOG.md | 2 ++ .../MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 80e5bdb9bc..86234791ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* SCDLPComplianceRule + * Properly escapes fancy quotes in the Get method. * TeamsMeetingPolicy * Ignore the AllowUserToJoinExternalMeeting parameterfor drift evaluation since it doesn't do anything based on official documentation. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 981dd8ac89..452eeb1575 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -246,6 +246,7 @@ function Get-TargetResource $ExceptIfContentExtensionMatchesWords = $PolicyRule.ExceptIfContentExtensionMatchesWords.Replace(' ', '').Split(',') } + $fancyDoubleQuotes = "[\u201C\u201D]" $result = @{ Ensure = 'Present' Name = $PolicyRule.Name @@ -262,8 +263,8 @@ function Get-TargetResource GenerateIncidentReport = $PolicyRule.GenerateIncidentReport IncidentReportContent = $ArrayIncidentReportContent NotifyAllowOverride = $NotifyAllowOverrideValue - NotifyEmailCustomText = $PolicyRule.NotifyEmailCustomText - NotifyPolicyTipCustomText = $PolicyRule.NotifyPolicyTipCustomText + NotifyEmailCustomText = [regex]::Replace($PolicyRule.NotifyEmailCustomText, $fancyDoubleQuotes, '"') + NotifyPolicyTipCustomText = [regex]::Replace($PolicyRule.NotifyPolicyTipCustomText, $fancyDoubleQuotes, '"') NotifyUser = $PolicyRule.NotifyUser ReportSeverityLevel = $PolicyRule.ReportSeverityLevel RuleErrorAction = $PolicyRule.RuleErrorAction From 51557ddfc67443c258b70e172fa6057114fc0074 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 7 Feb 2024 14:11:00 -0500 Subject: [PATCH 36/69] Release 1.24.207.1 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 44 ++++++-------------- 2 files changed, 13 insertions(+), 33 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4567ef857a..65b0f8be87 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.207.1 * IntuneDeviceEnrollmentPlatformRestriction * Added Priority parameter diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index bd1c11a715..45bb8020db 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-02-02 +# Generated on: 2024-02-07 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.131.2' + ModuleVersion = '1.24.207.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,38 +140,18 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* EXOAvailabilityAddressSpace - * Added support for the TargetServiceEpr and TargetTenantId parameters. - * Fixed the logic to retrieve existing instance by Forest Name. - * EXODistributionGroup - * The Get function now retrieves the ModeratedBy and ManagedBy properties - by the users UPN instead of their GUID. - * EXOHostedContentFilterRule - * Changed logic to retrieve the Rules by name. Using the Policys name instead. - * EXOIntraOrganizationConnector - * Fixes the DiscoveryEndpoint value from the Get method to include trailing - forward slash. - * EXOMalwareFilterRule - * Fixed an issue retrieving the right value for the Enabled property - * EXOOMEConfiguration - * Fixes an error in the Get method where the ExternalMailExpiryInDays property - wasnt properly returned. - * EXOSafeLinksPolicy - * Deprecated the UseTranslatedNotificationText property - * TeamsEmergencyCallRoutingPolicy - * Fix deletion of resource - FIXES [#4261](https://github.com/microsoft/Microsoft365DSC/issues/4261) + ReleaseNotes = '* IntuneDeviceEnrollmentPlatformRestriction + * Added Priority parameter + FIXES [#4081](https://github.com/microsoft/Microsoft365DSC/issues/4081) + * SCDLPComplianceRule + * Properly escapes fancy quotes in the Get method. * TeamsMeetingPolicy - * Fixed issue with missing ManagedIdentity parameter in Test signature. - * TeamsUpdateManagementPolicy - * Fixed issue with missing ManagedIdentity parameter in Set signature. - * TEAMS - * Added support for ManagedIdentity Authentication across Teams resources. + * Ignore the AllowUserToJoinExternalMeeting parameterfor drift evaluation + since it doesnt do anything based on official documentation. * DEPENDENCIES - * Updated MSCloudLoginAssistant dependencies to version 1.1.10. - * MISC - * Change the way to Export encoding is done so that it no longer relies - on the Get-DSCResource function.' + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. + * Updated MSCloudLoginAssistant to version 1.1.11 + * Updated ReverseDSC to version 2.0.0.19' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false From 7df5c81be471e0536af7e470498fedbeb51fbc62 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 11:37:26 +0000 Subject: [PATCH 37/69] Fixed tests so that resource reports its correct state --- CHANGELOG.md | 9 + .../MSFT_IntuneAppConfigurationPolicy.psm1 | 227 ++++++++---------- ...FT_IntuneAppConfigurationPolicy.schema.mof | 1 + 3 files changed, 110 insertions(+), 127 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65b0f8be87..b673e59f96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneAppConfigurationPolicy + * Added parameter Id to avoid having to retrieve the same policy multiple + times + * Fixed tests in Test-TargetResource to ensure the resource reports its + correct state + FIXES [#3542](https://github.com/microsoft/Microsoft365DSC/issues/3542) + # 1.24.207.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 index 2352b5643f..d8575c1170 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.psm1 @@ -4,6 +4,10 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( + [Parameter()] + [System.String] + $Id, + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -50,7 +54,7 @@ function Get-TargetResource $ManagedIdentity ) - Write-Verbose -Message "Getting configuration of Intune App Configuration Policy {$DisplayName}" + Write-Verbose -Message "Getting configuration of Intune App Configuration Policy with Id {$Id}" $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters @@ -72,17 +76,39 @@ function Get-TargetResource $nullResult.Ensure = 'Absent' try { - $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -Filter "displayName eq '$DisplayName'" ` - -ErrorAction Stop + + try { + $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -TargetedManagedAppConfigurationId $Id ` + -ErrorAction Stop + } + catch { + $configPolicy = $null + } if ($null -eq $configPolicy) { - Write-Verbose -Message "No App Configuration Policy with displayName {$DisplayName} was found" - return $nullResult + Write-Verbose -Message "Could not find an Intune App Configuration Policy with Id {$Id}, searching by DisplayName {$DisplayName}" + + try + { + $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -Filter "displayName eq '$DisplayName'" ` + -ErrorAction Stop + } + catch + { + $configPolicy = $null + } + + if ($null -eq $configPolicy) + { + Write-Verbose -Message "No App Configuration Policy with DisplayName {$DisplayName} was found" + return $nullResult + } } - Write-Verbose -Message "Found App Configuration Policy with displayName {$DisplayName}" + Write-Verbose -Message "Found App Configuration Policy with Id {$($configPolicy.Id)} and DisplayName {$($configPolicy.DisplayName)}" $returnHashtable = @{ + Id = $configPolicy.Id DisplayName = $configPolicy.DisplayName Description = $configPolicy.Description CustomSettings = $configPolicy.customSettings @@ -129,6 +155,10 @@ function Set-TargetResource [CmdletBinding()] param ( + [Parameter()] + [System.String] + $Id, + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -217,7 +247,7 @@ function Set-TargetResource if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceAppManagement/targetedManagedAppConfigurations' } @@ -226,10 +256,9 @@ function Set-TargetResource elseif ($Ensure -eq 'Present' -and $currentconfigPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Updating Intune App Configuration Policy {$DisplayName}" - $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -Filter "displayName eq '$DisplayName'" $updateParams = @{ - targetedManagedAppConfigurationId = $configPolicy.Id + targetedManagedAppConfigurationId = $currentconfigPolicy.Id displayName = $DisplayName description = $Description } @@ -245,15 +274,14 @@ function Set-TargetResource { $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } - Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $configPolicy.id ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentconfigPolicy.Id ` -Targets $assignmentsHash ` -Repository 'deviceAppManagement/targetedManagedAppConfigurations' } elseif ($Ensure -eq 'Absent' -and $currentconfigPolicy.Ensure -eq 'Present') { Write-Verbose -Message "Removing Intune App Configuration Policy {$DisplayName}" - $configPolicy = Get-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -Filter "displayName eq '$DisplayName'" - Remove-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -TargetedManagedAppConfigurationId $configPolicy.id + Remove-MgBetaDeviceAppManagementTargetedManagedAppConfiguration -TargetedManagedAppConfigurationId $currentconfigPolicy.Id } } @@ -263,6 +291,10 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( + [Parameter()] + [System.String] + $Id, + [Parameter(Mandatory = $true)] [System.String] $DisplayName, @@ -308,6 +340,7 @@ function Test-TargetResource [Switch] $ManagedIdentity ) + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -322,99 +355,78 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of Intune App Configuration Policy {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Id') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - - if ($null -ne $CurrentValues.CustomSettings -and $CurrentValues.CustomSettings.Length -gt 0 -and $null -ne $CustomSettings) + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { - $value = Test-M365DSCAppConfigurationPolicyCustomSetting -Current $CurrentValues.CustomSettings -Desired $CustomSettings - if ($value -eq $false) - { - return $false - } + Write-Verbose -Message "Test-TargetResource returned $false" + return $false } - else + if ($CurrentValues.Ensure -eq 'Absent' -and $PSBoundParameters.Ensure -eq 'Absent') { - if (($null -eq $CurrentValues.CustomSettings -and $null -ne $CustomSettings) -or - ($null -ne $CurrentValues.CustomSettings -and $null -eq $CustomSettings)) - { - return $false - } + Write-Verbose -Message "Test-TargetResource returned $true" + return $true } - - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('CustomSettings') | Out-Null - - #region Assignments $testResult = $true - if ((-not $CurrentValues.Assignments) -xor (-not $ValuesToCheck.Assignments)) - { - Write-Verbose -Message 'Configuration drift: one the assignment is null' - return $false - } - - if ($CurrentValues.Assignments) + #Compare Cim instances + foreach ($key in $PSBoundParameters.Keys) { - if ($CurrentValues.Assignments.count -ne $ValuesToCheck.Assignments.count) + $source = $PSBoundParameters.$key + $target = $CurrentValues.$key + if ($source.getType().Name -like '*CimInstance*') { - Write-Verbose -Message "Configuration drift: Number of assignment has changed - current {$($CurrentValues.Assignments.count)} target {$($ValuesToCheck.Assignments.count)}" - return $false - } - foreach ($assignment in $CurrentValues.Assignments) - { - #GroupId Assignment - if (-not [String]::IsNullOrEmpty($assignment.groupId)) - { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.groupId -eq $assignment.groupId } - if (-not $source) - { - Write-Verbose -Message "Configuration drift: groupId {$($assignment.groupId)} not found" - $testResult = $false - break - } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } - #AllDevices/AllUsers assignment - else + $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source + + $testResult = Compare-M365DSCComplexObject ` + -Source ($source) ` + -Target ($target) + + if ($key -eq "Assignments") { - $source = [Array]$ValuesToCheck.Assignments | Where-Object -FilterScript { $_.dataType -eq $assignment.dataType } - if (-not $source) + $testResult = $source.count -eq $target.count + if (-Not $testResult) { break } + foreach ($assignment in $source) { - Write-Verbose -Message "Configuration drift: {$($assignment.dataType)} not found" - $testResult = $false - break + if ($assignment.dataType -like '*GroupAssignmentTarget') + { + $testResult = $null -ne ($target | Where-Object {$_.dataType -eq $assignment.DataType -and $_.groupId -eq $assignment.groupId}) + #Using assignment groupDisplayName only if the groupId is not found in the directory otherwise groupId should be the key + if (-not $testResult) + { + $groupNotFound = $null -eq (Get-MgGroup -GroupId ($assignment.groupId) -ErrorAction SilentlyContinue) + } + if (-not $testResult -and $groupNotFound) + { + $testResult = $null -ne ($target | Where-Object {$_.dataType -eq $assignment.DataType -and $_.groupDisplayName -eq $assignment.groupDisplayName}) + } + } + else + { + $testResult = $null -ne ($target | Where-Object {$_.dataType -eq $assignment.DataType}) + } + if (-Not $testResult) { break } } - $sourceHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $source - $testResult = Compare-M365DSCComplexObject -Source $sourceHash -Target $assignment - } - - if (-not $testResult) - { - $testResult = $false - break + if (-Not $testResult) { break } } + if (-Not $testResult) { break } + $ValuesToCheck.Remove($key) | Out-Null } } - if (-not $testResult) - { - return $false - } - $ValuesToCheck.Remove('Assignments') | Out-Null - #endregion + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + if ($TestResult) + { + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } Write-Verbose -Message "Test-TargetResource returned $TestResult" @@ -487,6 +499,7 @@ function Export-TargetResource { Write-Host " |---[$i/$($configPolicies.Count)] $($configPolicy.displayName)" -NoNewline $params = @{ + Id = $configPolicy.Id DisplayName = $configPolicy.displayName Ensure = 'Present' Credential = $Credential @@ -568,46 +581,6 @@ function Export-TargetResource } } -function Test-M365DSCAppConfigurationPolicyCustomSetting -{ - [CmdletBinding()] - [OutputType([System.Boolean])] - param( - [parameter(Mandatory = $true)] - [System.Object[]] - $Current, - - [parameter(Mandatory = $true)] - [System.Object[]] - $Desired - ) - if ($Current.Length -ne $Desired.Length) - { - return $false - } - - foreach ($desiredSetting in $Desired) - { - $found = $false - foreach ($currentSetting in $Current) - { - if ($currentSetting.Name -eq $desiredSetting.Name) - { - if ($currentSetting.Value -ne $desiredSetting.Value) - { - return $false - } - $found = $true - } - } - if (-not $found) - { - return $false - } - } - return $true -} - function Get-M365DSCIntuneAppConfigurationPolicyCustomSettingsAsString { [CmdletBinding()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.schema.mof index 6f6d637942..afa2e1ce50 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationPolicy/MSFT_IntuneAppConfigurationPolicy.schema.mof @@ -19,6 +19,7 @@ class MSFT_IntuneAppConfigurationPolicyCustomSetting [ClassVersion("1.0.0.0"), FriendlyName("IntuneAppConfigurationPolicy")] class MSFT_IntuneAppConfigurationPolicy : OMI_BaseResource { + [Write, Description("Key of the entity. Read-Only.")] String Id; [Key, Description("Display name of the app configuration policy.")] String DisplayName; [Write, Description("Description of the app configuration policy.")] String Description; [Write, Description("Assignments of the Intune Policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; From 0b62229b3f618039dbdbc8f3fdedf755da6601b4 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 12:00:48 +0000 Subject: [PATCH 38/69] Fix Test-TargetResource to ensure that resource reports its correct state --- CHANGELOG.md | 6 ++++ ...eviceAndAppManagementAssignmentFilter.psm1 | 35 ++++++++++++------- 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65b0f8be87..bdbf8da965 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceAndAppManagementAssignmentFilter + * Fixed Test-TargetResource to ensure that resource reports its correct state + FIXES [#3959](https://github.com/microsoft/Microsoft365DSC/issues/3959) + # 1.24.207.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 index fe0f04941d..1c043b3278 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceAndAppManagementAssignmentFilter/MSFT_IntuneDeviceAndAppManagementAssignmentFilter.psm1 @@ -310,21 +310,32 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of assignment filter {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Identity') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" + if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) + { + Write-Verbose -Message "Test-TargetResource returned $false" + return $false + } + if ($CurrentValues.Ensure -eq 'Absent' -and $PSBoundParameters.Ensure -eq 'Absent') + { + Write-Verbose -Message "Test-TargetResource returned $true" + return $true + } + $testResult = $true - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - $ValuesToCheck.Remove('Identity') | Out-Null + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + if ($TestResult) + { + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } Write-Verbose -Message "Test-TargetResource returned $TestResult" From 0996819b19eb84a08ebefcba4b38ad4060ff4ed7 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 12:46:10 +0000 Subject: [PATCH 39/69] Use correct filter --- ...IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index abd502c21c..71f0596ec9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -93,7 +93,7 @@ function Get-TargetResource $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue | Where-Object -FilterScript { ` - $_.AdditionalProperties -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' } } } From c60ced498a01bce5fea2c5767dfafef0634591b8 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 14:20:30 +0000 Subject: [PATCH 40/69] Remove Id from being tested and auth methods --- ...igurationNetworkBoundaryPolicyWindows10.psm1 | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index 71f0596ec9..03cb95351f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -269,15 +269,7 @@ function Set-TargetResource #endregion $currentInstance = Get-TargetResource @PSBoundParameters - - $PSBoundParameters.Remove('Ensure') | Out-Null - $PSBoundParameters.Remove('Credential') | Out-Null - $PSBoundParameters.Remove('ApplicationId') | Out-Null - $PSBoundParameters.Remove('ApplicationSecret') | Out-Null - $PSBoundParameters.Remove('TenantId') | Out-Null - $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null - $PSBoundParameters.Remove('ManagedIdentity') | Out-Null - $PSBoundParameters.Remove('Verbose') | Out-Null + $PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { @@ -434,6 +426,8 @@ function Test-TargetResource $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck + $ValuesToCheck.Remove('Id') | Out-Null if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { @@ -465,11 +459,6 @@ function Test-TargetResource } } - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" From c33229e5eb83213d618e39343272fd0215fb4b37 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 14:23:33 +0000 Subject: [PATCH 41/69] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65b0f8be87..e742860a82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 + * Fixed Test-TargetResource by removing Id from begin tested and also used + correct filter while retrieving the policy otherwise it could not be found + FIXES [#3964](https://github.com/microsoft/Microsoft365DSC/issues/3964) + # 1.24.207.1 * IntuneDeviceEnrollmentPlatformRestriction From 7f22867f69b16b74b77f354fd81c100337f1dd5e Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 14:26:26 +0000 Subject: [PATCH 42/69] Fix typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e742860a82..05dc2588b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ # UNRELEASED * IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10 - * Fixed Test-TargetResource by removing Id from begin tested and also used + * Fixed Test-TargetResource by removing Id from being tested and also used correct filter while retrieving the policy otherwise it could not be found FIXES [#3964](https://github.com/microsoft/Microsoft365DSC/issues/3964) From 9de19f1682a575c964a44093860cc2a197f10089 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 14:30:09 +0000 Subject: [PATCH 43/69] Backticks not required here --- ...neDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 index 03cb95351f..63532eaf41 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10/MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10.psm1 @@ -92,7 +92,7 @@ function Get-TargetResource { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue | Where-Object -FilterScript { ` + -ErrorAction SilentlyContinue | Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' } } @@ -527,8 +527,8 @@ function Export-TargetResource [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` -All ` -ErrorAction Stop | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10NetworkBoundaryConfiguration' } #endregion From 47e6bb376c5258b0529ee7a207589cd07310bda4 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 15:05:57 +0000 Subject: [PATCH 44/69] Remove auth methods from testing --- ...ConfigurationPolicyAndroidWorkProfile.psm1 | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 7a3020057a..449a699bbf 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -644,8 +644,8 @@ function Set-TargetResource { Write-Verbose -Message "Updating existing Device Configuration Policy {$DisplayName}" $configDevicePolicy = Get-MgBetaDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` - $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' ` + -FilterScript { + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' } $PSBoundParameters.Remove('DisplayName') | Out-Null @@ -673,7 +673,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing Device Configuration Policy {$DisplayName}" $configDevicePolicy = Get-MgBetaDeviceManagementDeviceConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` - -FilterScript { ` + -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileGeneralDeviceConfiguration' ` } @@ -929,24 +929,17 @@ function Test-TargetResource Write-Verbose -Message "Testing configuration of Device Configuration Policy {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters - - Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" - Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)" - - $ValuesToCheck = $PSBoundParameters - $ValuesToCheck.Remove('Credential') | Out-Null - $ValuesToCheck.Remove('ApplicationId') | Out-Null - $ValuesToCheck.Remove('TenantId') | Out-Null - $ValuesToCheck.Remove('ApplicationSecret') | Out-Null + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() + $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } - #region Assignments $testResult = $true + #region Assignments if ((-not $CurrentValues.Assignments) -xor (-not $ValuesToCheck.Assignments)) { Write-Verbose -Message 'Configuration drift: one the assignment is null' @@ -1004,10 +997,16 @@ function Test-TargetResource $ValuesToCheck.Remove('Assignments') | Out-Null #endregion - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` - -Source $($MyInvocation.MyCommand.Source) ` - -DesiredValues $PSBoundParameters ` - -ValuesToCheck $ValuesToCheck.Keys + Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" + Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + + if ($TestResult) + { + $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` + -Source $($MyInvocation.MyCommand.Source) ` + -DesiredValues $PSBoundParameters ` + -ValuesToCheck $ValuesToCheck.Keys + } Write-Verbose -Message "Test-TargetResource returned $TestResult" From 050f282d7d12ebf670cca99fff993ee8d06045f4 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 15:06:36 +0000 Subject: [PATCH 45/69] Export, and test, correct variable --- .../MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 index 449a699bbf..66ee61a4f1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile/MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile.psm1 @@ -285,7 +285,7 @@ function Get-TargetResource RequiredPasswordComplexity = $policy.AdditionalProperties.requiredPasswordComplexity WorkProfileAllowAppInstallsFromUnknownSources = $policy.AdditionalProperties.workProfileAllowAppInstallsFromUnknownSources WorkProfileDataSharingType = $policy.AdditionalProperties.workProfileDataSharingType - WorkProfileBlockNotificationsWhileDeviceLocked = $policy.AdditionalProperties.WorkProfileBlockNotificationsWhileDeviceLocked + WorkProfileBlockNotificationsWhileDeviceLocked = $policy.AdditionalProperties.workProfileBlockNotificationsWhileDeviceLocked WorkProfileBlockAddingAccounts = $policy.AdditionalProperties.workProfileBlockAddingAccounts WorkProfileBluetoothEnableContactSharing = $policy.AdditionalProperties.workProfileBluetoothEnableContactSharing WorkProfileBlockScreenCapture = $policy.AdditionalProperties.workProfileBlockScreenCapture From eadc0a209c615df3593d59bc8b9c0d0935ccdb36 Mon Sep 17 00:00:00 2001 From: Ricardo Mestre Date: Thu, 8 Feb 2024 15:08:02 +0000 Subject: [PATCH 46/69] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65b0f8be87..ff2fbceb0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* IntuneDeviceConfigurationPolicyAndroidWorkProfile + * Fix typo in variable which made it export incorrectly and report that + resource was not in correct state due to testing an incorrect value + FIXES [#3972](https://github.com/microsoft/Microsoft365DSC/issues/3972) + # 1.24.207.1 * IntuneDeviceEnrollmentPlatformRestriction From 1199bab0fbd4a5e693c6fef6ec3e444dea7fc095 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 8 Feb 2024 10:36:07 -0500 Subject: [PATCH 47/69] Telemetry Updates --- CHANGELOG.md | 6 ++++++ .../Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 | 9 ++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65b0f8be87..2e9e066f89 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* MISC + * Telemetry + * Added a new M365DSCTelemetryEventId parameter to track duplication of events. + # 1.24.207.1 * IntuneDeviceEnrollmentPlatformRestriction diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index f9d9554dd2..d05e2419e7 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -5,7 +5,7 @@ This function gets the Application Insights key to be used for storing telemetry .Functionality Internal, Hidden #> -function Get-ApplicationInsightsTelemetryClient +function Get-M365DSCApplicationInsightsTelemetryClient { [CmdletBinding()] param() @@ -53,13 +53,12 @@ function Add-M365DSCTelemetryEvent [System.Collections.Generic.Dictionary[[System.String], [System.Double]]] $Metrics ) - $TelemetryEnabled = [System.Environment]::GetEnvironmentVariable('M365DSCTelemetryEnabled', ` [System.EnvironmentVariableTarget]::Machine) if ($null -eq $TelemetryEnabled -or $TelemetryEnabled -eq $true) { - $TelemetryClient = Get-ApplicationInsightsTelemetryClient + $TelemetryClient = Get-M365DSCApplicationInsightsTelemetryClient try { @@ -207,9 +206,9 @@ function Add-M365DSCTelemetryEvent { Write-Verbose -Message $_ } - + $M365DSCTelemetryEventId = (New-GUID).ToString() + $Data.Add('M365DSCTelemetryEventId', $M365DSCTelemetryEventId) $TelemetryClient.TrackEvent($Type, $Data, $Metrics) - $TelemetryClient.Flush() } catch { From d94baa327e0b5ed3305ffcb7009890c1509b1364 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 8 Feb 2024 20:09:58 -0500 Subject: [PATCH 48/69] TeamsAppSetupPolicy Updates --- CHANGELOG.md | 2 + .../Modules/M365DSCTelemetryEngine.psm1 | 49 ++++++++++++++++--- .../Microsoft365DSC/Modules/M365DSCUtil.psm1 | 7 ++- 3 files changed, 46 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2e9e066f89..ccdbcd5173 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +* TeamsAppSetupPolicy + * Changed the logic to retrive arrays of Ids in the Get method. * MISC * Telemetry * Added a new M365DSCTelemetryEventId parameter to track duplication of events. diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index d05e2419e7..9aebe5015d 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -188,26 +188,59 @@ function Add-M365DSCTelemetryEvent [array]$version = (Get-Module 'Microsoft365DSC').Version | Sort-Object -Descending $Data.Add('M365DSCVersion', $version[0].ToString()) - # Get Dependencies loaded versions + # LCM Metadata Information try { - $currentPath = Join-Path -Path $PSScriptRoot -ChildPath '../' -Resolve - $manifest = Import-PowerShellDataFile "$currentPath/Microsoft365DSC.psd1" - $dependencies = $manifest.RequiredModules + $LCMInfo = Get-DscLocalConfigurationManager -ErrorAction Stop - $dependenciesContent = '' - foreach ($dependency in $dependencies) + $certificateConfigured = $false + if (-not [System.String]::IsNullOrEmpty($LCMInfo.CertificateID)) { - $dependenciesContent += Get-Module $dependency.ModuleName | Out-String + $certificateConfigured = $true + } + + $partialConfiguration = $false + if (-not [System.String]::IsNullOrEmpty($LCMInfo.PartialConfigurations)) + { + $partialConfiguration = $true + } + $Data.Add('LCMUsesPartialConfigurations', $partialConfiguration) + $Data.Add('LCMCertificateConfigured', $certificateConfigured) + $Data.Add('LCMConfigurationMode', $LCMInfo.ConfigurationMode) + $Data.Add('LCMConfigurationModeFrequencyMins', $LCMInfo.ConfigurationModeFrequencyMins) + $Data.Add('LCMRefreshMode', $LCMInfo.RefreshMode) + $Data.Add('LCMState', $LCMInfo.LCMState) + $Data.Add('LCMStateDetail', $LCMInfo.LCMStateDetail) + + if ($Global:M365DSCExportInProgress) + { + $Data.Add('M365DSCOperation', 'Export') + } + elseif ($LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.') + { + $Data.Add('M365DSCOperation', 'MonitoringScheduled') + } + elseif ($LCMInfo.LCMStateDetail -eq 'LCM is testing node against the configuration.') + { + $Data.Add('M365DSCOperation', 'MonitoringManual') + } + elseif ($LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.') + { + $Data.Add('M365DSCOperation', 'ApplyingConfiguration') + } + else + { + $Data.Add('M365DSCOperation', 'Undetermined') } - $Data.Add('DependenciesVersion', $dependenciesContent) } catch { Write-Verbose -Message $_ } + $M365DSCTelemetryEventId = (New-GUID).ToString() $Data.Add('M365DSCTelemetryEventId', $M365DSCTelemetryEventId) + $TelemetryClient.TrackEvent($Type, $Data, $Metrics) } catch diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index aca92258d4..48033ef43e 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -919,6 +919,7 @@ function Test-M365DSCParameterState } $TenantName = Get-M365DSCTenantNameFromParameterSet -ParameterSet $DesiredValues $driftedData.Add('Tenant', $TenantName) + $driftedData.Add('Resource', $source.Split('_')[1]) Add-M365DSCTelemetryEvent -Type 'DriftInfo' -Data $driftedData #endregion $EventMessage.Append(" " + $DriftedParameters.$key + "`r`n") | Out-Null @@ -970,9 +971,6 @@ function Test-M365DSCParameterState -EventID 2 -Source $Source } - #region Telemetry - Add-M365DSCTelemetryEvent -Data $data - #endregion return $returnValue } @@ -1164,7 +1162,7 @@ function Export-M365DSCConfiguration [Switch] $Validate ) - + $Global:M365DSCExportInProgress = $true $Global:MaximumFunctionCount = 32767 # Define the exported resource instances' names Global variable @@ -1348,6 +1346,7 @@ function Export-M365DSCConfiguration # Clear the exported resource instances' names Global variable $Global:M365DSCExportedResourceInstancesNames = $null + $Global:M365DSCExportInProgress = $false } $Script:M365DSCDependenciesValidated = $false From b2bdb5dae8d341708d39eb5b0db46abc2ff4dd1c Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 8 Feb 2024 20:10:33 -0500 Subject: [PATCH 49/69] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ccdbcd5173..d5cd322ce7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ # UNRELEASED * TeamsAppSetupPolicy - * Changed the logic to retrive arrays of Ids in the Get method. + * Changed the logic to retrieve arrays of Ids in the Get method. * MISC * Telemetry * Added a new M365DSCTelemetryEventId parameter to track duplication of events. From f0fe20010bac0a394a2f6136f3ff5727ba166005 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 8 Feb 2024 20:19:37 -0500 Subject: [PATCH 50/69] Adds Current Values to Drift --- CHANGELOG.md | 2 ++ Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d5cd322ce7..e04fd295bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ * TeamsAppSetupPolicy * Changed the logic to retrieve arrays of Ids in the Get method. * MISC + * Drift Logging + * Now includes the full list of parameters for the current values. * Telemetry * Added a new M365DSCTelemetryEventId parameter to track duplication of events. diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 48033ef43e..d83b9d82c6 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -944,6 +944,17 @@ function Test-M365DSCParameterState $EventMessage.Append(" $Value`r`n") | Out-Null } $EventMessage.Append(" `r`n") | Out-Null + $EventMessage.Append(" `r`n") | Out-Null + foreach ($Key in $CurrentValues.Keys) + { + $Value = $CurrentValues.$Key + if ([System.String]::IsNullOrEmpty($Value)) + { + $Value = "`$null" + } + $EventMessage.Append(" $Value`r`n") | Out-Null + } + $EventMessage.Append(" `r`n") | Out-Null $EventMessage.Append('') | Out-Null Add-M365DSCEvent -Message $EventMessage.ToString() -EventType 'Drift' -EntryType 'Warning' ` From 8b6d9c146b23abc589f49d9fbfdfa5b7c06bb817 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Thu, 8 Feb 2024 21:02:15 -0500 Subject: [PATCH 51/69] Release 1.24.207.2 --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Microsoft365DSC.psd1 | 13 ++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e04fd295bf..fb9ac59df3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.24.207.2 * TeamsAppSetupPolicy * Changed the logic to retrieve arrays of Ids in the Get method. diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 45bb8020db..b45581ddf2 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-02-07 +# Generated on: 2024-02-08 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.207.1' + ModuleVersion = '1.24.207.2' # Supported PSEditions # CompatiblePSEditions = @() @@ -140,7 +140,14 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* IntuneDeviceEnrollmentPlatformRestriction + ReleaseNotes = '* TeamsAppSetupPolicy + * Changed the logic to retrieve arrays of Ids in the Get method. + * MISC + * Drift Logging + * Now includes the full list of parameters for the current values. + * Telemetry + * Added a new M365DSCTelemetryEventId parameter to track duplication of events. + * IntuneDeviceEnrollmentPlatformRestriction * Added Priority parameter FIXES [#4081](https://github.com/microsoft/Microsoft365DSC/issues/4081) * SCDLPComplianceRule From b17b6687b6064ca8a5678567bc571cc38a2c95bd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Feb 2024 09:25:15 -0500 Subject: [PATCH 52/69] Multiple Fixes --- CHANGELOG.md | 6 ++++ ...SFT_AADRoleEligibilityScheduleRequest.psm1 | 10 +++++-- .../MSFT_EXODataClassification.psm1 | 2 +- ...T_IntuneDeviceCompliancePolicyAndroid.psm1 | 2 +- ...iceCompliancePolicyAndroidWorkProfile.psm1 | 2 +- ...IntuneDeviceCompliancePolicyWindows10.psm1 | 2 +- .../MSFT_IntuneDeviceCompliancePolicyiOs.psm1 | 2 +- .../MSFT_SPOUserProfileProperty.psm1 | 29 ++++++++++--------- .../Modules/M365DSCTelemetryEngine.psm1 | 28 ++++++++++++++---- 9 files changed, 57 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fb9ac59df3..6ac18a182e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* AADRoleEligibilityScheduleRequest + * Fixed an issue where an error was thrown if no requests were found instead + of simply returning the Null object. + # 1.24.207.2 * TeamsAppSetupPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 index f7becb8603..c5266516d2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleEligibilityScheduleRequest/MSFT_AADRoleEligibilityScheduleRequest.psm1 @@ -182,16 +182,20 @@ $schedule = Get-MgBetaRoleManagementDirectoryRoleEligibilitySchedule -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'" [Array]$request = Get-MgBetaRoleManagementDirectoryRoleEligibilityScheduleRequest -Filter "PrincipalId eq '$PrincipalId' and RoleDefinitionId eq '$RoleDefinitionId'" | Sort-Object -Property CompletedDateTime -Descending -` $request = $request[0] +` + if ($request.Length -gt 1) + { + $request = $request[0] + } } } else { $ObjectGuid = [System.Guid]::empty if ($PrincipalType -eq 'User') - { + { Write-Verbose -Message "Retrieving principal {$Principal} of type {$PrincipalType}" - + if ([System.Guid]::TryParse($Principal,[System.Management.Automation.PSReference]$ObjectGuid)) { $PrincipalIdValue = Get-MgUser -UserId $Principal -ErrorAction SilentlyContinue diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 index 6b03e06a7d..2754f2074f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXODataClassification/MSFT_EXODataClassification.psm1 @@ -426,7 +426,7 @@ function Export-TargetResource { $Script:ExportMode = $true #region resource generator code - [array] $Script:exportedInstances = Get-DataClassification -ErrorAction Stop + [array] $Script:exportedInstances = Get-DataClassification -ErrorAction SilentlyContinue $dscContent = [System.Text.StringBuilder]::new() if ($Script:exportedInstances.Length -eq 0) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 index 6b3353da1a..39d61be227 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroid/MSFT_IntuneDeviceCompliancePolicyAndroid.psm1 @@ -182,7 +182,7 @@ function Get-TargetResource try { $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -ErrorAction Stop | Where-Object ` + -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 index da9d328933..256d43baf4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile/MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile.psm1 @@ -172,7 +172,7 @@ function Get-TargetResource try { $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -ErrorAction Stop | Where-Object ` + -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidWorkProfileCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 index 61399e6146..0e78c8b97a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyWindows10/MSFT_IntuneDeviceCompliancePolicyWindows10.psm1 @@ -197,7 +197,7 @@ function Get-TargetResource try { $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -ErrorAction Stop | Where-Object ` + -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10CompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 index 4e5ccc567a..d9fe71c7a5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceCompliancePolicyiOs/MSFT_IntuneDeviceCompliancePolicyiOs.psm1 @@ -146,7 +146,7 @@ function Get-TargetResource try { $devicePolicy = Get-MgBetaDeviceManagementDeviceCompliancePolicy ` - -ErrorAction Stop | Where-Object ` + -ErrorAction SilentlyContinue | Where-Object ` -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosCompliancePolicy' -and ` $_.displayName -eq $($DisplayName) } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 index 05951e4304..4874ead6f7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOUserProfileProperty/MSFT_SPOUserProfileProperty.psm1 @@ -326,21 +326,24 @@ function Export-TargetResource if ($Results -is [System.Collections.Hashtable] -and $Results.Count -gt 1) { - $Results.Properties = ConvertTo-M365DSCSPOUserProfilePropertyInstanceString -Properties $Results.Properties - $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` - -Results $Results - $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` - -ConnectionMode $ConnectionMode ` - -ModulePath $PSScriptRoot ` - -Results $Results ` - -Credential $Credential - if ($null -ne $Results.Properties) + if ($Results.Properties) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Properties' + $Results.Properties = ConvertTo-M365DSCSPOUserProfilePropertyInstanceString -Properties $Results.Properties + $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` + -Results $Results + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` + -ConnectionMode $ConnectionMode ` + -ModulePath $PSScriptRoot ` + -Results $Results ` + -Credential $Credential + if ($null -ne $Results.Properties) + { + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Properties' + } + $dscContent += $currentDSCBlock + Save-M365DSCPartialExport -Content $currentDSCBlock ` + -FileName $Global:PartialExportFileName } - $dscContent += $currentDSCBlock - Save-M365DSCPartialExport -Content $currentDSCBlock ` - -FileName $Global:PartialExportFileName Write-Host $Global:M365DSCEmojiGreenCheckMark } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index 9aebe5015d..f42225a049 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -245,7 +245,14 @@ function Add-M365DSCTelemetryEvent } catch { - Write-Error $_ + try + { + $TelemetryClient.TrackEvent('Error', $Data, $Metrics) + } + catch + { + Write-Error $_ + } } } } @@ -368,16 +375,27 @@ function Format-M365DSCTelemetryParameters { $data.Add('Resource', $ResourceName) $data.Add('Method', $CommandName) - if (-not $Parameters.ApplicationId) + if ($Parameters.Credential) { - $data.Add('Principal', $Parameters.Credential.UserName) - $data.Add('TenantId', $Parameters.Credential.UserName.Split('@')[1]) + try + { + $data.Add('Principal', $Parameters.Credential.UserName) + $data.Add('TenantId', $Parameters.Credential.UserName.Split('@')[1]) + } + catch + { + Write-Verbose -Message $_ + } } - else + elseif ($Parameters.ApplicationId) { $data.Add('Principal', $Parameters.ApplicationId) $data.Add('TenantId', $Parameters.TenantId) } + elseif (-not [System.String]::IsNullOrEmpty($TenantId)) + { + $data.Add('TenantId', $Parameters.TenantId) + } $data.Add('ConnectionMode', (Get-M365DSCAuthenticationMode -Parameters $Parameters)) } catch From 0826bc7a5ff9b579a8900b1e8b76e1ff6eb3aec2 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Feb 2024 11:25:36 -0500 Subject: [PATCH 53/69] Update Global - Integration - EXO.yml --- .github/workflows/Global - Integration - EXO.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Global - Integration - EXO.yml b/.github/workflows/Global - Integration - EXO.yml index 4957ccddcd..5635138bd5 100644 --- a/.github/workflows/Global - Integration - EXO.yml +++ b/.github/workflows/Global - Integration - EXO.yml @@ -6,6 +6,8 @@ jobs: # The type of runner that the job will run on runs-on: windows-latest + permissions: write + # Only when run from the main repo if: github.repository == 'microsoft/Microsoft365DSC' From 25261909dd8db5d62d2bd4da7db1e710c74581d7 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Feb 2024 12:05:08 -0500 Subject: [PATCH 54/69] Update Global - Integration - EXO.yml --- .github/workflows/Global - Integration - EXO.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Global - Integration - EXO.yml b/.github/workflows/Global - Integration - EXO.yml index 5635138bd5..76b0ce03bc 100644 --- a/.github/workflows/Global - Integration - EXO.yml +++ b/.github/workflows/Global - Integration - EXO.yml @@ -6,7 +6,7 @@ jobs: # The type of runner that the job will run on runs-on: windows-latest - permissions: write + permissions: write-all # Only when run from the main repo if: github.repository == 'microsoft/Microsoft365DSC' From c77943a7e0eb050127d2c73b0e969be75d4f59b1 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 9 Feb 2024 17:08:07 +0000 Subject: [PATCH 55/69] Updated {Create} EXO Integration Tests --- .../M365DSCIntegration.EXO.Create.Tests.ps1 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 8ae6b2b387..59fb6f90f8 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -654,6 +654,15 @@ Ensure = "Present" Credential = $Credscredential } + EXORecipientPermission 'AddSendAs' + { + + Identity = 'AdeleV@$Domain' + Trustee = "admin@$Domain" + AccessRights = 'SendAs' + Ensure = 'Present' + Credential = $Credscredential + } EXORemoteDomain '583b0b70-b45d-401f-98a6-0e7fa8434946' { Identity = "Integration" From afdb1a87ffcffc433cab012bdaefff080c67724a Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Feb 2024 12:17:37 -0500 Subject: [PATCH 56/69] Update 1-Create.ps1 --- .../Examples/Resources/EXORecipientPermission/1-Create.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 index 8df472f8f0..6b6c1e6190 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 @@ -20,8 +20,7 @@ Configuration Example { EXORecipientPermission 'AddSendAs' { - - Identity = 'AdeleV@$Domain' + Identity = "AlexW@$Domain" Trustee = "admin@$Domain" AccessRights = 'SendAs' Ensure = 'Present' From ff4ab235d91eb84e1534d472810ecc37ad397db8 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 9 Feb 2024 17:20:06 +0000 Subject: [PATCH 57/69] Updated {Create} EXO Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 59fb6f90f8..4dd7a69343 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -656,8 +656,7 @@ } EXORecipientPermission 'AddSendAs' { - - Identity = 'AdeleV@$Domain' + Identity = "AlexW@$Domain" Trustee = "admin@$Domain" AccessRights = 'SendAs' Ensure = 'Present' From aea26112d1bd3362cda4f072c0108b4abfa5cace Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Feb 2024 12:22:47 -0500 Subject: [PATCH 58/69] Updated Graph Dependencies to 2.13.1 --- .../workflows/Global - Integration - AAD.yml | 2 ++ .../Global - Integration - INTUNE.yml | 2 ++ .github/workflows/PublishGitHubPages.yml | 2 ++ .github/workflows/Unit Tests.yml | 2 ++ CHANGELOG.md | 2 ++ .../Dependencies/Manifest.psd1 | 34 +++++++++---------- .../EXORecipientPermission/1-Create.ps1 | 3 +- 7 files changed, 28 insertions(+), 19 deletions(-) diff --git a/.github/workflows/Global - Integration - AAD.yml b/.github/workflows/Global - Integration - AAD.yml index 7f681f74d9..df54194a4b 100644 --- a/.github/workflows/Global - Integration - AAD.yml +++ b/.github/workflows/Global - Integration - AAD.yml @@ -6,6 +6,8 @@ jobs: # The type of runner that the job will run on runs-on: windows-latest + permissions: write-all + # Only when run from the main repo if: github.repository == 'microsoft/Microsoft365DSC' diff --git a/.github/workflows/Global - Integration - INTUNE.yml b/.github/workflows/Global - Integration - INTUNE.yml index 89b45a7056..1582b1b061 100644 --- a/.github/workflows/Global - Integration - INTUNE.yml +++ b/.github/workflows/Global - Integration - INTUNE.yml @@ -6,6 +6,8 @@ jobs: # The type of runner that the job will run on runs-on: windows-latest + permissions: write-all + # Only when run from the main repo if: github.repository == 'microsoft/Microsoft365DSC' diff --git a/.github/workflows/PublishGitHubPages.yml b/.github/workflows/PublishGitHubPages.yml index f0cee1a374..bf85a3d7be 100644 --- a/.github/workflows/PublishGitHubPages.yml +++ b/.github/workflows/PublishGitHubPages.yml @@ -8,6 +8,8 @@ jobs: GenerateResource: runs-on: windows-latest + permissions: write-all + # Only when run from the main repo if: github.repository == 'microsoft/Microsoft365DSC' diff --git a/.github/workflows/Unit Tests.yml b/.github/workflows/Unit Tests.yml index 103e67b01c..a636b3093d 100644 --- a/.github/workflows/Unit Tests.yml +++ b/.github/workflows/Unit Tests.yml @@ -7,6 +7,8 @@ jobs: # The type of runner that the job will run on runs-on: windows-latest + permissions: write-all + # Only when run from the main repo if: github.repository == 'microsoft/Microsoft365DSC' diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ac18a182e..0f45b39e95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ * AADRoleEligibilityScheduleRequest * Fixed an issue where an error was thrown if no requests were found instead of simply returning the Null object. +* DEPENDENCIES + * Updated Microsoft.Graph dependencies to version 2.13.1. # 1.24.207.2 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 6c1877c352..5c97f552db 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -10,71 +10,71 @@ }, @{ ModuleName = 'Microsoft.Graph.Applications' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Authentication' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Devices.CorporateManagement' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Administration' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DeviceManagement.Enrollment' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.DirectoryManagement' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.Governance' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Identity.SignIns' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Reports' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.Teams' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.DeviceManagement.Administration' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Beta.DirectoryObjects' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Groups' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Planner' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Users' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.Graph.Users.Actions' - RequiredVersion = '2.12.0' + RequiredVersion = '2.13.1' }, @{ ModuleName = 'Microsoft.PowerApps.Administration.PowerShell' diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 index 8df472f8f0..6b6c1e6190 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORecipientPermission/1-Create.ps1 @@ -20,8 +20,7 @@ Configuration Example { EXORecipientPermission 'AddSendAs' { - - Identity = 'AdeleV@$Domain' + Identity = "AlexW@$Domain" Trustee = "admin@$Domain" AccessRights = 'SendAs' Ensure = 'Present' From 70c3a4b78602d95989ddc89cb13f05375c514038 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 9 Feb 2024 17:23:54 +0000 Subject: [PATCH 59/69] Updated {Update} EXO Integration Tests --- .../M365DSCIntegration.EXO.Update.Tests.ps1 | 29 +++++++------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 index 25081b9bf3..b944ef9129 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Update.Tests.ps1 @@ -125,13 +125,6 @@ Ensure = "Present" Credential = $Credscredential } - EXOAuthenticationPolicyAssignment 'ConfigureAuthenticationPolicyAssignment' - { - UserName = "AdeleV@$Domain" - AuthenticationPolicyName = "Test Policy" # Updaqted Property - Ensure = "Present" - Credential = $Credscredential - } EXOAvailabilityAddressSpace 'ConfigureAvailabilityAddressSpace' { Identity = 'Contoso.com' @@ -174,7 +167,7 @@ EnforceSchedulingHorizon = $True; Ensure = "Present"; ForwardRequestsToDelegates = $True; - Identity = "AdeleV"; + Identity = "admin@$Domain"; MaximumConflictInstances = 0; MaximumDurationInMinutes = 1440; MinimumDurationInMinutes = 0; @@ -206,10 +199,10 @@ ActiveSyncBlockedDeviceIDs = @() ActiveSyncDebugLogging = $False ActiveSyncEnabled = $True - ActiveSyncMailboxPolicy = 'Demo EXO Mobile Device Policy Default' + ActiveSyncMailboxPolicy = 'Default' ActiveSyncSuppressReadReceipt = $False EwsEnabled = $True - Identity = 'AdeleV' + Identity = "admin@$Domain" ImapEnabled = $True # Updated Property ImapForceICalForCalendarRetrievalOption = $False ImapMessagesRetrievalMimeFormat = 'BestBodyFormat' @@ -220,7 +213,7 @@ OutlookMobileEnabled = $True OWAEnabled = $True OWAforDevicesEnabled = $True - OwaMailboxPolicy = 'OwaMailboxPolicy-Default' + OwaMailboxPolicy = 'OwaMailboxPolicy-Integration' PopEnabled = $False PopForceICalForCalendarRetrievalOption = $True PopMessagesRetrievalMimeFormat = 'BestBodyFormat' @@ -296,8 +289,8 @@ Name = "Integration Policy" EnabledEmailAddressTemplates = @("SMTP:@$Domain") EnabledPrimarySMTPAddressTemplate = "@$Domain" - ManagedByFilter = "" - Priority = 2 # Updated Property + ManagedByFilter = "Department -eq 'Sales'" # Updated Property + Priority = 1 Ensure = "Present" Credential = $Credscredential } @@ -312,7 +305,7 @@ } EXOGroupSettings 'TestGroup' { - DisplayName = "Test Group"; + DisplayName = "All Company"; AccessType = "Public"; AlwaysSubscribeMembersToCalendarEvents = $False; AuditLogAgeLimit = "90.00:00:00"; @@ -483,12 +476,12 @@ CreateOOFEvent = $False; Credential = $Credscredential; DeclineAllEventsForScheduledOOF = $False; - DeclineEventsForScheduledOOF = $True; # Updated Property + DeclineEventsForScheduledOOF = $False; DeclineMeetingMessage = ""; EndTime = "1/23/2024 3:00:00 PM"; Ensure = "Present"; ExternalAudience = "All"; - ExternalMessage = ""; + ExternalMessage = (New-Guid).ToString(); # Updated Property Identity = "AdeleV@$Domain"; InternalMessage = ""; OOFEventSubject = ""; @@ -499,7 +492,7 @@ Credential = $credsCredential; DetailLevel = "AvailabilityOnly"; Ensure = "Present"; - Identity = "AdeleV:\Calendar"; + Identity = "AlexW@$Domain" + ":\Calendar"; PublishDateRangeFrom = "ThreeMonths"; PublishDateRangeTo = "ThreeMonths"; PublishEnabled = $True; # Updated Property @@ -511,7 +504,7 @@ Credential = $credsCredential; Deny = $True; # Updated Property Ensure = "Present"; - Identity = "AdeleV"; + Identity = "AlexW@$Domain"; InheritanceType = "All"; User = "NT AUTHORITY\SELF"; } From 1944836a403ce49d22c809078a1a8efb3c55f720 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Fri, 9 Feb 2024 17:51:31 +0000 Subject: [PATCH 60/69] Updated Resources and Cmdlet documentation pages --- .../EXOAuthenticationPolicyAssignment.md | 27 ----- .../exchange/EXOCASMailboxSettings.md | 7 +- .../exchange/EXOCalendarProcessing.md | 2 +- .../exchange/EXOEmailAddressPolicy.md | 4 +- .../resources/exchange/EXOGroupSettings.md | 2 +- .../EXOMailboxAutoReplyConfiguration.md | 4 +- .../exchange/EXOMailboxCalendarFolder.md | 3 +- .../exchange/EXOMailboxPermission.md | 3 +- .../exchange/EXOOfflineAddressBook.md | 1 - .../exchange/EXORecipientPermission.md | 102 ++++++++++++++++++ ...tuneDeviceEnrollmentPlatformRestriction.md | 1 + .../teams/TeamsUserCallingSettings.md | 5 +- 12 files changed, 121 insertions(+), 40 deletions(-) create mode 100644 docs/docs/resources/exchange/EXORecipientPermission.md diff --git a/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md b/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md index 498c4d50bf..62a9c78606 100644 --- a/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md +++ b/docs/docs/resources/exchange/EXOAuthenticationPolicyAssignment.md @@ -65,33 +65,6 @@ Configuration Example ### Example 2 -```powershell -Configuration Example -{ - param( - [Parameter(Mandatory = $true)] - [PSCredential] - $Credscredential - ) - Import-DscResource -ModuleName Microsoft365DSC - - $Domain = $Credscredential.Username.Split('@')[1] - node localhost - { - EXOAuthenticationPolicyAssignment 'ConfigureAuthenticationPolicyAssignment' - { - UserName = "AdeleV@$Domain" - AuthenticationPolicyName = "Test Policy" # Updaqted Property - Ensure = "Present" - Credential = $Credscredential - } - } -} -``` - -### Example 3 - - ```powershell Configuration Example { diff --git a/docs/docs/resources/exchange/EXOCASMailboxSettings.md b/docs/docs/resources/exchange/EXOCASMailboxSettings.md index d4453b4317..ee6c197d18 100644 --- a/docs/docs/resources/exchange/EXOCASMailboxSettings.md +++ b/docs/docs/resources/exchange/EXOCASMailboxSettings.md @@ -85,6 +85,7 @@ Configuration Example Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOCASMailboxSettings 'AdeleVCasMailboxSettings' @@ -93,10 +94,10 @@ Configuration Example ActiveSyncBlockedDeviceIDs = @() ActiveSyncDebugLogging = $False ActiveSyncEnabled = $True - ActiveSyncMailboxPolicy = 'Demo EXO Mobile Device Policy Default' + ActiveSyncMailboxPolicy = 'Default' ActiveSyncSuppressReadReceipt = $False EwsEnabled = $True - Identity = 'AdeleV' + Identity = "admin@$Domain" ImapEnabled = $True # Updated Property ImapForceICalForCalendarRetrievalOption = $False ImapMessagesRetrievalMimeFormat = 'BestBodyFormat' @@ -107,7 +108,7 @@ Configuration Example OutlookMobileEnabled = $True OWAEnabled = $True OWAforDevicesEnabled = $True - OwaMailboxPolicy = 'OwaMailboxPolicy-Default' + OwaMailboxPolicy = 'OwaMailboxPolicy-Integration' PopEnabled = $False PopForceICalForCalendarRetrievalOption = $True PopMessagesRetrievalMimeFormat = 'BestBodyFormat' diff --git a/docs/docs/resources/exchange/EXOCalendarProcessing.md b/docs/docs/resources/exchange/EXOCalendarProcessing.md index 39eb464dec..009995378e 100644 --- a/docs/docs/resources/exchange/EXOCalendarProcessing.md +++ b/docs/docs/resources/exchange/EXOCalendarProcessing.md @@ -117,7 +117,7 @@ Configuration Example EnforceSchedulingHorizon = $True; Ensure = "Present"; ForwardRequestsToDelegates = $True; - Identity = "AdeleV"; + Identity = "admin@$Domain"; MaximumConflictInstances = 0; MaximumDurationInMinutes = 1440; MinimumDurationInMinutes = 0; diff --git a/docs/docs/resources/exchange/EXOEmailAddressPolicy.md b/docs/docs/resources/exchange/EXOEmailAddressPolicy.md index 5fe66dd421..10e9f6b5d6 100644 --- a/docs/docs/resources/exchange/EXOEmailAddressPolicy.md +++ b/docs/docs/resources/exchange/EXOEmailAddressPolicy.md @@ -93,8 +93,8 @@ Configuration Example Name = "Integration Policy" EnabledEmailAddressTemplates = @("SMTP:@$Domain") EnabledPrimarySMTPAddressTemplate = "@$Domain" - ManagedByFilter = "" - Priority = 2 # Updated Property + ManagedByFilter = "Department -eq 'Sales'" # Updated Property + Priority = 1 Ensure = "Present" Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOGroupSettings.md b/docs/docs/resources/exchange/EXOGroupSettings.md index beb5db2d4f..f9ddf2d3bd 100644 --- a/docs/docs/resources/exchange/EXOGroupSettings.md +++ b/docs/docs/resources/exchange/EXOGroupSettings.md @@ -106,7 +106,7 @@ Configuration Example { EXOGroupSettings 'TestGroup' { - DisplayName = "Test Group"; + DisplayName = "All Company"; AccessType = "Public"; AlwaysSubscribeMembersToCalendarEvents = $False; AuditLogAgeLimit = "90.00:00:00"; diff --git a/docs/docs/resources/exchange/EXOMailboxAutoReplyConfiguration.md b/docs/docs/resources/exchange/EXOMailboxAutoReplyConfiguration.md index 5357252f4a..d976f09127 100644 --- a/docs/docs/resources/exchange/EXOMailboxAutoReplyConfiguration.md +++ b/docs/docs/resources/exchange/EXOMailboxAutoReplyConfiguration.md @@ -72,12 +72,12 @@ Configuration Example CreateOOFEvent = $False; Credential = $Credscredential; DeclineAllEventsForScheduledOOF = $False; - DeclineEventsForScheduledOOF = $True; # Updated Property + DeclineEventsForScheduledOOF = $False; DeclineMeetingMessage = ""; EndTime = "1/23/2024 3:00:00 PM"; Ensure = "Present"; ExternalAudience = "All"; - ExternalMessage = ""; + ExternalMessage = (New-Guid).ToString(); # Updated Property Identity = "AdeleV@$Domain"; InternalMessage = ""; OOFEventSubject = ""; diff --git a/docs/docs/resources/exchange/EXOMailboxCalendarFolder.md b/docs/docs/resources/exchange/EXOMailboxCalendarFolder.md index 1f491c98a5..cbbfc603e7 100644 --- a/docs/docs/resources/exchange/EXOMailboxCalendarFolder.md +++ b/docs/docs/resources/exchange/EXOMailboxCalendarFolder.md @@ -57,6 +57,7 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOMailboxCalendarFolder "JohnCalendarFolder" @@ -64,7 +65,7 @@ Configuration Example Credential = $credsCredential; DetailLevel = "AvailabilityOnly"; Ensure = "Present"; - Identity = "AdeleV:\Calendar"; + Identity = "AlexW@$Domain" + ":\Calendar"; PublishDateRangeFrom = "ThreeMonths"; PublishDateRangeTo = "ThreeMonths"; PublishEnabled = $True; # Updated Property diff --git a/docs/docs/resources/exchange/EXOMailboxPermission.md b/docs/docs/resources/exchange/EXOMailboxPermission.md index 4fec5d4340..9e9a8da182 100644 --- a/docs/docs/resources/exchange/EXOMailboxPermission.md +++ b/docs/docs/resources/exchange/EXOMailboxPermission.md @@ -54,6 +54,7 @@ Configuration Example ) Import-DscResource -ModuleName Microsoft365DSC + $Domain = $Credscredential.Username.Split('@')[1] node localhost { EXOMailboxPermission "TestPermission" @@ -62,7 +63,7 @@ Configuration Example Credential = $credsCredential; Deny = $True; # Updated Property Ensure = "Present"; - Identity = "AdeleV"; + Identity = "AlexW@$Domain"; InheritanceType = "All"; User = "NT AUTHORITY\SELF"; } diff --git a/docs/docs/resources/exchange/EXOOfflineAddressBook.md b/docs/docs/resources/exchange/EXOOfflineAddressBook.md index cdadd9da05..cb89dae984 100644 --- a/docs/docs/resources/exchange/EXOOfflineAddressBook.md +++ b/docs/docs/resources/exchange/EXOOfflineAddressBook.md @@ -93,7 +93,6 @@ Configuration Example { Name = "Integration Address Book" AddressLists = @('\Offline Global Address List') - ConfiguredAttributes = @('OfficeLocation, ANR','ProxyAddresses, ANR','PhoneticGivenName, ANR','GivenName, ANR','PhoneticSurname, ANR','Surname, ANR','Account, ANR','PhoneticDisplayName, ANR','ExternalDirectoryObjectId, Value','ExternalMemberCount, Value','TotalMemberCount, Value','ModerationEnabled, Value','MailboxGuid, Value','DelivContLength, Value','MailTipTranslations, Value','ObjectGuid, Value','DisplayTypeEx, Value','DisplayNamePrintableAnsi, Value','HomeMdbA, Value','Certificate, Value','UserSMimeCertificate, Value','UserCertificate, Value','Comment, Value','PagerTelephoneNumber, Value','AssistantTelephoneNumber, Value','MobileTelephoneNumber, Value','PrimaryFaxNumber, Value','Home2TelephoneNumberMv, Value','Business2TelephoneNumberMv, Value','HomeTelephoneNumber, Value','TargetAddress, Value','PhoneticDepartmentName, Value','DepartmentName, Value','Assistant, Value','PhoneticCompanyName, Value','CompanyName, Value','Title, Value','Country, Value','PostalCode, Value','StateOrProvince, Value','Locality, Value','StreetAddress, Value','Initials, Value','BusinessTelephoneNumber, Value','SendRichInfo, Value','ObjectType, Value','DisplayType, Value','RejectMessagesFromDLMembers, Indicator','AcceptMessagesOnlyFromDLMembers, Indicator','RejectMessagesFrom, Indicator','AcceptMessagesOnlyFrom, Indicator','UmSpokenName, Indicator','ThumbnailPhoto, Indicator') DiffRetentionPeriod = "30" IsDefault = $false # Updated Property Ensure = "Present" diff --git a/docs/docs/resources/exchange/EXORecipientPermission.md b/docs/docs/resources/exchange/EXORecipientPermission.md new file mode 100644 index 0000000000..3d959b534d --- /dev/null +++ b/docs/docs/resources/exchange/EXORecipientPermission.md @@ -0,0 +1,102 @@ +# EXORecipientPermission + +## Parameters + +| Parameter | Attribute | DataType | Description | Allowed Values | +| --- | --- | --- | --- | --- | +| **Identity** | Key | String | The mailbox the permission should be given on. | | +| **Trustee** | Key | String | The account to give the permission to. | | +| **AccessRights** | Write | StringArray[] | The access rights granted to the account. Only 'SendAs' is supported. | | +| **Ensure** | Write | String | Present ensures the group exists, absent ensures it is removed | `Present`, `Absent` | +| **Credential** | Write | PSCredential | Credentials of the Exchange Global Admin | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | +| **CertificatePassword** | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | | +| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | +| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | + +## Description + +This resource allows users to retrieve Office 365 Recipient Permissions. + +## Permissions + +### Exchange + +To authenticate with Microsoft Exchange, this resource required the following permissions: + +#### Roles + +- Mail Enabled Public Folders, MyName, Public Folders, Compliance Admin, User Options, Message Tracking, View-Only Recipients, Role Management, Legal Hold, Audit Logs, Retention Management, Distribution Groups, Move Mailboxes, Information Rights Management, Mail Recipient Creation, Reset Password, View-Only Audit Logs, Mail Recipients, Mailbox Search, UM Mailboxes, Security Group Creation and Membership, Mailbox Import Export, MyMailboxDelegation, MyDisplayName + +#### Role Groups + +- Organization Management + +## Examples + +### Example 1 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + $Domain = $Credscredential.Username.Split('@')[1] + node localhost + { + EXORecipientPermission 'AddSendAs' + { + Identity = "AlexW@$Domain" + Trustee = "admin@$Domain" + AccessRights = 'SendAs' + Ensure = 'Present' + Credential = $Credscredential + } + } +} +``` + +### Example 2 + +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. + +```powershell +Configuration Example +{ + param + ( + [Parameter(Mandatory = $true)] + [PSCredential] + $Credscredential + ) + + Import-DscResource -ModuleName Microsoft365DSC + + $Domain = $Credscredential.Username.Split('@')[1] + node localhost + { + EXORecipientPermission 'AddSendAs' + { + + Identity = 'AdeleV@$Domain' + Trustee = "admin@$Domain" + Ensure = 'Absent' + Credential = $Credscredential + } + } +} +``` + diff --git a/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md b/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md index 603b856830..cce07b5e29 100644 --- a/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md +++ b/docs/docs/resources/intune/IntuneDeviceEnrollmentPlatformRestriction.md @@ -17,6 +17,7 @@ | **MacRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Mac restrictions based on platform, platform operating system version, and device ownership. | | | **MacOSRestriction** | Write | MSFT_DeviceEnrollmentPlatformRestriction | Mac OS restrictions based on platform, platform operating system version, and device ownership. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the policy. | | +| **Priority** | Write | UInt32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration. | | | **Ensure** | Write | String | Present ensures the restriction exists, absent ensures it is removed. | `Present`, `Absent` | | **Credential** | Write | PSCredential | Credentials of the Intune Admin | | | **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | diff --git a/docs/docs/resources/teams/TeamsUserCallingSettings.md b/docs/docs/resources/teams/TeamsUserCallingSettings.md index 369c7b6078..4dd57c90d4 100644 --- a/docs/docs/resources/teams/TeamsUserCallingSettings.md +++ b/docs/docs/resources/teams/TeamsUserCallingSettings.md @@ -17,7 +17,10 @@ | **ForwardingTargetType** | Write | String | The forwarding target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. Voicemail is only supported for Immediate forwarding. | `Group`, `MyDelegates`, `SingleTarget`, `Voicemail` | | **ForwardingTarget** | Write | String | The forwarding target. Supported types of values are ObjectId's, SIP addresses and phone numbers. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234. | | | **Ensure** | Write | String | Present ensures the policy exists, absent ensures it is removed. | `Present`, `Absent` | -| **Credential** | Required | PSCredential | Credentials of the Teams Global Admin. | | +| **Credential** | Write | PSCredential | Credentials of the Teams Global Admin. | | +| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | | +| **TenantId** | Write | String | Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com | | +| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | From 351c5c68c07db6e3655314e79542ff36be734495 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Feb 2024 15:05:29 -0500 Subject: [PATCH 61/69] Fixes Integration Tests --- CHANGELOG.md | 3 +++ .../MSFT_EXOMobileDeviceMailboxPolicy.psm1 | 1 + .../Examples/Resources/EXOMailboxPlan/2-Update.ps1 | 6 +++--- .../Resources/EXOMailboxSettings/2-Update.ps1 | 2 +- .../Resources/EXOOfflineAddressBook/1-Create.ps1 | 2 +- .../Resources/EXOOfflineAddressBook/2-Update.ps1 | 2 +- .../EXOOnPremisesOrganization/2-Update.ps1 | 14 +++++++------- .../Resources/EXOPartnerApplication/1-Create.ps1 | 1 + .../Resources/EXOPartnerApplication/2-Update.ps1 | 3 ++- .../EXOPerimeterConfiguration/2-Update.ps1 | 2 +- .../Resources/EXOQuarantinePolicy/1-Create.ps1 | 2 +- .../Resources/EXOQuarantinePolicy/2-Update.ps1 | 2 +- .../Resources/EXOQuarantinePolicy/3-Remove.ps1 | 2 +- .../Resources/EXORemoteDomain/2-Update.ps1 | 4 ++-- .../Resources/EXORoleAssignmentPolicy/2-Update.ps1 | 4 ++-- 15 files changed, 28 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f45b39e95..3f0e77a756 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,9 @@ * AADRoleEligibilityScheduleRequest * Fixed an issue where an error was thrown if no requests were found instead of simply returning the Null object. +* EXOMobileDeviceMailboxPolicy + * Fixes an issue where an empty MinPasswordLength value was always passed down + to the update logic flow. * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 2.13.1. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMobileDeviceMailboxPolicy/MSFT_EXOMobileDeviceMailboxPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMobileDeviceMailboxPolicy/MSFT_EXOMobileDeviceMailboxPolicy.psm1 index 870613162f..1b4cb79f54 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMobileDeviceMailboxPolicy/MSFT_EXOMobileDeviceMailboxPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMobileDeviceMailboxPolicy/MSFT_EXOMobileDeviceMailboxPolicy.psm1 @@ -739,6 +739,7 @@ function Set-TargetResource if ([System.String]::IsNullOrEmpty($MinPasswordLength)) { $NewMobileDeviceMailboxPolicyParams.Remove('MinPasswordLength') | Out-Null + $SetMobileDeviceMailboxPolicyParams.Remove('MinPasswordLength') | Out-Null } # CASE: Mobile Device Mailbox Policy doesn't exist but should; diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxPlan/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxPlan/2-Update.ps1 index 998d3222d6..280e394098 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxPlan/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxPlan/2-Update.ps1 @@ -17,11 +17,11 @@ Configuration Example EXOMailboxPlan 'ConfigureMailboxPlan' { Ensure = "Present"; - Identity = "Integration Plan"; - IssueWarningQuota = "98 GB (105,226,698,752 bytes)"; + Identity = "ExchangeOnlineEssentials"; + IssueWarningQuota = "15 GB (16,106,127,360 bytes)"; MaxReceiveSize = "25 MB (26,214,400 bytes)"; MaxSendSize = "25 MB (26,214,400 bytes)"; - ProhibitSendQuota = "99 GB (106,300,440,576 bytes)"; + ProhibitSendQuota = "15 GB (16,106,127,360 bytes)"; ProhibitSendReceiveQuota = "15 GB (16,106,127,360 bytes)"; # Updated Property RetainDeletedItemsFor = "14.00:00:00"; RoleAssignmentPolicy = "Default Role Assignment Policy"; diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxSettings/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxSettings/2-Update.ps1 index 91d0da31c2..7d1ec97214 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxSettings/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOMailboxSettings/2-Update.ps1 @@ -18,7 +18,7 @@ Configuration Example { EXOMailboxSettings 'OttawaTeamMailboxSettings' { - DisplayName = 'Ottawa Employees' + DisplayName = 'Conf Room Adams' TimeZone = 'Eastern Standard Time' Locale = 'en-US' # Updated Property Ensure = 'Present' diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/1-Create.ps1 index d59a79deae..01477e3204 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/1-Create.ps1 @@ -19,7 +19,7 @@ Configuration Example EXOOfflineAddressBook 'ConfigureOfflineAddressBook' { Name = "Integration Address Book" - AddressLists = @('\Offline Global Address List') + AddressLists = @('\All Users') DiffRetentionPeriod = "30" IsDefault = $true Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/2-Update.ps1 index 3a05445e78..0fe9391578 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOOfflineAddressBook/2-Update.ps1 @@ -19,7 +19,7 @@ Configuration Example EXOOfflineAddressBook 'ConfigureOfflineAddressBook' { Name = "Integration Address Book" - AddressLists = @('\Offline Global Address List') + AddressLists = @('\All Users') DiffRetentionPeriod = "30" IsDefault = $false # Updated Property Ensure = "Present" diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOOnPremisesOrganization/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOOnPremisesOrganization/2-Update.ps1 index 8f94e907b8..da8b029d11 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOOnPremisesOrganization/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOOnPremisesOrganization/2-Update.ps1 @@ -18,13 +18,13 @@ Configuration Example { EXOOnPremisesOrganization 'ConfigureOnPremisesOrganization' { - Identity = 'Contoso' - Comment = 'Mail for Contoso. Updated' # Updated Property - HybridDomains = 'contoso.com', 'sales.contoso.com' - InboundConnector = 'Inbound to Contoso' - OrganizationGuid = 'a1bc23cb-3456-bcde-abcd-feb363cacc88' - OrganizationName = 'Contoso' - OutboundConnector = 'Outbound to Contoso' + Identity = 'Integration' + Comment = 'Mail for Contoso - Updated' #Updated Property + HybridDomains = 'o365dsc.onmicrosoft.com' + InboundConnector = 'Integration Inbound Connector' + OrganizationGuid = 'e7a80bcf-696e-40ca-8775-a7f85fbb3ebc' + OrganizationName = 'O365DSC' + OutboundConnector = 'Contoso Outbound Connector' Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/1-Create.ps1 index a70e94d02c..f90d243abe 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/1-Create.ps1 @@ -19,6 +19,7 @@ Configuration Example { Name = "HRApp" ApplicationIdentifier = "00000006-0000-0dd1-ac00-000000000000" + AcceptSecurityIdentifierInformation = $true Enabled = $True Ensure = "Present" Credential = $Credscredential diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/2-Update.ps1 index a38a41068b..bf09619125 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPartnerApplication/2-Update.ps1 @@ -19,7 +19,8 @@ Configuration Example { Name = "HRApp" ApplicationIdentifier = "00000006-0000-0dd1-ac00-000000000000" - Enabled = $False # Updated Property + AcceptSecurityIdentifierInformation = $False # Updated Property + Enabled = $True Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/2-Update.ps1 index 6f4a9e1640..7a7f729945 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOPerimeterConfiguration/2-Update.ps1 @@ -18,7 +18,7 @@ Configuration Example EXOPerimeterConfiguration 'ConfigurePerimeterConfiguration' { IsSingleInstance = 'Yes' - GatewayIPAddresses = '123.0.0.1' + #GatewayIPAddresses = '123.0.0.1' Ensure = 'Present' Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/1-Create.ps1 index 03e8295d46..3acd8f9215 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/1-Create.ps1 @@ -20,7 +20,7 @@ Configuration Example { EndUserQuarantinePermissionsValue = 87; ESNEnabled = $False; - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/2-Update.ps1 index feb94715b4..6c5a45c055 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/2-Update.ps1 @@ -20,7 +20,7 @@ Configuration Example { EndUserQuarantinePermissionsValue = 87; ESNEnabled = $True; # Updated Property - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Present" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/3-Remove.ps1 index 0281fc3468..bc6b68e50e 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/3-Remove.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXOQuarantinePolicy/3-Remove.ps1 @@ -18,7 +18,7 @@ Configuration Example { EXOQuarantinePolicy 'ConfigureQuarantinePolicy' { - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Absent" Credential = $Credscredential } diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORemoteDomain/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORemoteDomain/2-Update.ps1 index 22d9d7249d..109dc72855 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXORemoteDomain/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORemoteDomain/2-Update.ps1 @@ -27,9 +27,9 @@ Configuration Example DisplaySenderName = $True DomainName = "contoso.com" IsInternal = $False - LineWrapSize = "Integration" + LineWrapSize = "Unlimited" MeetingForwardNotificationEnabled = $False - Name = "Default" + Name = "Integration" NonMimeCharacterSet = "iso-8859-1" PreferredInternetCodePageForShiftJis = "Undefined" TargetDeliveryDomain = $False diff --git a/Modules/Microsoft365DSC/Examples/Resources/EXORoleAssignmentPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/EXORoleAssignmentPolicy/2-Update.ps1 index 7005a4835f..b9166d8e45 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/EXORoleAssignmentPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/EXORoleAssignmentPolicy/2-Update.ps1 @@ -17,8 +17,8 @@ Configuration Example EXORoleAssignmentPolicy 'ConfigureRoleAssignmentPolicy' { Name = "Integration Policy" - Description = "This policy grants end users the permission to set their options in Outlook on the web and perform other self-administration tasks." - IsDefault = $False # Updated Property + Description = "Updated Description" # Updated Property + IsDefault = $True Roles = @("My Marketplace Apps","MyVoiceMail","MyDistributionGroups","MyRetentionPolicies","MyContactInformation","MyBaseOptions","MyTextMessaging","MyDistributionGroupMembership","MyProfileInformation","My Custom Apps","My ReadWriteMailbox Apps") Ensure = "Present" Credential = $Credscredential From 3daba2e4648ea3e22b481c300be454441f0bf16f Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Sat, 10 Feb 2024 14:38:47 +0000 Subject: [PATCH 62/69] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/exchange/EXOMailboxPlan.md | 6 +++--- docs/docs/resources/exchange/EXOMailboxSettings.md | 2 +- .../resources/exchange/EXOOfflineAddressBook.md | 4 ++-- .../exchange/EXOOnPremisesOrganization.md | 14 +++++++------- .../resources/exchange/EXOPartnerApplication.md | 4 +++- .../exchange/EXOPerimeterConfiguration.md | 2 +- .../docs/resources/exchange/EXOQuarantinePolicy.md | 6 +++--- docs/docs/resources/exchange/EXORemoteDomain.md | 4 ++-- .../resources/exchange/EXORoleAssignmentPolicy.md | 4 ++-- 9 files changed, 24 insertions(+), 22 deletions(-) diff --git a/docs/docs/resources/exchange/EXOMailboxPlan.md b/docs/docs/resources/exchange/EXOMailboxPlan.md index a73658b8ad..a71b4df323 100644 --- a/docs/docs/resources/exchange/EXOMailboxPlan.md +++ b/docs/docs/resources/exchange/EXOMailboxPlan.md @@ -62,11 +62,11 @@ Configuration Example EXOMailboxPlan 'ConfigureMailboxPlan' { Ensure = "Present"; - Identity = "Integration Plan"; - IssueWarningQuota = "98 GB (105,226,698,752 bytes)"; + Identity = "ExchangeOnlineEssentials"; + IssueWarningQuota = "15 GB (16,106,127,360 bytes)"; MaxReceiveSize = "25 MB (26,214,400 bytes)"; MaxSendSize = "25 MB (26,214,400 bytes)"; - ProhibitSendQuota = "99 GB (106,300,440,576 bytes)"; + ProhibitSendQuota = "15 GB (16,106,127,360 bytes)"; ProhibitSendReceiveQuota = "15 GB (16,106,127,360 bytes)"; # Updated Property RetainDeletedItemsFor = "14.00:00:00"; RoleAssignmentPolicy = "Default Role Assignment Policy"; diff --git a/docs/docs/resources/exchange/EXOMailboxSettings.md b/docs/docs/resources/exchange/EXOMailboxSettings.md index 13089584c9..cefefccc2b 100644 --- a/docs/docs/resources/exchange/EXOMailboxSettings.md +++ b/docs/docs/resources/exchange/EXOMailboxSettings.md @@ -60,7 +60,7 @@ Configuration Example { EXOMailboxSettings 'OttawaTeamMailboxSettings' { - DisplayName = 'Ottawa Employees' + DisplayName = 'Conf Room Adams' TimeZone = 'Eastern Standard Time' Locale = 'en-US' # Updated Property Ensure = 'Present' diff --git a/docs/docs/resources/exchange/EXOOfflineAddressBook.md b/docs/docs/resources/exchange/EXOOfflineAddressBook.md index cb89dae984..fa73a78e70 100644 --- a/docs/docs/resources/exchange/EXOOfflineAddressBook.md +++ b/docs/docs/resources/exchange/EXOOfflineAddressBook.md @@ -60,7 +60,7 @@ Configuration Example EXOOfflineAddressBook 'ConfigureOfflineAddressBook' { Name = "Integration Address Book" - AddressLists = @('\Offline Global Address List') + AddressLists = @('\All Users') DiffRetentionPeriod = "30" IsDefault = $true Ensure = "Present" @@ -92,7 +92,7 @@ Configuration Example EXOOfflineAddressBook 'ConfigureOfflineAddressBook' { Name = "Integration Address Book" - AddressLists = @('\Offline Global Address List') + AddressLists = @('\All Users') DiffRetentionPeriod = "30" IsDefault = $false # Updated Property Ensure = "Present" diff --git a/docs/docs/resources/exchange/EXOOnPremisesOrganization.md b/docs/docs/resources/exchange/EXOOnPremisesOrganization.md index 9a5dcd5078..c99234621e 100644 --- a/docs/docs/resources/exchange/EXOOnPremisesOrganization.md +++ b/docs/docs/resources/exchange/EXOOnPremisesOrganization.md @@ -116,13 +116,13 @@ Configuration Example { EXOOnPremisesOrganization 'ConfigureOnPremisesOrganization' { - Identity = 'Contoso' - Comment = 'Mail for Contoso. Updated' # Updated Property - HybridDomains = 'contoso.com', 'sales.contoso.com' - InboundConnector = 'Inbound to Contoso' - OrganizationGuid = 'a1bc23cb-3456-bcde-abcd-feb363cacc88' - OrganizationName = 'Contoso' - OutboundConnector = 'Outbound to Contoso' + Identity = 'Integration' + Comment = 'Mail for Contoso - Updated' #Updated Property + HybridDomains = 'o365dsc.onmicrosoft.com' + InboundConnector = 'Integration Inbound Connector' + OrganizationGuid = 'e7a80bcf-696e-40ca-8775-a7f85fbb3ebc' + OrganizationName = 'O365DSC' + OutboundConnector = 'Contoso Outbound Connector' Ensure = 'Present' Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOPartnerApplication.md b/docs/docs/resources/exchange/EXOPartnerApplication.md index e7830f4f35..ef140ee08c 100644 --- a/docs/docs/resources/exchange/EXOPartnerApplication.md +++ b/docs/docs/resources/exchange/EXOPartnerApplication.md @@ -61,6 +61,7 @@ Configuration Example { Name = "HRApp" ApplicationIdentifier = "00000006-0000-0dd1-ac00-000000000000" + AcceptSecurityIdentifierInformation = $true Enabled = $True Ensure = "Present" Credential = $Credscredential @@ -91,7 +92,8 @@ Configuration Example { Name = "HRApp" ApplicationIdentifier = "00000006-0000-0dd1-ac00-000000000000" - Enabled = $False # Updated Property + AcceptSecurityIdentifierInformation = $False # Updated Property + Enabled = $True Ensure = "Present" Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOPerimeterConfiguration.md b/docs/docs/resources/exchange/EXOPerimeterConfiguration.md index 921f997dde..3b82181618 100644 --- a/docs/docs/resources/exchange/EXOPerimeterConfiguration.md +++ b/docs/docs/resources/exchange/EXOPerimeterConfiguration.md @@ -56,7 +56,7 @@ Configuration Example EXOPerimeterConfiguration 'ConfigurePerimeterConfiguration' { IsSingleInstance = 'Yes' - GatewayIPAddresses = '123.0.0.1' + #GatewayIPAddresses = '123.0.0.1' Ensure = 'Present' Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXOQuarantinePolicy.md b/docs/docs/resources/exchange/EXOQuarantinePolicy.md index 86ee5e75f5..c4b147b75a 100644 --- a/docs/docs/resources/exchange/EXOQuarantinePolicy.md +++ b/docs/docs/resources/exchange/EXOQuarantinePolicy.md @@ -69,7 +69,7 @@ Configuration Example { EndUserQuarantinePermissionsValue = 87; ESNEnabled = $False; - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Present" Credential = $Credscredential } @@ -100,7 +100,7 @@ Configuration Example { EndUserQuarantinePermissionsValue = 87; ESNEnabled = $True; # Updated Property - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Present" Credential = $Credscredential } @@ -129,7 +129,7 @@ Configuration Example { EXOQuarantinePolicy 'ConfigureQuarantinePolicy' { - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Absent" Credential = $Credscredential } diff --git a/docs/docs/resources/exchange/EXORemoteDomain.md b/docs/docs/resources/exchange/EXORemoteDomain.md index 3237473427..c3d5db54c0 100644 --- a/docs/docs/resources/exchange/EXORemoteDomain.md +++ b/docs/docs/resources/exchange/EXORemoteDomain.md @@ -132,9 +132,9 @@ Configuration Example DisplaySenderName = $True DomainName = "contoso.com" IsInternal = $False - LineWrapSize = "Integration" + LineWrapSize = "Unlimited" MeetingForwardNotificationEnabled = $False - Name = "Default" + Name = "Integration" NonMimeCharacterSet = "iso-8859-1" PreferredInternetCodePageForShiftJis = "Undefined" TargetDeliveryDomain = $False diff --git a/docs/docs/resources/exchange/EXORoleAssignmentPolicy.md b/docs/docs/resources/exchange/EXORoleAssignmentPolicy.md index 1b483a8b3b..fdfcda774f 100644 --- a/docs/docs/resources/exchange/EXORoleAssignmentPolicy.md +++ b/docs/docs/resources/exchange/EXORoleAssignmentPolicy.md @@ -87,8 +87,8 @@ Configuration Example EXORoleAssignmentPolicy 'ConfigureRoleAssignmentPolicy' { Name = "Integration Policy" - Description = "This policy grants end users the permission to set their options in Outlook on the web and perform other self-administration tasks." - IsDefault = $False # Updated Property + Description = "Updated Description" # Updated Property + IsDefault = $True Roles = @("My Marketplace Apps","MyVoiceMail","MyDistributionGroups","MyRetentionPolicies","MyContactInformation","MyBaseOptions","MyTextMessaging","MyDistributionGroupMembership","MyProfileInformation","My Custom Apps","My ReadWriteMailbox Apps") Ensure = "Present" Credential = $Credscredential From 8173d026c06a7e96666228fd4c5761d6aaa6e191 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Sat, 10 Feb 2024 14:41:29 +0000 Subject: [PATCH 63/69] Updated {Create} EXO Integration Tests --- .../Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 index 4dd7a69343..7f5f58570e 100644 --- a/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 +++ b/Tests/Integration/Microsoft365DSC/M365DSCIntegration.EXO.Create.Tests.ps1 @@ -468,7 +468,7 @@ EXOOfflineAddressBook 'ConfigureOfflineAddressBook' { Name = "Integration Address Book" - AddressLists = @('\Offline Global Address List') + AddressLists = @('\All Users') DiffRetentionPeriod = "30" IsDefault = $true Ensure = "Present" @@ -619,6 +619,7 @@ { Name = "HRApp" ApplicationIdentifier = "00000006-0000-0dd1-ac00-000000000000" + AcceptSecurityIdentifierInformation = $true Enabled = $True Ensure = "Present" Credential = $Credscredential @@ -650,7 +651,7 @@ { EndUserQuarantinePermissionsValue = 87; ESNEnabled = $False; - Identity = "$Domain\DefaultFullAccessPolicy"; + Identity = "$Domain\IntegrationPolicy"; Ensure = "Present" Credential = $Credscredential } From d3d81cc8761aca75bb0fd0f4ab0084c0d6123b67 Mon Sep 17 00:00:00 2001 From: Vasily Date: Mon, 12 Feb 2024 13:44:16 +0100 Subject: [PATCH 64/69] Update MSFT_AADGroup.psm1 fixed and removed an extra bracket in line #1103 if ($matchConditionFound -or $Filter -like "*endsWith*") --- .../DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index e8b08e2411..c000517482 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -1100,7 +1100,7 @@ function Export-TargetResource } # If any attribute matches, add parameters to $ExportParameters - if ($matchConditionFound -or $Filter -like "*endsWith*")) { + if ($matchConditionFound -or $Filter -like "*endsWith*") { $ExportParameters.Add('CountVariable', 'count') $ExportParameters.Add('ConsistencyLevel', 'eventual') } From c2e85e9fb6b44131c257a0b8475aeeee270244c3 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 12 Feb 2024 16:32:07 -0500 Subject: [PATCH 65/69] Updated MSCloudLoginAssistant --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 8 ++++---- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f0e77a756..32b95f5ffb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ to the update logic flow. * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 2.13.1. + * Updated MSCloudLoginAssistant to version 1.1.12. # 1.24.207.2 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 5c97f552db..225218fe2f 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.11" + RequiredVersion = "1.1.12" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index d83b9d82c6..40a70a65d9 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -897,7 +897,8 @@ function Test-M365DSCParameterState { $EventMessage = [System.Text.StringBuilder]::New() $EventMessage.Append("`r`n") | Out-Null - $EventMessage.Append(" `r`n") | Out-Null + $TenantName = Get-M365DSCTenantNameFromParameterSet -ParameterSet $DesiredValues + $EventMessage.Append(" `r`n") | Out-Null $EventMessage.Append(" `r`n") | Out-Null foreach ($key in $DriftedParameters.Keys) @@ -917,7 +918,6 @@ function Test-M365DSCParameterState $driftedData.Add('CurrentValue', [string]($CurrentValues[$key])) $driftedData.Add('DesiredValue', [string]($DesiredValues[$key])) } - $TenantName = Get-M365DSCTenantNameFromParameterSet -ParameterSet $DesiredValues $driftedData.Add('Tenant', $TenantName) $driftedData.Add('Resource', $source.Split('_')[1]) Add-M365DSCTelemetryEvent -Type 'DriftInfo' -Data $driftedData @@ -3771,11 +3771,11 @@ function Get-M365DSCAuthenticationMode { $AuthenticationType = 'ServicePrincipalWithPath' } - elseif ($Parameters.Credentials -and $Parameters.ApplicationId) + elseif ($Parameters.Credential -and $Parameters.ApplicationId) { $AuthenticationType = 'CredentialsWithApplicationId' } - elseif ($Parameters.Credentials) + elseif ($Parameters.Credential) { $AuthenticationType = 'Credentials' } From 1b9fc96726e45c0f14642e129eb9195d6cb41e63 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 13 Feb 2024 09:23:53 -0500 Subject: [PATCH 66/69] Updated MSCloudLoginAssistant --- CHANGELOG.md | 2 +- Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 | 2 +- .../Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 | 7 +++++-- Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 | 8 ++++---- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32b95f5ffb..8a5b0afdef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ to the update logic flow. * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 2.13.1. - * Updated MSCloudLoginAssistant to version 1.1.12. + * Updated MSCloudLoginAssistant to version 1.1.13. # 1.24.207.2 diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 225218fe2f..39b260bc2f 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -86,7 +86,7 @@ }, @{ ModuleName = "MSCloudLoginAssistant" - RequiredVersion = "1.1.12" + RequiredVersion = "1.1.13" }, @{ ModuleName = 'PnP.PowerShell' diff --git a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 index de0b2dc117..6514eb30e3 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCLogEngine.psm1 @@ -80,7 +80,7 @@ function New-M365DSCLogEntry #region Telemetry $driftedData = [System.Collections.Generic.Dictionary[[String], [String]]]::new() - $driftedData.Add('Event', 'Error') + $driftedData.Add('M365DSCOperation', 'Error') $driftedData.Add('CustomMessage', $Message) $driftedData.Add('Source', $Source) diff --git a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 index f42225a049..23c203d16a 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCTelemetryEngine.psm1 @@ -216,7 +216,9 @@ function Add-M365DSCTelemetryEvent { $Data.Add('M365DSCOperation', 'Export') } - elseif ($LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.') + elseif ($LCMInfo.LCMStateDetail -eq 'LCM is performing a consistency check.' -or ` + $LCMInfo.LCMStateDetail -eq 'LCM exécute une vérification de cohérence.' -or ` + $LCMInfo.LCMStateDetail -eq 'LCM führt gerade eine Konsistenzüberprüfung durch.') { $Data.Add('M365DSCOperation', 'MonitoringScheduled') } @@ -224,7 +226,8 @@ function Add-M365DSCTelemetryEvent { $Data.Add('M365DSCOperation', 'MonitoringManual') } - elseif ($LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.') + elseif ($LCMInfo.LCMStateDetail -eq 'LCM is applying a new configuration.' -or ` + $LCMInfo.LCMStateDetail -eq 'LCM applique une nouvelle configuration.') { $Data.Add('M365DSCOperation', 'ApplyingConfiguration') } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 40a70a65d9..2b3ab15ca4 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1256,7 +1256,7 @@ function Export-M365DSCConfiguration #region Telemetry $data = [System.Collections.Generic.Dictionary[[String], [String]]]::new() - $data.Add('Event', 'Extraction') + $data.Add('M365DSCOperation', 'Extraction') $data.Add('Path', [System.String]::IsNullOrEmpty($Path)) $data.Add('FileName', $null -ne [System.String]::IsNullOrEmpty($FileName)) @@ -1718,7 +1718,7 @@ function New-M365DSCConnection { $message = 'Both Authentication methods are attempted' Write-Verbose -Message $message - $data.Add('Event', 'Error') + $data.Add('M365DSCOperation', 'Error') $data.Add('Exception', $message) $errorText = "You can't specify both the Credential and CertificateThumbprint" $data.Add('CustomMessage', $errorText) @@ -1735,7 +1735,7 @@ function New-M365DSCConnection $message = 'No Authentication method was provided' Write-Verbose -Message $message $message += "`r`nProvided Keys --> $($InboundParameters.Keys)" - $data.Add('Event', 'Error') + $data.Add('M365DSCOperation', 'Error') $data.Add('Exception', $message) $errorText = 'You must specify either the Credential or ApplicationId, TenantId and CertificateThumbprint parameters.' $data.Add('CustomMessage', $errorText) @@ -1875,7 +1875,7 @@ function New-M365DSCConnection $message = 'No Authentication method was provided' Write-Verbose -Message $message $message += "`r`nProvided Keys --> $($InboundParameters.Keys)" - $data.Add('Event', 'Error') + $data.Add('M365DSCOperation', 'Error') $data.Add('Exception', $message) $errorText = 'You must specify either the Credential or ApplicationId, TenantId and CertificateThumbprint parameters.' $data.Add('CustomMessage', $errorText) From cf116c5ca356495504656b29f5d390d3bdfd1f30 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Wed, 14 Feb 2024 08:30:31 -0500 Subject: [PATCH 67/69] Updated DSCParser --- CHANGELOG.md | 1 + Modules/Microsoft365DSC/Dependencies/Manifest.psd1 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a5b0afdef..f005547c25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ * Fixes an issue where an empty MinPasswordLength value was always passed down to the update logic flow. * DEPENDENCIES + * Updated DSCParser to version 1.4.0.2. * Updated Microsoft.Graph dependencies to version 2.13.1. * Updated MSCloudLoginAssistant to version 1.1.13. diff --git a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 index 39b260bc2f..437b3cc54f 100644 --- a/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 +++ b/Modules/Microsoft365DSC/Dependencies/Manifest.psd1 @@ -2,7 +2,7 @@ Dependencies = @( @{ ModuleName = 'DSCParser' - RequiredVersion = '1.4.0.1' + RequiredVersion = '1.4.0.2' }, @{ ModuleName = 'ExchangeOnlineManagement' From 4f6637e1952efb51ecc17f95d0d54db3a745795b Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 14 Feb 2024 15:01:48 +0000 Subject: [PATCH 68/69] Updated Resources and Cmdlet documentation pages --- docs/docs/resources/intune/IntuneAppConfigurationPolicy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md b/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md index 4e60a0ee8f..cecb30f398 100644 --- a/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md +++ b/docs/docs/resources/intune/IntuneAppConfigurationPolicy.md @@ -4,6 +4,7 @@ | Parameter | Attribute | DataType | Description | Allowed Values | | --- | --- | --- | --- | --- | +| **Id** | Write | String | Key of the entity. Read-Only. | | | **DisplayName** | Key | String | Display name of the app configuration policy. | | | **Description** | Write | String | Description of the app configuration policy. | | | **Assignments** | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Assignments of the Intune Policy. | | From 6db47741d8571095ccd82736148e104174fb3d46 Mon Sep 17 00:00:00 2001 From: NikCharlebois Date: Wed, 14 Feb 2024 16:06:15 +0000 Subject: [PATCH 69/69] Updated Resources and Cmdlet documentation pages --- .../SCDLPComplianceRule.md | 71 ++++++++++--------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md index 0d09c8ef2e..6e2890ec62 100644 --- a/docs/docs/resources/security-compliance/SCDLPComplianceRule.md +++ b/docs/docs/resources/security-compliance/SCDLPComplianceRule.md @@ -8,7 +8,7 @@ | **Policy** | Required | String | Name of the associated DLP Compliance Policy. | | | **AccessScope** | Write | String | The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. | `InOrganization`, `NotInOrganization`, `None` | | **BlockAccess** | Write | Boolean | The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value. | | -| **BlockAccessScope** | Write | String | The BlockAccessScope parameter specifies the scope of the block access action. | `All`, `PerUser` | +| **BlockAccessScope** | Write | String | The BlockAccessScope parameter specifies the scope of the block access action. | `All`, `PerUser`, `None` | | **Comment** | Write | String | The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks. | | | **ContentContainsSensitiveInformation** | Write | MSFT_SCDLPContainsSensitiveInformation | The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type. | | | **ExceptIfContentContainsSensitiveInformation** | Write | MSFT_SCDLPContainsSensitiveInformation | The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type. | | @@ -42,42 +42,43 @@ | **ExceptIfProcessingLimitExceeded** | Write | Boolean | The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn't complete. | | | **DocumentIsPasswordProtected** | Write | Boolean | The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. | | | **ExceptIfDocumentIsPasswordProtected** | Write | Boolean | The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. | | +| **MessageTypeMatches** | Write | StringArray[] | The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns. | | +| **FromScope** | Write | StringArray[] | The FromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule. | | +| **ExceptIfFromScope** | Write | StringArray[] | The ExceptIfFromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule. | | +| **SubjectContainsWords** | Write | StringArray[] | The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas. | | +| **SubjectMatchesPatterns** | Write | StringArray[] | The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions. | | +| **SubjectOrBodyContainsWords** | Write | StringArray[] | The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages. | | +| **SubjectOrBodyMatchesPatterns** | Write | StringArray[] | The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages. | | +| **ContentCharacterSetContainsWords** | Write | StringArray[] | The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas. | | +| **DocumentNameMatchesPatterns** | Write | StringArray[] | The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions. | | +| **DocumentNameMatchesWords** | Write | StringArray[] | The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. | | +| **ExceptIfAnyOfRecipientAddressContainsWords** | Write | StringArray[] | he ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses. | | +| **ExceptIfAnyOfRecipientAddressMatchesPatterns** | Write | StringArray[] | The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions. | | +| **ExceptIfContentCharacterSetContainsWords** | Write | StringArray[] | The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages. | | +| **ExceptIfContentPropertyContainsWords** | Write | StringArray[] | The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content. | | +| **ExceptIfDocumentNameMatchesPatterns** | Write | StringArray[] | The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions. | | +| **ExceptIfDocumentNameMatchesWords** | Write | StringArray[] | The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments. | | +| **ExceptIfFromAddressContainsWords** | Write | StringArray[] | The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address. | | +| **ExceptIfFromAddressMatchesPatterns** | Write | StringArray[] | The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. | | +| **FromAddressContainsWords** | Write | StringArray[] | The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address. | | +| **FromAddressMatchesPatterns** | Write | StringArray[] | The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. | | +| **ExceptIfMessageTypeMatches** | Write | StringArray[] | The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type. | | +| **RecipientDomainIs** | Write | StringArray[] | The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains. | | +| **ExceptIfRecipientDomainIs** | Write | StringArray[] | The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains. | | +| **ExceptIfSenderDomainIs** | Write | StringArray[] | The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. | | +| **ExceptIfSenderIPRanges** | Write | StringArray[] | The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges. | | +| **ExceptIfSentTo** | Write | StringArray[] | The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address. | | +| **ExceptIfSubjectContainsWords** | Write | StringArray[] | The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages. | | +| **ExceptIfSubjectMatchesPatterns** | Write | StringArray[] | The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions. | | +| **ExceptIfSubjectOrBodyContainsWords** | Write | StringArray[] | The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages. | | +| **ExceptIfSubjectOrBodyMatchesPatterns** | Write | StringArray[] | The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages. | | +| **DocumentContainsWords** | Write | StringArray[] | The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked. | | +| **SentToMemberOf** | Write | StringArray[] | The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. | | +| **ContentIsNotLabeled** | Write | Boolean | The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition. | | +| **SetHeader** | Write | StringArray[] | The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas | | | **ContentExtensionMatchesWords** | Write | StringArray[] | The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | | | **ExceptIfContentExtensionMatchesWords** | Write | StringArray[] | The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas. | | -| **MessageTypeMatches** | Write | StringArray[] | The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns.| | -| **FromScope** | Write | StringArray[] | The FromScope parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.| | -| **ExceptIfFromScope** | Write | StringArray[] | The parameter specifies wether messages from inside or outside the organisation are in scope for the DLP rule.| | -| **SubjectContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.| | -| **SubjectMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.| | -| **SubjectOrBodyContainsWords** | Write | StringArray[] | The parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.| | -| **SubjectOrBodyMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages.| | -| **ContentCharacterSetContainsWords** | Write | StringArray[] | The parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.| | -| **DocumentNameMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.| | -| **DocumentNameMatchesWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. | | -**ExceptIfAnyOfRecipientAddressContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses.| | -| **ExceptIfAnyOfRecipientAddressMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.| | -| **ExceptIfContentCharacterSetContainsWords** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for character set names in messages.| | -| **ExceptIfContentPropertyContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that's based on a property match in content.| | -| **ExceptIfDocumentNameMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.| | -| **ExceptIfDocumentNameMatchesWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments.| | -| **ExceptIfFromAddressContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address.| | -| **ExceptIfFromAddressMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions.| | -| **FromAddressContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address.| | -| **FromAddressMatchesPatterns** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. | | -| **ExceptIfMessageTypeMatches** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for messages of the specified type.| | -| **RecipientDomainIs** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains.| | -| **ExceptIfRecipientDomainIs** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains.| | -| **ExceptIfSenderDomainIs** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. | | -| **ExceptIfSenderIpRanges** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.| | -| **ExceptIfSentTo** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address.| | -| **ExceptIfSubjectContainsWords** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages.| | -| **ExceptIfSubjectMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.| | -| **ExceptIfSubjectOrBodyContainsWords** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.| | -| **ExceptIfSubjectOrBodyMatchesPatterns** | Write | StringArray[] | The parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages.| | -| **DocumentContainsWords** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.| | -| **SentToMemberOf** | Write | StringArray[] | The parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.| | -| **ContentIsNotLabeled** | Write | Boolean | The parameter specifies if the content is labeled. A True or False condition. | | -| **SetHeader** | Write | StringArray[] | The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas| | + ### MSFT_SCDLPSensitiveInformation #### Parameters