Skip to content

Commit

Permalink
added groupDisplayName support to an additional 7 resources and to al…
Browse files Browse the repository at this point in the history 
…lDevices/allUsers groups
  • Loading branch information
@William-Francillette
William-Francillette committed Feb 27, 2024
1 parent bd8b07b commit 6511193
Show file tree
Hide file tree
Showing 16 changed files with 409 additions and 228 deletions.
42 changes: 29 additions & 13 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,31 +3,47 @@
# UNRELEASED

* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneAccountProtectionLocalUserGroupMembershipPolicy
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneAccountProtectionPolicy
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneAntivirusPolicyWindows10SettingCatalog
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneAppConfigurationPolicy
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneApplicationControlPolicyWindows10
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneASRRulesPolicyWindows10
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceCompliancePolicyAndroid
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceCompliancePolicyAndroidDeviceOwner
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceCompliancePolicyAndroidWorkProfile
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceCompliancePolicyiOs
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceCompliancePolicyMacOS
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceCompliancePolicyWindows10
* Added support for assignment GroupDisplayName
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationCustomPolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationDomainJoinPolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationEmailProfilePolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* IntuneDeviceConfigurationEndpointProtectionPolicyWindows10
* Added support for assignment GroupDisplayName and improve error handling from Get-TargetResource
* M365DSCDRGUtil
* Added support for groupDisplayName to all devices and all users groups
* AADApplication
* Show current values of resource in Test-TargetResource
* AADAuthorizationPolicy
Expand Down
51 changes: 34 additions & 17 deletions ...ePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,14 +94,19 @@ function Get-TargetResource
$getValue = Get-MgBetaDeviceManagementGroupPolicyConfiguration `
-Filter "DisplayName eq '$DisplayName'" `
-ErrorAction SilentlyContinue
if ($null -eq $getValue)
{
Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}"
return $nullResult
}
if(([array]$getValue).count -gt 1)
{
throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique"
}
}
}
#endregion
if ($null -eq $getValue)
{
Write-Verbose -Message "Could not find an Intune Device Configuration Administrative Template Policy for Windows10 with DisplayName {$DisplayName}"
return $nullResult
}

$Id = $getValue.Id
Write-Verbose -Message "An Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found."

Expand Down Expand Up @@ -227,19 +232,15 @@ function Get-TargetResource
Managedidentity = $ManagedIdentity.IsPresent
#endregion
}
$assignmentsValues = Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment -GroupPolicyConfigurationId $Id
$assignmentResult = @()
foreach ($assignmentEntry in $AssignmentsValues)
$returnAssignments = @()
$graphAssignments = Get-MgBetaDeviceManagementGroupPolicyConfigurationAssignment -GroupPolicyConfigurationId $Id
if ($graphAssignments.count -gt 0)
{
$assignmentValue = @{
dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
deviceAndAppManagementAssignmentFilterType = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()
deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId
groupId = $assignmentEntry.Target.AdditionalProperties.groupId
}
$assignmentResult += $assignmentValue
$returnAssignments += ConvertFrom-IntunePolicyAssignment `
-IncludeDeviceFilter:$true `
-Assignments ($graphAssignments)
}
$results.Add('Assignments', $assignmentResult)
$results.Add('Assignments', $returnAssignments)

return $results
}
Expand All @@ -261,6 +262,7 @@ function Get-TargetResource
-TenantId $TenantId `
-Credential $Credential
}
$nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult
return $nullResult
}
}
Expand Down Expand Up @@ -665,6 +667,11 @@ function Test-TargetResource
Write-Verbose -Message "Testing configuration of the Intune Device Configuration Administrative Template Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}"

$CurrentValues = Get-TargetResource @PSBoundParameters
if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $CurrentValues))
{
Write-Verbose "An error occured in Get-TargetResource, the policy {$displayName} will not be processed"
throw "An error occured in Get-TargetResource, the policy {$displayName} will not be processed. Refer to the event viewer logs for more information."
}

$ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()

Expand Down Expand Up @@ -714,6 +721,11 @@ function Test-TargetResource
-Source ($source) `
-Target ($target)

if ($key -eq 'Assignments')
{
$testResult = Compare-M365DSCIntunePolicyAssignment -Source $source -Target $target
}

if (-Not $testResult)
{
$testResult = $false
Expand Down Expand Up @@ -835,7 +847,12 @@ function Export-TargetResource
Managedidentity = $ManagedIdentity.IsPresent
}

$Results = Get-TargetResource @Params
$Results = Get-TargetResource @params
if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results))
{
Write-Verbose "An error occured in Get-TargetResource, the policy {$($params.displayName)} will not be processed"
throw "An error occured in Get-TargetResource, the policy {$($params.displayName)} will not be processed. Refer to the event viewer logs for more information."
}
$Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
-Results $Results

Expand Down
10 changes: 8 additions & 2 deletions ...sources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@
"graph": {
"delegated": {
"read": [
{
{
"name": "Group.Read.All"
},
{
"name": "DeviceManagementConfiguration.Read.All"
}
],
Expand All @@ -17,7 +20,10 @@
},
"application": {
"read": [
{
{
"name": "Group.Read.All"
},
{
"name": "DeviceManagementConfiguration.Read.All"
}
],
Expand Down
55 changes: 36 additions & 19 deletions ...nfigurationCustomPolicyWindows10/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,14 +96,20 @@ function Get-TargetResource
-FilterScript { `
$_.AdditionalProperties.'@odata.type' -eq "#microsoft.graph.windows10CustomConfiguration" `
}

if ($null -eq $getValue)
{
Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}"
return $nullResult
}
if(([array]$getValue).count -gt 1)
{
throw "A policy with a duplicated displayName {'$DisplayName'} was found - Ensure displayName is unique"
}
}
}
#endregion
if ($null -eq $getValue)
{
Write-Verbose -Message "Could not find an Intune Device Configuration Custom Policy for Windows10 with DisplayName {$DisplayName}"
return $nullResult
}

$Id = $getValue.Id
Write-Verbose -Message "An Intune Device Configuration Custom Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found."

Expand Down Expand Up @@ -166,20 +172,16 @@ function Get-TargetResource
Managedidentity = $ManagedIdentity.IsPresent
#endregion
}
$assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id
$assignmentResult = @()
foreach ($assignmentEntry in $AssignmentsValues)

$returnAssignments = @()
$graphAssignments = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id
if ($graphAssignments.count -gt 0)
{
$assignmentValue = @{
dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type'
deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType)
{$assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString()})
deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId
groupId = $assignmentEntry.Target.AdditionalProperties.groupId
}
$assignmentResult += $assignmentValue
$returnAssignments += ConvertFrom-IntunePolicyAssignment `
-IncludeDeviceFilter:$true `
-Assignments ($graphAssignments)
}
$results.Add('Assignments', $assignmentResult)
$results.Add('Assignments', $returnAssignments)

return [System.Collections.Hashtable] $results
}
Expand All @@ -191,7 +193,8 @@ function Get-TargetResource
-TenantId $TenantId `
-Credential $Credential

return $nullResult
$nullResult = Clear-M365DSCAuthenticationParameter -BoundParameters $nullResult
return $nullResult
}
}

Expand Down Expand Up @@ -447,6 +450,11 @@ function Test-TargetResource
Write-Verbose -Message "Testing configuration of the Intune Device Configuration Custom Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}"

$CurrentValues = Get-TargetResource @PSBoundParameters
if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $CurrentValues))
{
Write-Verbose "An error occured in Get-TargetResource, the policy {$displayName} will not be processed"
throw "An error occured in Get-TargetResource, the policy {$displayName} will not be processed. Refer to the event viewer logs for more information."
}
$ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()

if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure)
Expand All @@ -469,6 +477,10 @@ function Test-TargetResource
-Source ($source) `
-Target ($target)

if ($key -eq 'Assignments')
{
$testResult = Compare-M365DSCIntunePolicyAssignment -Source $source -Target $target
}
if (-Not $testResult)
{
$testResult = $false
Expand Down Expand Up @@ -588,7 +600,12 @@ function Export-TargetResource
Managedidentity = $ManagedIdentity.IsPresent
}

$Results = Get-TargetResource @Params
$Results = Get-TargetResource @params
if (-not (Test-M365DSCAuthenticationParameter -BoundParameters $Results))
{
Write-Verbose "An error occured in Get-TargetResource, the policy {$($params.displayName)} will not be processed"
throw "An error occured in Get-TargetResource, the policy {$($params.displayName)} will not be processed. Refer to the event viewer logs for more information."
}
$Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
-Results $Results
if ($null -ne $Results.OmaSettings)
Expand Down
12 changes: 9 additions & 3 deletions ...soft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationCustomPolicyWindows10/settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@
"graph": {
"delegated": {
"read": [
{
{
"name": "Group.Read.All"
},
{
"name": "DeviceManagementConfiguration.Read.All"
}
],
Expand All @@ -16,8 +19,11 @@
]
},
"application": {
"read": [
{
"read": [
{
"name": "Group.Read.All"
},
{
"name": "DeviceManagementConfiguration.Read.All"
}
],
Expand Down
Loading

0 comments on commit 6511193

Please sign in to comment.