diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.schema.mof deleted file mode 100644 index 84e4403ae3..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.schema.mof +++ /dev/null @@ -1,49 +0,0 @@ -[ClassVersion("1.0.0.0")] -class MSFT_DeviceManagementConfigurationPolicyAssignments -{ - [Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType; - [Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType; - [Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId; - [Write, Description("The group Id that is the target of the assignment.")] String groupId; - [Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName; - [Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphAndroidPermissionAction -{ - [Write, Description("Type of Android permission action. Possible values are: prompt, autoGrant, autoDeny."), ValueMap{"prompt","autoGrant","autoDeny"}, Values{"prompt","autoGrant","autoDeny"}] String Action; - [Write, Description("Android permission string, defined in the official Android documentation. Example 'android.permission.READ_CONTACTS'.")] String Permission; -}; -[ClassVersion("1.0.0")] -class MSFT_MicrosoftGraphAppConfigurationSettingItem -{ - [Write, Description("app configuration key.")] String AppConfigKey; - [Write, Description("app configuration key type. Possible values are: stringType, integerType, realType, booleanType, tokenType."), ValueMap{"stringType","integerType","realType","booleanType","tokenType"}, Values{"stringType","integerType","realType","booleanType","tokenType"}] String AppConfigKeyType; - [Write, Description("app configuration key value.")] String AppConfigKeyValue; -}; - -[ClassVersion("1.0.0.0"), FriendlyName("IntuneAppConfigurationDevicePolicy")] -class MSFT_IntuneAppConfigurationDevicePolicy : OMI_BaseResource -{ - [Write, Description("Setting to specify whether to allow ConnectedApps experience for this Android app.")] Boolean ConnectedAppsEnabled; - [Write, Description("Android Enterprise app configuration package id.")] String PackageId; - [Write, Description("Android Enterprise app configuration JSON payload.")] String PayloadJson; - [Write, Description("List of Android app permissions and corresponding permission actions."), EmbeddedInstance("MSFT_MicrosoftGraphandroidPermissionAction")] String PermissionActions[]; - [Write, Description("Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner."), ValueMap{"default","androidWorkProfile","androidDeviceOwner"}, Values{"default","androidWorkProfile","androidDeviceOwner"}] String ProfileApplicability; - [Write, Description("Mdm iOS app configuration Base64 binary. Must not be an empty string if specified.")] String EncodedSettingXml; - [Write, Description("iOS app configuration setting items. Must not be an empty collection if specified."), EmbeddedInstance("MSFT_MicrosoftGraphappConfigurationSettingItem")] String Settings[]; - [Write, Description("Admin provided description of the Device Configuration.")] String Description; - [Required, Description("Admin provided name of the device configuration.")] String DisplayName; - [Write, Description("List of Scope Tags for this App configuration entity.")] String RoleScopeTagIds[]; - [Write, Description("The associated app.")] String TargetedMobileApps[]; - [Key, Description("The unique identifier for an entity. Read-only.")] String Id; - [Write, Description("Represents the assignment to the Intune policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] String Assignments[]; - [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure; - [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; - [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; - [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; - [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret; - [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; - [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Access token used for authentication.")] String AccessTokens[]; -}; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md deleted file mode 100644 index 85cf9b00a5..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/readme.md +++ /dev/null @@ -1,8 +0,0 @@ - -# IntuneAppConfigurationDevicePolicy - -## Description - -Intune App Configuration Device Policy. - -Please note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json deleted file mode 100644 index fe3c38c0d1..0000000000 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/settings.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "resourceName": "IntuneAppConfigurationDevicePolicy", - "description": "This resource configures an Intune App Configuration Device Policy.", - "permissions": { - "graph": { - "delegated": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - }, - "application": { - "read": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.Read.All" - } - ], - "update": [ - { - "name": "Group.Read.All" - }, - { - "name": "DeviceManagementApps.ReadWrite.All" - } - ] - } - } - } -} diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.psm1 similarity index 50% rename from Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 rename to Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.psm1 index 1be31cd697..435b3082f5 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAppConfigurationDevicePolicy/MSFT_IntuneAppConfigurationDevicePolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.psm1 @@ -4,61 +4,35 @@ function Get-TargetResource [OutputType([System.Collections.Hashtable])] param ( - #region resource generator code - [Parameter()] - [System.Boolean] - $ConnectedAppsEnabled, - - [Parameter()] - [System.String] - $PackageId, - - [Parameter()] - [System.String] - $PayloadJson, - + #region Intune resource parameters [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $PermissionActions, - - [Parameter()] - [ValidateSet('default', 'androidWorkProfile', 'androidDeviceOwner')] [System.String] - $ProfileApplicability, + $Id, - [Parameter()] - [ValidateNotNullOrEmpty()] + [Parameter(Mandatory = $true)] [System.String] - $EncodedSettingXml, - - [Parameter()] - [ValidateNotNullOrEmpty()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Settings, + $DisplayName, [Parameter()] [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $RoleScopeTagIds, + $targetedMobileApps, [Parameter()] - [System.String[]] - $TargetedMobileApps, + [Microsoft.Management.Infrastructure.CimInstance[]] + $settings, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] - $Id, + $encodedSettingXml, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + #endregion [Parameter()] @@ -99,143 +73,91 @@ function Get-TargetResource { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message 'Connection to the workload failed.' + } - #Ensure the proper dependencies are installed in the current environment. - Confirm-M365DSCDependencies - - #region Telemetry - $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') - $CommandName = $MyInvocation.MyCommand - $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` - -CommandName $CommandName ` - -Parameters $PSBoundParameters - Add-M365DSCTelemetryEvent -Data $data - #endregion + #Ensure the proper dependencies are installed in the current environment. + Confirm-M365DSCDependencies - $nullResult = $PSBoundParameters - $nullResult.Ensure = 'Absent' + #region Telemetry + $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') + $CommandName = $MyInvocation.MyCommand + $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` + -CommandName $CommandName ` + -Parameters $PSBoundParameters + Add-M365DSCTelemetryEvent -Data $data + #endregion + - $getValue = $null + $nullResult = $PSBoundParameters + $nullResult.Ensure = 'Absent' + try + { + if (-not [string]::IsNullOrWhiteSpace($id)){ $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $id -ErrorAction SilentlyContinue } + #region resource generator code - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $Id -ErrorAction SilentlyContinue - if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Intune App Configuration Device Policy with Id {$Id}" - - if (-Not [string]::IsNullOrEmpty($DisplayName)) - { - $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` - -All ` - -Filter "DisplayName eq '$DisplayName'" ` - -ErrorAction SilentlyContinue + $getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter "DisplayName eq '$Displayname'" -ErrorAction SilentlyContinue | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosMobileAppConfiguration' ` } } #endregion + if ($null -eq $getValue) { - Write-Verbose -Message "Could not find an Intune App Configuration Device Policy with DisplayName {$DisplayName}" + Write-Verbose -Message "No Intune Mobile App Configuration Policy for iOS with Id {$id} was found" return $nullResult } - $Id = $getValue.Id - Write-Verbose -Message "An Intune App Configuration Device Policy with Id {$Id} and DisplayName {$DisplayName} was found." - #region resource generator code - $complexPermissionActions = @() - foreach ($currentpermissionActions in $getValue.AdditionalProperties.permissionActions) - { - $mypermissionActions = @{} - if ($null -ne $currentpermissionActions.action) - { - $mypermissionActions.Add('Action', $currentpermissionActions.action.toString()) - } - $mypermissionActions.Add('Permission', $currentpermissionActions.permission) - if ($mypermissionActions.values.Where({ $null -ne $_ }).count -gt 0) - { - $complexPermissionActions += $mypermissionActions - } - } + Write-Verbose -Message "An Intune Mobile App Configuration Policy for iOS with Id {$id} and DisplayName {$DisplayName} was found" + #need to convert dictionary object into a hashtable array so we can work with it $complexSettings = @() - foreach ($currentsettings in $getValue.AdditionalProperties.settings) + foreach ($setting in $getValue.AdditionalProperties.settings) { - $mysettings = @{} - $mysettings.Add('AppConfigKey', $currentsettings.appConfigKey) - if ($null -ne $currentsettings.appConfigKeyType) - { - $mysettings.Add('AppConfigKeyType', $currentsettings.appConfigKeyType.toString()) - } - $mysettings.Add('AppConfigKeyValue', $currentsettings.appConfigKeyValue) - if ($mysettings.values.Where({ $null -ne $_ }).count -gt 0) + $mySettings = @{} + $mySettings.Add('appConfigKey', $setting['appConfigKey']) + $mySettings.Add('appConfigKeyType', $setting['appConfigKeyType']) + $mySettings.Add('appConfigKeyValue', $setting['appConfigKeyValue']) + + if ($mySettings.values.Where({$null -ne $_}).count -gt 0) { - $complexSettings += $mysettings + $complexSettings += $mySettings } } - #endregion - - #region resource generator code - $enumProfileApplicability = $null - if ($null -ne $getValue.AdditionalProperties.profileApplicability) - { - $enumProfileApplicability = $getValue.AdditionalProperties.profileApplicability.ToString() - } - #endregion - - $platform = 'android' - if ($null -ne $getValue.AdditionalProperties.encodedSettingXml -or $null -ne $getValue.AdditionalProperties.settings) - { - $platform = 'ios' - } - - $targetedApps = @() - foreach ($targetedApp in $getValue.TargetedMobileApps) - { - $app = Get-MgBetaDeviceAppManagementMobileApp -MobileAppId $targetedApp - if ($platform -eq 'android') - { - $targetedApps += $app.AdditionalProperties.packageId - } - else - { - $targetedApps += $app.AdditionalProperties.bundleId - } - } - - $payloadJson = $null - if (-not [System.String]::IsNullOrEmpty($getValue.AdditionalProperties.payloadJson)) - { - $payloadJson = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($getValue.AdditionalProperties.payloadJson)) - } $results = @{ #region resource generator code - ConnectedAppsEnabled = $getValue.AdditionalProperties.connectedAppsEnabled - PackageId = $getValue.AdditionalProperties.packageId - PayloadJson = $payloadJson - PermissionActions = $complexPermissionActions - ProfileApplicability = $enumProfileApplicability - EncodedSettingXml = $getValue.AdditionalProperties.encodedSettingXml - Settings = $complexSettings - Description = $getValue.Description - DisplayName = $getValue.DisplayName - RoleScopeTagIds = $getValue.RoleScopeTagIds - TargetedMobileApps = $targetedApps - Id = $getValue.Id - Ensure = 'Present' - Credential = $Credential - ApplicationId = $ApplicationId - TenantId = $TenantId - ApplicationSecret = $ApplicationSecret - CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent - #endregion - } - $assignmentsValues = Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment -ManagedDeviceMobileAppConfigurationId $Id + Id = $getValue.Id + Description = $getValue.Description + DisplayName = $getValue.DisplayName + targetedMobileApps = $getValue.TargetedMobileApps + settings = $complexSettings #$getValue.AdditionalProperties.settings + encodedSettingXml = $getValue.AdditionalProperties.encodedSettingXml + Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + ApplicationSecret = $ApplicationSecret + CertificateThumbprint = $CertificateThumbprint + Managedidentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens + version = $getValue.AdditionalProperties.version + } + + $assignmentsValues = Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment -ManagedDeviceMobileAppConfigurationId $Results.Id $assignmentResult = @() if ($assignmentsValues.Count -gt 0) { - $assignmentResult += ConvertFrom-IntunePolicyAssignment -Assignments $assignmentsValues -IncludeDeviceFilter $true + $assignmentResult += ConvertFrom-IntunePolicyAssignment ` + -IncludeDeviceFilter:$true ` + -Assignments ($assignmentsValues) } $results.Add('Assignments', $assignmentResult) @@ -258,62 +180,37 @@ function Set-TargetResource [CmdletBinding()] param ( - #region resource generator code - [Parameter()] - [System.Boolean] - $ConnectedAppsEnabled, - - [Parameter()] - [System.String] - $PackageId, - + #region Intune resource parameters [Parameter()] [System.String] - $PayloadJson, - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $PermissionActions, - - [Parameter()] - [ValidateSet('default', 'androidWorkProfile', 'androidDeviceOwner')] - [System.String] - $ProfileApplicability, + $Id, - [Parameter()] - [ValidateNotNullOrEmpty()] + [Parameter(Mandatory = $true)] [System.String] - $EncodedSettingXml, - - [Parameter()] - [ValidateNotNullOrEmpty()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Settings, + $DisplayName, [Parameter()] [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $RoleScopeTagIds, + $targetedMobileApps, [Parameter()] - [System.String[]] - $TargetedMobileApps, + [Microsoft.Management.Infrastructure.CimInstance[]] + $settings, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] - $Id, + $encodedSettingXml, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + #endregion + [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] @@ -348,6 +245,16 @@ function Set-TargetResource $AccessTokens ) + try + { + $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` + -InboundParameters $PSBoundParameters + } + catch + { + Write-Verbose -Message $_ + } + #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -362,69 +269,52 @@ function Set-TargetResource $currentInstance = Get-TargetResource @PSBoundParameters - $BoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters - $platform = 'android' - if ($BoundParameters.ContainsKey('EncodedSettingXml') -or $BoundParameters.ContainsKey('Settings')) - { - $platform = 'ios' - } + $PSBoundParameters.Remove('Ensure') | Out-Null + $PSBoundParameters.Remove('Credential') | Out-Null + $PSBoundParameters.Remove('ApplicationId') | Out-Null + $PSBoundParameters.Remove('ApplicationSecret') | Out-Null + $PSBoundParameters.Remove('TenantId') | Out-Null + $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null + $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('AccessTokens') | Out-Null - if (-not [System.String]::IsNullOrEmpty($BoundParameters.PayloadJson)) - { - $BoundParameters.PayloadJson = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($BoundParameters.PayloadJson)) - } - - $mobileApps = Get-MgBetaDeviceAppManagementMobileApp -All - $targetedApps = @() - foreach ($targetedApp in $TargetedMobileApps) + if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { - $app = $mobileApps | Where-Object -FilterScript { - ($platform -eq 'android' -and $_.AdditionalProperties.packageId -eq $targetedApp -and $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.androidManagedStoreApp') -or ` - ($platform -eq 'ios' -and $_.AdditionalProperties.bundleId -eq $targetedApp) - } + Write-Verbose -Message "Creating {$DisplayName}" + $PSBoundParameters.Remove('Assignments') | Out-Null + $CreateParameters = ([Hashtable]$PSBoundParameters).clone() + $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($CreateParameters) - if ($null -eq $app) + foreach ($key in $AdditionalProperties.keys) { - throw "Could not find a mobile app with packageId or bundleId {$targetedApp}" + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $CreateParameters.remove($keyName) + } } - $targetedApps += $app.Id - } - $BoundParameters.TargetedMobileApps = $targetedApps - - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') - { - Write-Verbose -Message "Creating an Intune App Configuration Device Policy with DisplayName {$DisplayName}" - $BoundParameters.Remove('Assignments') | Out-Null - $CreateParameters = ([Hashtable]$BoundParameters).clone() - $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null - if ($platform -eq 'android') - { - $CreateParameters.Add('@odata.type', '#microsoft.graph.androidManagedStoreAppConfiguration') - $CreateParameters.Add('appSupportsOemConfig', $false) - } - else - { - $CreateParameters.Add('@odata.type', '#microsoft.graph.iosMobileAppConfiguration') - } + $CreateParameters.Remove('Verbose') | Out-Null - $keys = (([Hashtable]$CreateParameters).clone()).Keys - foreach ($key in $keys) + foreach ($key in ($CreateParameters.clone()).Keys) { - if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') + if ($CreateParameters[$key].getType().Fullname -like '*CimInstance*') { - $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key + $CreateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters[$key] } } + + $CreateParameters.add('AdditionalProperties', $AdditionalProperties) + #region resource generator code - $policy = New-MgBetaDeviceAppManagementMobileAppConfiguration -BodyParameter $CreateParameters + $policy = New-MgBetaDeviceAppManagementMobileAppConfiguration @CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - if ($policy.Id) + if ($policy.id) { - Update-DeviceConfigurationPolicyAssignment ` - -DeviceConfigurationPolicyId "$($policy.Id)/microsoft.graph.managedDeviceMobileAppConfiguration" ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceAppManagement/mobileAppConfigurations' } @@ -432,45 +322,45 @@ function Set-TargetResource } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Updating the Intune App Configuration Device Policy with Id {$($currentInstance.Id)}" - $BoundParameters.Remove('Assignments') | Out-Null - - $UpdateParameters = ([Hashtable]$BoundParameters).clone() + Write-Verbose -Message "Updating {$DisplayName}" + $PSBoundParameters.Remove('Assignments') | Out-Null + $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters - $UpdateParameters.Remove('Id') | Out-Null - - if ($platform -eq 'android') + $AdditionalProperties = Get-M365DSCAdditionalProperties -Properties ($UpdateParameters) + foreach ($key in $AdditionalProperties.keys) { - $UpdateParameters.Add('@odata.type', '#microsoft.graph.androidManagedStoreAppConfiguration') - } - else - { - $UpdateParameters.Add('@odata.type', '#microsoft.graph.iosMobileAppConfiguration') + if ($key -ne '@odata.type') + { + $keyName = $key.substring(0, 1).ToUpper() + $key.substring(1, $key.length - 1) + $UpdateParameters.remove($keyName) + } } - $keys = (([Hashtable]$UpdateParameters).clone()).Keys - foreach ($key in $keys) + $UpdateParameters.Remove('Id') | Out-Null + $UpdateParameters.Remove('Verbose') | Out-Null + + foreach ($key in ($UpdateParameters.clone()).Keys) { - if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') + if ($UpdateParameters[$key].getType().Fullname -like '*CimInstance*') { - $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key + $UpdateParameters[$key] = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters[$key] } } - #region resource generator code - Update-MgBetaDeviceAppManagementMobileAppConfiguration ` - -ManagedDeviceMobileAppConfigurationId $currentInstance.Id ` - -BodyParameter $UpdateParameters + $UpdateParameters.add('AdditionalProperties', $AdditionalProperties) + + #region resource generator code + Update-MgBetaDeviceAppManagementMobileAppConfiguration @UpdateParameters ` + -ManagedDeviceMobileAppConfigurationId $currentInstance.Id $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments - Update-DeviceConfigurationPolicyAssignment ` - -DeviceConfigurationPolicyId "$($currentInstance.Id)/microsoft.graph.managedDeviceMobileAppConfiguration" ` + Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository 'deviceAppManagement/mobileAppConfigurations' #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { - Write-Verbose -Message "Removing the Intune App Configuration Device Policy with Id {$($currentInstance.Id)}" + Write-Verbose -Message "Removing {$DisplayName}" #region resource generator code Remove-MgBetaDeviceAppManagementMobileAppConfiguration -ManagedDeviceMobileAppConfigurationId $currentInstance.Id #endregion @@ -483,61 +373,35 @@ function Test-TargetResource [OutputType([System.Boolean])] param ( - #region resource generator code - [Parameter()] - [System.Boolean] - $ConnectedAppsEnabled, - + #region Intune resource parameters [Parameter()] [System.String] - $PackageId, - - [Parameter()] - [System.String] - $PayloadJson, - - [Parameter()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $PermissionActions, - - [Parameter()] - [ValidateSet('default', 'androidWorkProfile', 'androidDeviceOwner')] - [System.String] - $ProfileApplicability, + $Id, - [Parameter()] - [ValidateNotNullOrEmpty()] + [Parameter(Mandatory = $true)] [System.String] - $EncodedSettingXml, - - [Parameter()] - [ValidateNotNullOrEmpty()] - [Microsoft.Management.Infrastructure.CimInstance[]] - $Settings, + $DisplayName, [Parameter()] [System.String] $Description, - [Parameter(Mandatory = $true)] - [System.String] - $DisplayName, - [Parameter()] [System.String[]] - $RoleScopeTagIds, + $targetedMobileApps, [Parameter()] - [System.String[]] - $TargetedMobileApps, + [Microsoft.Management.Infrastructure.CimInstance[]] + $settings, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] - $Id, + $encodedSettingXml, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, + #endregion [Parameter()] @@ -586,10 +450,10 @@ function Test-TargetResource Add-M365DSCTelemetryEvent -Data $data #endregion - Write-Verbose -Message "Testing configuration of the Intune App Configuration Device Policy with Id {$Id} and DisplayName {$DisplayName}" + Write-Verbose -Message "Testing configuration of {$id}" $CurrentValues = Get-TargetResource @PSBoundParameters - $ValuesToCheck = ([Hashtable]$PSBoundParameters).Clone() + $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() if ($CurrentValues.Ensure -ne $Ensure) { @@ -598,32 +462,57 @@ function Test-TargetResource } $testResult = $true - #Compare Cim instances foreach ($key in $PSBoundParameters.Keys) { - $source = $PSBoundParameters.$key - $target = $CurrentValues.$key - if ($source.GetType().Name -like '*CimInstance*') + if ($PSBoundParameters[$key].getType().Name -like '*CimInstance*') { - $testResult = Compare-M365DSCComplexObject ` - -Source ($source) ` - -Target ($target) - - if (-not $testResult) + $CIMArraySource = @() + $CIMArrayTarget = @() + $CIMArraySource += $PSBoundParameters[$key] + $CIMArrayTarget += $CurrentValues.$key + if ($CIMArraySource.count -ne $CIMArrayTarget.count) + { + Write-Verbose -Message "Configuration drift:Number of items does not match: Source=$($CIMArraySource.count) Target=$($CIMArrayTarget.count)" + $testResult = $false + break + } + $i = 0 + foreach ($item in $CIMArraySource ) { + $testResult = Compare-M365DSCComplexObject ` + -Source (Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $CIMArraySource[$i]) ` + -Target ($CIMArrayTarget[$i]) + $i++ + if (-Not $testResult) + { + $testResult = $false + break + } + } + if (-Not $testResult) + { + $testResult = $false break } $ValuesToCheck.Remove($key) | Out-Null } } - $ValuesToCheck.Remove('Id') | Out-Null - $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" + #Convert any DateTime to String + foreach ($key in $ValuesToCheck.Keys) + { + if (($null -ne $CurrentValues[$key]) ` + -and ($CurrentValues[$key].getType().Name -eq 'DateTime')) + { + $CurrentValues[$key] = $CurrentValues[$key].toString() + } + } + if ($testResult) { $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` @@ -694,10 +583,11 @@ function Export-TargetResource try { #region resource generator code - [array]$getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration ` - -Filter $Filter ` - -All ` - -ErrorAction Stop + [array]$getValue = Get-MgBetaDeviceAppManagementMobileAppConfiguration -Filter $Filter -All ` + -ErrorAction Stop | Where-Object ` + -FilterScript { ` + $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.iosMobileAppConfiguration' ` + } #endregion $i = 1 @@ -717,14 +607,9 @@ function Export-TargetResource $Global:M365DSCExportResourceInstancesCount++ } - $displayedKey = $config.Id - if (-not [String]::IsNullOrEmpty($config.displayName)) - { - $displayedKey = $config.displayName - } - Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline + Write-Host " |---[$i/$($getValue.Count)] $($config.DisplayName)" -NoNewline $params = @{ - Id = $config.Id + Id = $config.id DisplayName = $config.DisplayName Ensure = 'Present' Credential = $Credential @@ -732,69 +617,66 @@ function Export-TargetResource TenantId = $TenantId ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint - ManagedIdentity = $ManagedIdentity.IsPresent + Managedidentity = $ManagedIdentity.IsPresent AccessTokens = $AccessTokens } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results - if ($null -ne $Results.PermissionActions) + + if ($Results.Assignments) { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.PermissionActions ` - -CIMInstanceName 'MicrosoftGraphandroidPermissionAction' - if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) + $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments + if ($complexTypeStringResult) { - $Results.PermissionActions = $complexTypeStringResult + $Results.Assignments = $complexTypeStringResult } else { - $Results.Remove('PermissionActions') | Out-Null + $Results.Remove('Assignments') | Out-Null } } - if ($null -ne $Results.Settings) + + if ($null -ne $Results.settings) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` - -ComplexObject $Results.Settings ` - -CIMInstanceName 'MicrosoftGraphappConfigurationSettingItem' + -ComplexObject $Results.settings ` + -CIMInstanceName 'MSFT_appConfigurationSettingItem' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { - $Results.Settings = $complexTypeStringResult + $Results.settings = $complexTypeStringResult } else { - $Results.Remove('Settings') | Out-Null - } - } - if ($Results.Assignments) - { - $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments - if ($complexTypeStringResult) - { - $Results.Assignments = $complexTypeStringResult - } - else - { - $Results.Remove('Assignments') | Out-Null + $Results.Remove('settings') | Out-Null } } + $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential - if ($Results.PermissionActions) - { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'PermissionActions' -IsCIMArray:$True - } - if ($Results.Settings) + + if ($Results.Assignments) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Settings' -IsCIMArray:$True + $isCIMArray = $false + if ($Results.Assignments.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$isCIMArray } - if ($Results.Assignments) + + if ($Results.settings) { - $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true + $isCIMArray = $false + if ($Results.settings.getType().Fullname -like '*[[\]]') + { + $isCIMArray = $true + } + $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'settings' -IsCIMArray:$isCIMArray } $dscContent += $currentDSCBlock @@ -803,20 +685,86 @@ function Export-TargetResource $i++ Write-Host $Global:M365DSCEmojiGreenCheckMark } + return $dscContent } catch { - Write-Host $Global:M365DSCEmojiRedX + if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` + $_.Exception -like "*Request not applicable to target tenant*") + { + Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." + } + else + { + Write-Host $Global:M365DSCEmojiRedX - New-M365DSCLogEntry -Message 'Error during Export:' ` - -Exception $_ ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential + New-M365DSCLogEntry -Message 'Error during Export:' ` + -Exception $_ ` + -Source $($MyInvocation.MyCommand.Source) ` + -TenantId $TenantId ` + -Credential $Credential + } return '' } } + + +function Get-M365DSCAdditionalProperties +{ + [CmdletBinding()] + [OutputType([System.Collections.Hashtable])] + param + ( + [Parameter(Mandatory = 'true')] + [System.Collections.Hashtable] + $Properties + ) + + $additionalProperties = @( + 'encodedSettingXml' + 'settings' + ) + + $results = @{'@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' } + $cloneProperties = $Properties.clone() + foreach ($property in $cloneProperties.Keys) + { + if ($property -in ($additionalProperties) ) + { + $propertyName = $property[0].ToString().ToLower() + $property.Substring(1, $property.Length - 1) + if ($properties.$property -and $properties.$property.getType().FullName -like '*CIMInstance*') + { + if ($properties.$property.getType().FullName -like '*[[\]]') + { + $array = @() + foreach ($item in $properties.$property) + { + $array += Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $item + } + $propertyValue = $array + } + else + { + $propertyValue = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $properties.$property + } + + } + else + { + $propertyValue = $properties.$property + } + + $results.Add($propertyName, $propertyValue) + } + } + if ($results.Count -eq 1) + { + return $null + } + return $results +} + Export-ModuleMember -Function *-TargetResource diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.schema.mof new file mode 100644 index 0000000000..e35b7bfd7e Binary files /dev/null and b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/MSFT_IntuneMobileAppConfigurationPolicyIOS.schema.mof differ diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/readme.md new file mode 100644 index 0000000000..d18bcd36ae --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/readme.md @@ -0,0 +1,6 @@ + +# IntuneMobileAppConfigurationPolicyIOS + +## Description + +This resource configures an Intune Managed Device Mobile App Configuration Policy for iOS Device. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/settings.json new file mode 100644 index 0000000000..520b5bcd32 --- /dev/null +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppConfigurationPolicyIOS/settings.json @@ -0,0 +1,44 @@ +{ + "resourceName": "IntuneMobileAppConfigurationPolicyIOS", + "description": "This resource configures an Intune Managed Device Mobile App Configuration Policy for iOS Device.", + "permissions": { + "graph": { + "delegated": { + "read": [ + { + "name": "Group.Read.All" + }, +{ + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + }, + "application": { + "read": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.Read.All" + } + ], + "update": [ + { + "name": "Group.Read.All" + }, + { + "name": "DeviceManagementApps.ReadWrite.All" + } + ] + } + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/1-Create.ps1 deleted file mode 100644 index dd2a4f4c38..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/1-Create.ps1 +++ /dev/null @@ -1,43 +0,0 @@ -<# -This example creates a new App Configuration Device Policy. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneAppConfigurationDevicePolicy "IntuneAppConfigurationDevicePolicy-Example" - { - Assignments = @(); - Description = ""; - DisplayName = "Example"; - Ensure = "Present"; - Id = "0000000-0000-0000-0000-000000000000"; - ConnectedAppsEnabled = $true; - PackageId = "app:com.microsoft.office.outlook" - PayloadJson = "Base64 encoded settings" - PermissionActions = @() - ProfileApplicability = "default" - RoleScopeTagIds = @("0"); - TargetedMobileApps = @(""); - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/2-Update.ps1 deleted file mode 100644 index 5eafde868b..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/2-Update.ps1 +++ /dev/null @@ -1,48 +0,0 @@ -<# -This example updates an App Configuration Device Policy. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneAppConfigurationDevicePolicy "IntuneAppConfigurationDevicePolicy-Example" - { - Assignments = @(); - Description = ""; - DisplayName = "Example"; - Ensure = "Present"; - Id = "0000000-0000-0000-0000-000000000000"; - ConnectedAppsEnabled = $true; - PackageId = "app:com.microsoft.office.outlook" - PayloadJson = "Base64 encoded settings" - PermissionActions = @( - MSFT_MicrosoftGraphAndroidPermissionAction{ - Action = "prompt" - Permission = "android.permission.READ_CALENDAR" - } - ) # Updated property - ProfileApplicability = "default" - RoleScopeTagIds = @("0"); - TargetedMobileApps = @(""); - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/3-Remove.ps1 deleted file mode 100644 index 4823b2fba9..0000000000 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAppConfigurationDevicePolicy/3-Remove.ps1 +++ /dev/null @@ -1,35 +0,0 @@ -<# -This example deletes a new App Configuration Device Policy. -#> - -Configuration Example -{ - param( - [Parameter()] - [System.String] - $ApplicationId, - - [Parameter()] - [System.String] - $TenantId, - - [Parameter()] - [System.String] - $CertificateThumbprint - ) - Import-DscResource -ModuleName Microsoft365DSC - - node localhost - { - IntuneAppConfigurationDevicePolicy "IntuneAppConfigurationDevicePolicy-Example" - { - Description = ""; - DisplayName = "Example"; - Ensure = "Present"; - Id = "0000000-0000-0000-0000-000000000000"; - ApplicationId = $ApplicationId; - TenantId = $TenantId; - CertificateThumbprint = $CertificateThumbprint; - } - } -} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/1-Create.ps1 new file mode 100644 index 0000000000..80d6ca10e7 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/1-Create.ps1 @@ -0,0 +1,47 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneMobileAppConfigurationPolicyIOS "ConfigureIntuneMobileAppConfigurationPolicyIOS" + { + Description = "IntuneMobileAppConfigurationPolicyIOS Description"; + DisplayName = "IntuneMobileAppConfigurationPolicyIOS DisplayName"; + Ensure = "Present"; + settings = @( + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey1' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'KeyValue1' + } + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey2' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'keyValue2' + } + ); + targetedMobileApps = @("06131066-8adf-42a9-86aa-e4b59e27da5d"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/2-Update.ps1 new file mode 100644 index 0000000000..860a8c9732 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/2-Update.ps1 @@ -0,0 +1,47 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneMobileAppConfigurationPolicyIOS "ConfigureIntuneMobileAppConfigurationPolicyIOS" + { + Description = "IntuneMobileAppConfigurationPolicyIOS Description"; + DisplayName = "IntuneMobileAppConfigurationPolicyIOS DisplayName"; + Ensure = "Present"; + settings = @( + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey1' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'KeyValue1 updated' #updated property + } + MSFT_appConfigurationSettingItem{ + appConfigKey = 'ConfigKey2' + appConfigKeyType = 'stringType' + appConfigKeyValue = 'keyValue2' + } + ); + targetedMobileApps = @("06131066-8adf-42a9-86aa-e4b59e27da5d"); + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/3-Remove.ps1 new file mode 100644 index 0000000000..6e04d55179 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneMobileAppConfigurationPolicyIOS/3-Remove.ps1 @@ -0,0 +1,34 @@ +<# +This example creates a new Intune Mobile App Configuration Policy for iOs devices +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName 'Microsoft365DSC' + + Node localhost + { + IntuneMobileAppConfigurationPolicyIOS "ConfigureIntuneMobileAppConfigurationPolicyIOS" + { + Description = "IntuneMobileAppConfigurationPolicyIOS Description"; + DisplayName = "IntuneMobileAppConfigurationPolicyIOS DisplayName"; + Ensure = "Absent"; + ApplicationId = $ApplicationId; + TenantId = $TenantId; + CertificateThumbprint = $CertificateThumbprint; + } + } +} diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 deleted file mode 100644 index 37b613ff24..0000000000 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneAppConfigurationDevicePolicy.Tests.ps1 +++ /dev/null @@ -1,367 +0,0 @@ -[CmdletBinding()] -param( -) -$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` - -ChildPath '..\..\Unit' ` - -Resolve -$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Microsoft365.psm1' ` - -Resolve) -$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\Stubs\Generic.psm1' ` - -Resolve) -Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` - -ChildPath '\UnitTestHelper.psm1' ` - -Resolve) - -$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` - -DscResource "IntuneAppConfigurationDevicePolicy" -GenericStubModule $GenericStubPath -Describe -Name $Global:DscHelper.DescribeHeader -Fixture { - InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { - Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope - BeforeAll { - - $secpasswd = ConvertTo-SecureString (New-Guid | Out-String) -AsPlainText -Force - $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) - - Mock -CommandName Confirm-M365DSCDependencies -MockWith { - } - - Mock -CommandName Get-PSSession -MockWith { - } - - Mock -CommandName Remove-PSSession -MockWith { - } - - Mock -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - } - - Mock -CommandName New-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - } - - Mock -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - } - - Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { - } - - Mock -CommandName New-M365DSCConnection -MockWith { - return "Credentials" - } - - # Mock Write-Host to hide output during the tests - Mock -CommandName Write-Host -MockWith { - } - $Script:exportedInstances =$null - $Script:ExportMode = $false - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfigurationAssignment -MockWith { - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - } - - } - # Test contexts - Context -Name "The IntuneAppConfigurationDevicePolicy should exist but it DOES NOT" -Fixture { - BeforeAll { - $testParams = @{ - ConnectedAppsEnabled = $True - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - PackageId = "FakeStringValue" - PayloadJson = "{`"test`":`"value`"}" - permissionActions = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphandroidPermissionAction -Property @{ - permission = "FakeStringValue" - action = "prompt" - } -ClientOnly) - ) - profileApplicability = "default" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - Ensure = "Present" - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "FakeStringValue" - AdditionalProperties = @{ - packageId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.androidManagedStoreApp" - } - } - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - return $null - } - } - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' - } - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - It 'Should Create the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName New-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 - } - } - - Context -Name "The IntuneAppConfigurationDevicePolicy exists but it SHOULD NOT" -Fixture { - BeforeAll { - $testParams = @{ - ConnectedAppsEnabled = $True - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - PackageId = "FakeStringValue" - PayloadJson = "{`"test`":`"value`"}" - permissionActions = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphandroidPermissionAction -Property @{ - permission = "FakeStringValue" - action = "prompt" - } -ClientOnly) - ) - profileApplicability = "default" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - Ensure = 'Absent' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "FakeStringValue" - AdditionalProperties = @{ - packageId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.androidManagedStoreApp" - } - } - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - appSupportsOemConfig = $True - '@odata.type' = "#microsoft.graph.androidManagedStoreAppConfiguration" - payloadJson = "eyJ0ZXN0IjoidmFsdWUifQ==" - profileApplicability = "default" - permissionActions = @( - @{ - permission = "FakeStringValue" - action = "prompt" - } - ) - packageId = "FakeStringValue" - connectedAppsEnabled = $True - } - createdDateTime = "2023-01-01T00:00:00.0000000+01:00" - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - lastModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - version = 25 - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should Remove the group from the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 - } - } - Context -Name "The IntuneAppConfigurationDevicePolicy Exists and Values are already in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - ConnectedAppsEnabled = $True - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - PackageId = "FakeStringValue" - PayloadJson = "{`"test`":`"value`"}" - permissionActions = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphandroidPermissionAction -Property @{ - permission = "FakeStringValue" - action = "prompt" - } -ClientOnly) - ) - profileApplicability = "default" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "FakeStringValue" - AdditionalProperties = @{ - packageId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.androidManagedStoreApp" - } - } - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - appSupportsOemConfig = $True - '@odata.type' = "#microsoft.graph.androidManagedStoreAppConfiguration" - payloadJson = "eyJ0ZXN0IjoidmFsdWUifQ==" - profileApplicability = "default" - permissionActions = @( - @{ - permission = "FakeStringValue" - action = "prompt" - } - ) - packageId = "FakeStringValue" - connectedAppsEnabled = $True - } - createdDateTime = "2023-01-01T00:00:00.0000000+01:00" - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - lastModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - version = 25 - } - } - } - - It 'Should return true from the Test method' { - Test-TargetResource @testParams | Should -Be $true - } - } - - Context -Name "The IntuneAppConfigurationDevicePolicy exists and values are NOT in the desired state" -Fixture { - BeforeAll { - $testParams = @{ - Assignments = @() - ConnectedAppsEnabled = $True - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - PackageId = "FakeStringValue" - PayloadJson = "{`"test`":`"value`"}" - permissionActions = [CimInstance[]]@( - (New-CimInstance -ClassName MSFT_MicrosoftGraphandroidPermissionAction -Property @{ - permission = "FakeStringValue" - action = "prompt" - } -ClientOnly) - ) - profileApplicability = "default" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - Ensure = 'Present' - Credential = $Credential; - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileApp -MockWith { - return @{ - Id = "FakeStringValue" - AdditionalProperties = @{ - packageId = "FakeStringValue" - '@odata.type' = "#microsoft.graph.androidManagedStoreApp" - } - } - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - profileApplicability = "default" - packageId = "FakeStringValue" - permissionActions = @( - @{ - permission = "FakeStringValue" - action = "prompt" - } - ) - payloadJson = "eyJ0ZXN0IjoidmFsdWUifQ==" - } - createdDateTime = "2023-01-01T00:00:00.0000000+01:00" - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - lastModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - version = 7 - } - } - } - - It 'Should return Values from the Get method' { - (Get-TargetResource @testParams).Ensure | Should -Be 'Present' - } - - It 'Should return false from the Test method' { - Test-TargetResource @testParams | Should -Be $false - } - - It 'Should call the Set method' { - Set-TargetResource @testParams - Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 - } - } - - Context -Name 'ReverseDSC Tests' -Fixture { - BeforeAll { - $Global:CurrentModeIsExport = $true - $Global:PartialExportFileName = "$(New-Guid).partial.ps1" - $testParams = @{ - Credential = $Credential - } - - Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { - return @{ - AdditionalProperties = @{ - appSupportsOemConfig = $True - '@odata.type' = "#microsoft.graph.androidManagedStoreAppConfiguration" - payloadJson = "{`"test`":`"value`"}" - profileApplicability = "default" - permissionActions = @( - @{ - permission = "FakeStringValue" - action = "prompt" - } - ) - packageId = "FakeStringValue" - connectedAppsEnabled = $True - } - createdDateTime = "2023-01-01T00:00:00.0000000+01:00" - description = "FakeStringValue" - displayName = "FakeStringValue" - id = "FakeStringValue" - lastModifiedDateTime = "2023-01-01T00:00:00.0000000+01:00" - roleScopeTagIds = @("FakeStringValue") - targetedMobileApps = @("FakeStringValue") - version = 25 - } - } - } - It 'Should Reverse Engineer resource from the Export method' { - $result = Export-TargetResource @testParams - $result | Should -Not -BeNullOrEmpty - } - } - } -} - -Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppConfigurationPolicyIOS.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppConfigurationPolicyIOS.Tests.ps1 new file mode 100644 index 0000000000..b5c34c57f6 --- /dev/null +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.IntuneMobileAppConfigurationPolicyIOS.Tests.ps1 @@ -0,0 +1,281 @@ +[CmdletBinding()] +param( +) +$M365DSCTestFolder = Join-Path -Path $PSScriptRoot ` + -ChildPath '..\..\Unit' ` + -Resolve +$CmdletModule = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Microsoft365.psm1' ` + -Resolve) +$GenericStubPath = (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\Stubs\Generic.psm1' ` + -Resolve) +Import-Module -Name (Join-Path -Path $M365DSCTestFolder ` + -ChildPath '\UnitTestHelper.psm1' ` + -Resolve) + +$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule ` + -DscResource 'IntuneMobileAppConfigurationPolicyIOS' -GenericStubModule $GenericStubPath +Describe -Name $Global:DscHelper.DescribeHeader -Fixture { + InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock { + Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope + BeforeAll { + $secpasswd = ConvertTo-SecureString ((New-Guid).ToString()) -AsPlainText -Force + $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin@mydomain.com', $secpasswd) + + Mock -CommandName Confirm-M365DSCDependencies -MockWith { + } + + Mock -CommandName New-M365DSCConnection -MockWith { + return 'Credentials' + } + + Mock -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName New-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + } + + Mock -CommandName Get-MgBetaDeviceManagementDeviceCompliancePolicyAssignment -MockWith { + + return @() + } + Mock -CommandName Update-DeviceConfigurationPolicyAssignment -MockWith { + } + # Mock Write-Host to hide output during the tests + Mock -CommandName Write-Host -MockWith { + } + $Script:exportedInstances =$null + $Script:ExportMode = $false + } + + # Test contexts + Context -Name "When the iOS Mobile App Configuration Policy doesn't already exist" -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return $null + } + } + + It 'Should return absent from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Absent' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should create the iOS Mobile App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName 'New-MgBetaDeviceAppManagementMobileAppConfiguration' -Exactly 1 + } + } + + Context -Name 'When the iOS Mobile App Configuration Policy already exists and is NOT in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Different Value' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return false from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should update the iOS Mobile App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Update-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 + + } + } + + Context -Name 'When the policy already exists and IS in the Desired State' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Present' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $true + } + } + + Context -Name 'When the policy exists and it SHOULD NOT' -Fixture { + BeforeAll { + $testParams = @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + targetedMobileApps = "{FakeStringValue}" + settings = [CimInstance[]]@( + (New-CimInstance -ClassName MSFT_appConfigurationSettingItem -Property @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } -ClientOnly) + ) + encodedSettingXml = "" + Ensure = 'Absent' + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + AdditionalProperties = @{ + targetedMobileApps = "{FakeStringValue}" + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should return Present from the Get method' { + (Get-TargetResource @testParams).Ensure | Should -Be 'Present' + } + + It 'Should return true from the Test method' { + Test-TargetResource @testParams | Should -Be $false + } + + It 'Should remove the iOS Mobile App Configuration Policy from the Set method' { + Set-TargetResource @testParams + Should -Invoke -CommandName Remove-MgBetaDeviceAppManagementMobileAppConfiguration -Exactly 1 + } + } + + Context -Name 'ReverseDSC Tests' -Fixture { + BeforeAll { + $Global:CurrentModeIsExport = $true + $Global:PartialExportFileName = "$(New-Guid).partial.ps1" + $testParams = @{ + Credential = $Credential + } + + Mock -CommandName Get-MgBetaDeviceAppManagementMobileAppConfiguration -MockWith { + return @{ + DisplayName = 'Test iOS Mobile App Configuration Policy' + Description = 'Test iOS Mobile App Configuration Policy Description' + Id = 'e30954ac-a65e-4dcb-ab79-91d45f3c52b4' + targetedMobileApps = "{FakeStringValue}" + AdditionalProperties = @{ + settings = @( + @{ + appConfigKey = "FakeStringValue" + appConfigKeyType = "stringType" + appConfigKeyValue = "FakeStringValue" + } + ) + encodedSettingXml = "" + '@odata.type' = '#microsoft.graph.iosMobileAppConfiguration' + } + } + } + } + + It 'Should Reverse Engineer resource from the Export method' { + $result = Export-TargetResource @testParams + $result | Should -Not -BeNullOrEmpty + } + } + } +} + +Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope \ No newline at end of file