Skip to content

Commit

Permalink
Merge pull request #3105 from swisscom/AADCOnditionalAccessPolicy
Browse files Browse the repository at this point in the history 
Fix issue if External Guest not set cause empty Odata type
  • Loading branch information
@NikCharlebois
NikCharlebois authored Mar 31, 2023
2 parents b865fc4 + 6259ab7 commit 01066b5
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 45 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
# Change log for Microsoft365DSC

# UNRELEASED

* AADAdministrativeUnit
* [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required
* Fixes extraction of the Members property.
* AADApplication
* [BREAKING CHANGE] Remove deprecated parameter Oauth2RequirePostResponse
* AADConditionalAccessPolicy
* Add condition for empty External Guest/User include/exclude
FIXES [#3108](https://github.com/microsoft/Microsoft365DSC/issues/3108)
* [BREAKING CHANGE] Setting Id as Key parameter and DisplayName as Required
* [BREAKING CHANGE] Remove deprecated parameters IncludeDevices and ExcludeDevices
* AADEntitlementManagementAccessPackage, AADEntitlementManagementAccessPackageAssignmentPolicy,
Expand Down
84 changes: 40 additions & 44 deletions ...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1125,55 +1125,51 @@ function Set-TargetResource
}
}
Write-Verbose -Message 'Set-Targetresource: process includeGuestsOrExternalUsers'
$includeGuestsOrExternalUsers = @{}
[string]$IncludeGuestOrExternalUserTypes = $IncludeGuestOrExternalUserTypes -join ','
$includeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $IncludeGuestOrExternalUserTypes)
$externalTenants = @{}
if ($IncludeExternalTenantsMembershipKind -eq 'All')
if ($IncludeGuestOrExternalUserTypes.Count -ne 0)
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants')
}
elseif ($IncludeExternalTenantsMembershipKind -eq 'enumerated')
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants')
}
else
{
$externalTenants.Add('@odata.type', '')
}
$externalTenants.Add('membershipKind', $IncludeExternalTenantsMembershipKind)
if ($IncludeExternalTenantsMembers)
{
$externalTenants.Add('members', $IncludeExternalTenantsMembers)
$includeGuestsOrExternalUsers = @{}
[string]$IncludeGuestOrExternalUserTypes = $IncludeGuestOrExternalUserTypes -join ','
$includeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $IncludeGuestOrExternalUserTypes)
$externalTenants = @{}
if ($IncludeExternalTenantsMembershipKind -eq 'All')
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants')
}
elseif ($IncludeExternalTenantsMembershipKind -eq 'enumerated')
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants')
}
$externalTenants.Add('membershipKind', $IncludeExternalTenantsMembershipKind)
if ($IncludeExternalTenantsMembers)
{
$externalTenants.Add('members', $IncludeExternalTenantsMembers)
}
$includeGuestsOrExternalUsers.Add('externalTenants', $externalTenants)
$conditions.Users.Add('includeGuestsOrExternalUsers', $includeGuestsOrExternalUsers)
}
$includeGuestsOrExternalUsers.Add('externalTenants', $externalTenants)
$conditions.Users.Add('includeGuestsOrExternalUsers', $includeGuestsOrExternalUsers)

Write-Verbose -Message 'Set-Targetresource: process excludeGuestsOrExternalUsers'
$excludeGuestsOrExternalUsers = @{}
[string]$ExcludeGuestOrExternalUserTypes = $ExcludeGuestOrExternalUserTypes -join ','
$excludeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $ExcludeGuestOrExternalUserTypes)
$externalTenants = @{}
if ($ExcludeExternalTenantsMembershipKind -eq 'All')
if ($ExcludeGuestOrExternalUserTypes.Count -ne 0)
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants')
}
elseif ($ExcludeExternalTenantsMembershipKind -eq 'enumerated')
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants')
}
else
{
$externalTenants.Add('@odata.type', '')
}
$externalTenants.Add('membershipKind', $ExcludeExternalTenantsMembershipKind)
if ($ExcludeExternalTenantsMembers)
{
$externalTenants.Add('members', $ExcludeExternalTenantsMembers)
$excludeGuestsOrExternalUsers = @{}
[string]$ExcludeGuestOrExternalUserTypes = $ExcludeGuestOrExternalUserTypes -join ','
$excludeGuestsOrExternalUsers.Add('guestOrExternalUserTypes', $ExcludeGuestOrExternalUserTypes)
$externalTenants = @{}
if ($ExcludeExternalTenantsMembershipKind -eq 'All')
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessAllExternalTenants')
}
elseif ($ExcludeExternalTenantsMembershipKind -eq 'enumerated')
{
$externalTenants.Add('@odata.type', '#microsoft.graph.conditionalAccessEnumeratedExternalTenants')
}
$externalTenants.Add('membershipKind', $ExcludeExternalTenantsMembershipKind)
if ($ExcludeExternalTenantsMembers)
{
$externalTenants.Add('members', $ExcludeExternalTenantsMembers)
}
$excludeGuestsOrExternalUsers.Add('externalTenants', $externalTenants)
$conditions.Users.Add('excludeGuestsOrExternalUsers', $excludeGuestsOrExternalUsers)
}
$excludeGuestsOrExternalUsers.Add('externalTenants', $externalTenants)
$conditions.Users.Add('excludeGuestsOrExternalUsers', $excludeGuestsOrExternalUsers)

Write-Verbose -Message 'Set-Targetresource: process platform condition'
if ($IncludePlatforms -or $ExcludePlatforms)
{
Expand Down

0 comments on commit 01066b5

Please sign in to comment.