From 1a75384751a955584c3296004a2e10d8e287d2fa Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Jun 2023 13:23:25 -0400 Subject: [PATCH 1/2] Initial --- .../MSFT_AADNamedLocationPolicy.psm1 | 18 +++++++++++++++++- .../MSFT_AADNamedLocationPolicy.schema.mof | 1 + .../MSFT_SCProtectionAlert.psm1 | 1 - 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 index dc5830a1da..b9c9232f45 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.psm1 @@ -29,6 +29,11 @@ function Get-TargetResource [System.String[]] $CountriesAndRegions, + [Parameter()] + [System.String] + [ValidateSet('clientIpAddress','authenticatorAppGps')] + $CountryLookupMethod, + [Parameter()] [System.Boolean] $IncludeUnknownCountriesAndRegions, @@ -129,6 +134,7 @@ function Get-TargetResource IpRanges = $NamedLocation.AdditionalProperties.ipRanges.cidrAddress IsTrusted = $NamedLocation.AdditionalProperties.isTrusted CountriesAndRegions = [String[]]$NamedLocation.AdditionalProperties.countriesAndRegions + CountryLookupMethod = $NamedLocation.AdditionalProperties.countryLookupMethod IncludeUnknownCountriesAndRegions = $NamedLocation.AdditionalProperties.includeUnknownCountriesAndRegions Ensure = 'Present' ApplicationSecret = $ApplicationSecret @@ -185,6 +191,11 @@ function Set-TargetResource [System.String[]] $CountriesAndRegions, + [Parameter()] + [System.String] + [ValidateSet('clientIpAddress','authenticatorAppGps')] + $CountryLookupMethod, + [Parameter()] [System.Boolean] $IncludeUnknownCountriesAndRegions, @@ -264,6 +275,7 @@ function Set-TargetResource { $desiredValues.Add('includeUnknownCountriesAndRegions', $IncludeUnknownCountriesAndRegions) $desiredValues.Add('countriesAndRegions', $CountriesAndRegions) + $desiredValues.Add('countryLookupMethod', $CountryLookupMethod) } # Named Location should exist but it doesn't @@ -333,6 +345,11 @@ function Test-TargetResource [System.String[]] $CountriesAndRegions, + [Parameter()] + [System.String] + [ValidateSet('clientIpAddress','authenticatorAppGps')] + $CountryLookupMethod, + [Parameter()] [System.Boolean] $IncludeUnknownCountriesAndRegions, @@ -459,7 +476,6 @@ function Export-TargetResource try { - $AADNamedLocations = Get-MgIdentityConditionalAccessNamedLocation -Filter $Filter -All:$true -ErrorAction Stop if ($AADNamedLocations.Length -eq 0) { diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.schema.mof index def4606d57..529ceee96e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADNamedLocationPolicy/MSFT_AADNamedLocationPolicy.schema.mof @@ -7,6 +7,7 @@ class MSFT_AADNamedLocationPolicy : OMI_BaseResource [Write, Description("Specifies the IP ranges of the Named Location in Azure Active Directory")] String IpRanges[]; [Write, Description("Specifies the isTrusted value for the Named Location in Azure Active Directory")] Boolean IsTrusted; [Write, Description("Specifies the countries and regions for the Named Location in Azure Active Directory")] String CountriesAndRegions[]; + [Write, Description("Determines what method is used to decide which country the user is located in. Possible values are clientIpAddress(default) and authenticatorAppGps."), ValueMap{"clientIpAddress","authenticatorAppGps"}, Values{"clientIpAddress","authenticatorAppGps"}] String CountryLookupMethod; [Write, Description("Specifies the includeUnknownCountriesAndRegions value for the Named Location in Azure Active Directory")] Boolean IncludeUnknownCountriesAndRegions; [Write, Description("Specify if the Azure AD Named Location should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 index 808568f13d..583d151ea1 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.psm1 @@ -135,7 +135,6 @@ function Get-TargetResource $CertificatePassword ) - Write-Verbose -Message "Getting configuration of SCProtectionAlert for $Name" if ($Global:CurrentModeIsExport) From 15d46fd330d1b6b2d498cb0f8fb9706d526d2e0f Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Fri, 9 Jun 2023 13:24:48 -0400 Subject: [PATCH 2/2] FIxes #3345 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ffabca1191..f6c6367f16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* AADNamedLocationPolicy + * Added support forthe CountryLookupMethod property + FIXES [#3345](https://github.com/microsoft/Microsoft365DSC/issues/3345) * DEPENDENCIES * Updated Microsoft.Graph dependencies to version 1.28.0.