diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b2682287f6..d25e9d9c84 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -11,3 +11,23 @@ - Fixes #123 - Fixes #124 --> + +#### Task list + + + +- [ ] Added an entry to the change log under the Unreleased section of the file CHANGELOG.md. + Entry should say what was changed and how that affects users (if applicable), and + reference the issue being resolved (if applicable). +- [ ] Resource parameter descriptions added/updated in the schema.mof. +- [ ] Resource documentation added/updated in README.md. +- [ ] Resource settings.json file contains all required permissions. +- [ ] Examples appropriately added/updated. +- [ ] Unit tests added/updated. +- [ ] New/changed code adheres to [DSC Community Style Guidelines](https://dsccommunity.org/styleguidelines). diff --git a/CHANGELOG.md b/CHANGELOG.md index ebde2a7d8c..edd95421a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,13 @@ # UNRELEASED -* AAD - Added ApplicationSecret auth method to multiple resources - * PR #5409 +* AAD + * Added ApplicationSecret auth method to multiple resources +* MISC + * Removed hardcoded Graph urls and replaced by MSCloudLoginAssistant values. + +# 1.24.1120.1 + * AADAdminConsentRequestPolicy * Added error handling to Group display name retrieval to prevent errors when an assigned group no longer exists. @@ -75,6 +80,8 @@ * Initial release. * SCPolicyConfig * Fixed an issue extracting empty groups properties. +* TeamsMeetingPolicy + * FIXES #5442(https://github.com/microsoft/Microsoft365DSC/issues/5442) * TeamsUpdateManagementPolicy * Added conversion of the UpdateTimeOfDay parameter to the local culture format so that the comparison will work consistently. @@ -106,7 +113,13 @@ * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) -* IntuneSecurityBaselineMicrosoftEdge +* IntuneDeviceConfigurationCustomPolicyWindows10 + * Fixed issue where `Value`, from `OmaSettings`, could not be compared + correctly if it was boolean and set to `$False` + FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) +* IntuneEndpointDetectionAndResponsePolicyWindows10 + * Remove changed property name from export. + FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300)* IntuneSecurityBaselineMicrosoftEdge * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil * Restrict CIM instance access to properties that appear multiple times. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 index cac6b9daf2..00eb0e124e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1 @@ -689,7 +689,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $ownerObject = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } try { @@ -751,7 +751,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null } @@ -759,7 +759,7 @@ function Set-TargetResource { Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}" $memberObject = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/{$($directoryObject.Id)}" + '@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}" } Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($directoryObject.Id) | Out-Null } @@ -809,7 +809,7 @@ function Set-TargetResource { Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}" $groupAsMemberObject = @{ - "@odata.id"= "https://graph.microsoft.com/v1.0/directoryObjects/$($groupAsMember.Id)" + "@odata.id"= $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)" } New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null } @@ -863,9 +863,6 @@ function Set-TargetResource if ($memberOfgroup.psobject.Typenames -match 'Group') { Write-Verbose -Message "Adding AAD group {$($currentGroup.DisplayName)} as member of AAD group {$($memberOfGroup.DisplayName)}" - #$memberOfObject = @{ - # "@odata.id"= "https://graph.microsoft.com/v1.0/groups/{$($group.Id)}" - #} New-MgGroupMember -GroupId ($memberOfGroup.Id) -DirectoryObject ($currentGroup.Id) | Out-Null } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 index c6dac92a02..bf57b6fb57 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1 @@ -269,7 +269,7 @@ function Set-TargetResource foreach ($provider in $IdentityProviders) { $params = @{ - "@odata.id" = "https://graph.microsoft.com/beta/identityProviders/$($provider)" + "@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the newly created Azure AD Identity B2X User Flow with Id {$($newObj.Id)}" @@ -318,7 +318,7 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postFederationSignupConnectorName)'" $params = @{ - "@odata.id" = "https://graph.microsoft.com/beta/identity/apiConnectors/$($getConnector.Id)" + "@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Federation Signup connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -330,7 +330,7 @@ function Set-TargetResource { $getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postAttributeCollectionConnectorName)'" $params = @{ - "@odata.id" = "https://graph.microsoft.com/beta/identity/apiConnectors/$($getConnector.Id)" + "@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)" } Write-Verbose -Message "Updating the Post Attribute Collection connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" @@ -344,7 +344,7 @@ function Set-TargetResource foreach ($provider in $providersToAdd) { $params = @{ - "@odata.id" = "https://graph.microsoft.com/beta/identityProviders/$($provider)" + "@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)" } Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 index 48a0c49ff4..6bf1872082 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1 @@ -262,7 +262,7 @@ function Set-TargetResource "@context" = '#$delta' value = @(@{}) } - Invoke-MgGraphRequest -Uri https://graph.microsoft.com/beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles -Method Patch -Body $params + Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params #adding forwarding profiles if required if ($forwardingProfilesList.Count -gt 0) { @@ -270,7 +270,7 @@ function Set-TargetResource "@context" = '#$delta' value = $forwardingProfilesList } - Invoke-MgGraphRequest -Uri https://graph.microsoft.com/beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles -Method Patch -Body $params + Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params } } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 index 3348ec3938..353f97ad90 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1 @@ -423,7 +423,7 @@ function Set-TargetResource { $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -431,7 +431,7 @@ function Set-TargetResource } } $complexDefinitionValue = @{ - 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -519,7 +519,7 @@ function Set-TargetResource { $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -527,7 +527,7 @@ function Set-TargetResource } } $complexDefinitionValue = @{ - 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } @@ -553,7 +553,7 @@ function Set-TargetResource $currentPresentationValue = $currentDefinitionValue.PresentationValues | Where-Object { $_.PresentationDefinitionId -eq $presentationValue.presentationDefinitionId } $value = $presentationValue.clone() $value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename - $value.add('presentation@odata.bind', "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") + $value.add('presentation@odata.bind', "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')") $value.remove('PresentationDefinitionId') $value.remove('PresentationDefinitionLabel') $value.remove('id') @@ -563,7 +563,7 @@ function Set-TargetResource } $complexDefinitionValue = @{ id = $currentDefinitionValue.Id - 'definition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" + 'definition@odata.bind' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')" enabled = $definitionValue.Enabled presentationValues = $complexPresentationValues } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 index 6986c95636..8cf0644b73 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1 @@ -294,7 +294,7 @@ function Get-TargetResource AccessTokens = $AccessTokens #endregion } - + $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id $assignmentResult = @() if ($assignmentsValues.Count -gt 0) @@ -521,7 +521,7 @@ function Set-TargetResource } #region resource generator code - $CreateParameters.Add("rootCertificate@odata.bind", "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$RootCertificateId')") + $CreateParameters.Add("rootCertificate@odata.bind", "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')") $CreateParameters.Add("@odata.type", "#microsoft.graph.windows81SCEPCertificateProfile") $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments @@ -1030,10 +1030,10 @@ function Update-DeviceConfigurationPolicyRootCertificateId [System.String] $RootCertificateId ) - + $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref" $ref = @{ - '@odata.id' = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$RootCertificateId')" + '@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')" } Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref|ConvertTo-Json) -ErrorAction Stop diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 index 5fece7e58c..13ef69d375 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1 @@ -563,7 +563,7 @@ function Set-TargetResource -CertificateId $RootCertificatesForServerValidationIds[$i] ` -CertificateDisplayName $RootCertificatesForServerValidationDisplayNames[$i] ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $rootCertificatesForServerValidation += "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $rootCertificatesForServerValidation += "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" } $CreateParameters.Add('rootCertificatesForServerValidation@odata.bind', $rootCertificatesForServerValidation) } @@ -578,7 +578,7 @@ function Set-TargetResource '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` ) - $ref = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('identityCertificateForClientAuthentication@odata.bind', $ref) } @@ -592,7 +592,7 @@ function Set-TargetResource '#microsoft.graph.windows81TrustedRootCertificate', ` '#microsoft.graph.windows10PkcsCertificateProfile' ` ) - $ref = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryIdentityCertificateForClientAuthentication@odata.bind', $ref) } @@ -602,7 +602,7 @@ function Set-TargetResource -CertificateId $RootCertificateForClientValidationId ` -CertificateDisplayName $RootCertificateForClientValidationDisplayName ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $ref = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('rootCertificateForClientValidation@odata.bind', $ref) } @@ -612,7 +612,7 @@ function Set-TargetResource -CertificateId $SecondaryRootCertificateForClientValidationId ` -CertificateDisplayName $SecondaryRootCertificateForClientValidationDisplayName ` -OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate') - $ref = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$checkedCertId')" + $ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')" $CreateParameters.Add('secondaryRootCertificateForClientValidation@odata.bind', $ref) } @@ -1228,7 +1228,7 @@ function Update-DeviceConfigurationPolicyCertificateId $CertificateName ) $Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windowsWiredNetworkConfiguration/$CertificateName/`$ref" - + if ($CertificateName -eq 'rootCertificatesForServerValidation') { $method = 'POST' @@ -1241,7 +1241,7 @@ function Update-DeviceConfigurationPolicyCertificateId foreach ($certificateId in $CertificateIds) { $ref = @{ - '@odata.id' = "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations('$certificateId')" + '@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')" } Invoke-MgGraphRequest -Method $method -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 index 739c2c80d7..fec360308a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1 @@ -450,8 +450,8 @@ function Set-TargetResource throw "Mobile App Category with DisplayName $($category.DisplayName) not found." } - Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ + '@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } @@ -507,7 +507,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 index f10634ed10..a2102b6e30 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1 @@ -487,7 +487,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } @@ -544,7 +544,7 @@ function Set-TargetResource } Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{ - '@odata.id' = "https://graph.microsoft.com/beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" + '@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)" } } else diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 index b793caca5f..ebcc896cd9 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneRoleAssignment/MSFT_IntuneRoleAssignment.psm1 @@ -394,7 +394,7 @@ function Set-TargetResource scopeType = $ScopeType members = $Members '@odata.type' = '#microsoft.graph.deviceAndAppManagementRoleAssignment' - 'roleDefinition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/roleDefinitions('$roleDefinition')" + 'roleDefinition@odata.bind' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" } $policy = New-MgBetaDeviceManagementRoleAssignment -BodyParameter $CreateParameters @@ -410,7 +410,7 @@ function Set-TargetResource scopeType = $ScopeType members = $Members '@odata.type' = '#microsoft.graph.deviceAndAppManagementRoleAssignment' - 'roleDefinition@odata.bind' = "https://graph.microsoft.com/beta/deviceManagement/roleDefinitions('$roleDefinition')" + 'roleDefinition@odata.bind' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/roleDefinitions('$roleDefinition')" } Update-MgBetaDeviceManagementRoleAssignment -BodyParameter $UpdateParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 index c77ba7c781..bb6fa09486 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365Group/MSFT_O365Group.psm1 @@ -352,7 +352,7 @@ function Set-TargetResource $userId = (Get-MgUser -UserId $member).Id # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022) - $url = "https://graph.microsoft.com/v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref" + $url = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/members/$userId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null } } @@ -398,7 +398,7 @@ function Set-TargetResource Write-Verbose -Message "Adding Owner {$owner}" $userId = (Get-MgUser -UserId $owner).Id $newGroupOwner = @{ - '@odata.id' = "https://graph.microsoft.com/v1.0/users/{$userId}" + '@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/users/{$userId}" } New-MgGroupOwnerByRef -GroupId $ADGroup[0].Id -BodyParameter $newGroupOwner @@ -410,7 +410,7 @@ function Set-TargetResource $userId = (Get-MgUser -UserId $owner).Id # There are no cmldet to remove members from group available at the time of writing this resource (March 8th 2022) - $url = "https://graph.microsoft.com/v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref" + $url = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/groups/$($ADGroup[0].Id)/owners/$userId/`$ref" Invoke-MgGraphRequest -Method DELETE -Uri $url | Out-Null } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 index 4b54639eef..3b8db6bd7e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_PlannerTask/MSFT_PlannerTask.psm1 @@ -492,7 +492,7 @@ function Set-TargetResource Write-Verbose -Message "Updating Task with:`r`n$JSONDetails" # Need to continue to rely on Invoke-MgGraphRequest Invoke-MgGraphRequest -Method PATCH ` - -Uri "https://graph.microsoft.com/v1.0/planner/tasks/$taskId" ` + -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId" ` -Headers $Headers ` -Body $JSONDetails @@ -504,7 +504,7 @@ function Set-TargetResource $JSONDetails = (ConvertTo-Json $details) Write-Verbose -Message "Updating Task's details with:`r`n$JSONDetails" Invoke-MgGraphRequest -Method PATCH ` - -Uri "https://graph.microsoft.com/v1.0/planner/tasks/$taskId/details" ` + -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/planner/tasks/$taskId/details" ` -Headers $Headers ` -Body $JSONDetails @@ -940,7 +940,7 @@ function Get-M365DSCPlannerTasksFromPlan $Credential ) $results = @() - $uri = "https://graph.microsoft.com/v1.0/planner/plans/$PlanId/tasks" + $uri = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/planner/plans/$PlanId/tasks" $taskResponse = Invoke-MSCloudLoginMicrosoftGraphAPI -Credential $Credential ` -Uri $uri ` -Method Get diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 index 6af727886b..d55b1ee958 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsChannelTab/MSFT_TeamsChannelTab.psm1 @@ -368,7 +368,7 @@ function Set-TargetResource Write-Verbose -Message "Params: $($CurrentParameters | Out-String)" $additionalProperties = @{ - 'teamsApp@odata.bind' = "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/$TeamsApp" + 'teamsApp@odata.bind' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/appCatalogs/teamsApps/$TeamsApp" } $CurrentParameters.Add('AdditionalProperties', $additionalProperties) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 index 3f2224c6af..d23686aa96 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsMeetingPolicy/MSFT_TeamsMeetingPolicy.psm1 @@ -473,6 +473,12 @@ function Get-TargetResource TeamsCameraFarEndPTZMode = $policy.TeamsCameraFarEndPTZMode WhoCanRegister = $policy.WhoCanRegister Ensure = 'Present' + Credential = $Credential + ApplicationId = $ApplicationId + TenantId = $TenantId + CertificateThumbprint = $CertificateThumbprint + ManagedIdentity = $ManagedIdentity.IsPresent + AccessTokens = $AccessTokens } } catch diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 index 65198e99db..35e6848a74 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsTeam/MSFT_TeamsTeam.psm1 @@ -443,7 +443,7 @@ function Set-TargetResource Write-Verbose -Message "Retrieving Group Owner {$currentOwner}" $ownerUser = Get-MgUser -Search $currentOwner -ConsistencyLevel eventual - $ownerOdataID = "https://graph.microsoft.com/v1.0/directoryObjects/$($ownerUser.Id)" + $ownerOdataID = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)v1.0/directoryObjects/$($ownerUser.Id)" Write-Verbose -Message "Adding Owner {$($ownerUser.Id)} to Group {$($group.Id)}" try diff --git a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/1-Create.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/2-Update.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 new file mode 100644 index 0000000000..b516274848 --- /dev/null +++ b/Modules/Microsoft365DSC/Examples/Resources/ResourceName/3-Remove.ps1 @@ -0,0 +1,26 @@ +<# +This example is used to test new resources and showcase the usage of new resources being worked on. +It is not meant to use as a production baseline. +#> + +Configuration Example +{ + param( + [Parameter()] + [System.String] + $ApplicationId, + + [Parameter()] + [System.String] + $TenantId, + + [Parameter()] + [System.String] + $CertificateThumbprint + ) + Import-DscResource -ModuleName Microsoft365DSC + node localhost + { + + } +} diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index 1c924e4bb9..8a18fa8a84 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 2024-11-13 +# Generated on: 2024-11-20 @{ @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.24.1113.1' + ModuleVersion = '1.24.1120.1' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,48 +147,81 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADConditionalAccessPolicy - * Fixed bug where an empty value was passed in the request for the - insiderRiskLevels parameter, which throws an error. - FIXES [#5389](https://github.com/microsoft/Microsoft365DSC/issues/5389) - * Fixes a bug where 3P apps could not be assigned by DisplayName for both - IncludeApplications and ExcludeApplications - FIXES [#5390](https://github.com/microsoft/Microsoft365DSC/issues/5390) + ReleaseNotes = '* AADAdminConsentRequestPolicy + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyAuthenticator + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyEmail + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyExternal + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyFido2 + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyHardware + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicySms + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicySoftware + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyTemporary + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyVoice + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADAuthenticationMethodPolicyX509 + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADConditionalAccessPolicy + * Fixed bug where a null value was passed in the request for the + excludePlatforms parameter when just values were assigned to includePlatforms, which throws an error. + * Fixed bug where a null value was passed in the request for the + sessionControl parameter when there are no session controls, which throws an error. + * Fixed bug where a null value was passed in the request for the + applicationEnforcedRestrictions parameter when value was set to false, which throws an error. +* AADDeviceRegistrationPolicy + * Added error handling to Group display name retrieval to prevent errors + when an assigned group no longer exists. +* AADRoleAssignmentScheduleRequest + * Initial release. * AADRoleEligibilityScheduleRequest - * FIXES [#3787](https://github.com/microsoft/Microsoft365DSC/issues/3787) - * FIXES [#5089](https://github.com/microsoft/Microsoft365DSC/issues/5089) -* EXOATPBuiltInProtectionRule, EXOEOPProtectionRule - * Fixed issue where empty arrays were being compared incorrectly to null - strings - FIXES [#5394](https://github.com/microsoft/Microsoft365DSC/issues/5394) -* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy - * Update property `PasswordAgeDays_AAD` to be lower-case. - FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) -* IntuneAntivirusExclusionsPolicyMacOS + * Adds support for custom role assignments at app scope. +* AADRoleSettings + * Fixing issue where the ActivateApprover parameter is not processed correctly + when an approver does not exist. + FIXES [#5423](https://github.com/microsoft/Microsoft365DSC/issues/5423) + FIXES [#5415](https://github.com/microsoft/Microsoft365DSC/issues/5415) +* AzureBillingAccountPolicy + * Initial release. +* IntuneDeviceConfigurationPolicyAndroidDeviceOwner + * Fixed issue when properties `DetailedHelpText`, + `DeviceOwnerLockScreenMessage` or `ShortHelpText` were defined but the + request was not being sent correctly + FIXES [#5411](https://github.com/microsoft/Microsoft365DSC/issues/5411) +* IntuneDiskEncryptionPDEPolicyWindows10 + * Initial release. +* IntuneFirewallRulesHyperVPolicyWindows10 + * Initial release. +* IntuneFirewallRulesPolicyWindows10ConfigMgr + * Initial release. +* IntuneMobileAppConfigurationPolicyIOS * Initial release. -* IntuneAntivirusPolicyWindows10SettingCatalog - * Update properties to be upper-case. - Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) -* IntuneDeviceConfigurationCustomPolicyWindows10 - * Fixed issue where `Value`, from `OmaSettings`, could not be compared - correctly if it was boolean and set to `$False` - FIXES [#5384](https://github.com/microsoft/Microsoft365DSC/issues/5384) -* IntuneEndpointDetectionAndResponsePolicyWindows10 - * Remove changed property name from export. - FIXES [#5300](https://github.com/microsoft/Microsoft365DSC/issues/5300) -* IntuneSecurityBaselineMicrosoftEdge - * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` +* SCPolicyConfig + * Fixed an issue extracting empty groups properties. +* TeamsUpdateManagementPolicy + * Added conversion of the UpdateTimeOfDay parameter to the local culture format + so that the comparison will work consistently. + FIXES [#5424](https://github.com/microsoft/Microsoft365DSC/issues/5424) * M365DSCDRGUtil - * Restrict CIM instance access to properties that appear multiple times. - * Switch log type for not found Intune assignments to `Warning`. -* M365DSCIntuneSettingsCatalogUtil - * Add ADMX handling for `edge~httpauthentication_`. - FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) -* TeamsUpgradePolicy - * Changes to how we are retrieving the users to improve performance. -* DEPENDENCIES - * Updated DSCParser to version 2.0.0.12. - * Updated MSCloudLoginAssistant to version 1.1.28.' + * Improve CIM instance detection for specific Intune resources.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false