Skip to content

Commit

Permalink
Fix Intune role assignment and cloud login variable
Browse files Browse the repository at this point in the history
  • Loading branch information
Fabien Tschanz committed Nov 27, 2024
1 parent e991dd3 commit 3354573
Show file tree
Hide file tree
Showing 15 changed files with 104 additions and 134 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
* Fixes an issue where assignment wasn't properly set if the
groupId was null.
FIXES [#5430](https://github.com/microsoft/Microsoft365DSC/issues/5430)
* IntuneRoleAssignment
* Improve verbose output and fix copy-pasted variables.
* IntuneRoleScopeTag
* Initial release.
* TeamsUserPolicyAssignment
Expand Down
8 changes: 4 additions & 4 deletions Modules/Microsoft365DSC/DSCResources/MSFT_AADGroup/MSFT_AADGroup.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -689,7 +689,7 @@ function Set-TargetResource
{
Write-Verbose -Message "Adding new owner {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
$ownerObject = @{
'@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
}
try
{
Expand Down Expand Up @@ -751,15 +751,15 @@ function Set-TargetResource
{
Write-Verbose -Message "Adding new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
$memberObject = @{
'@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
}
New-MgGroupMemberByRef -GroupId ($currentGroup.Id) -BodyParameter $memberObject | Out-Null
}
elseif ($diff.SideIndicator -eq '<=')
{
Write-Verbose -Message "Removing new member {$($diff.InputObject)} to AAD Group {$($currentGroup.DisplayName)}"
$memberObject = @{
'@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/{$($directoryObject.Id)}"
}
Remove-MgGroupMemberDirectoryObjectByRef -GroupId ($currentGroup.Id) -DirectoryObjectId ($directoryObject.Id) | Out-Null
}
Expand Down Expand Up @@ -809,7 +809,7 @@ function Set-TargetResource
{
Write-Verbose -Message "Adding AAD group {$($groupAsMember.DisplayName)} as member of AAD group {$($currentGroup.DisplayName)}"
$groupAsMemberObject = @{
"@odata.id"= $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)"
"@odata.id"= $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "v1.0/directoryObjects/$($groupAsMember.Id)"
}
New-MgBetaGroupMemberByRef -GroupId ($currentGroup.Id) -Body $groupAsMemberObject | Out-Null
}
Expand Down
8 changes: 4 additions & 4 deletions ...Microsoft365DSC/DSCResources/MSFT_AADIdentityB2XUserFlow/MSFT_AADIdentityB2XUserFlow.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ function Set-TargetResource
foreach ($provider in $IdentityProviders)
{
$params = @{
"@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)"
"@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)"
}

Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the newly created Azure AD Identity B2X User Flow with Id {$($newObj.Id)}"
Expand Down Expand Up @@ -318,7 +318,7 @@ function Set-TargetResource
{
$getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postFederationSignupConnectorName)'"
$params = @{
"@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
"@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
}

Write-Verbose -Message "Updating the Post Federation Signup connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}"
Expand All @@ -330,7 +330,7 @@ function Set-TargetResource
{
$getConnector = Get-MgBetaIdentityApiConnector -Filter "DisplayName eq '$($ApiConnectorConfiguration.postAttributeCollectionConnectorName)'"
$params = @{
"@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
"@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identity/apiConnectors/$($getConnector.Id)"
}

Write-Verbose -Message "Updating the Post Attribute Collection connector for Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}"
Expand All @@ -344,7 +344,7 @@ function Set-TargetResource
foreach ($provider in $providersToAdd)
{
$params = @{
"@odata.id" = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)"
"@odata.id" = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/identityProviders/$($provider)"
}

Write-Verbose -Message "Adding the Identity Provider with Id {$provider} to the Azure AD Identity B2X User Flow with Id {$($currentInstance.Id)}"
Expand Down
4 changes: 2 additions & 2 deletions Modules/Microsoft365DSC/DSCResources/MSFT_AADRemoteNetwork/MSFT_AADRemoteNetwork.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,15 +262,15 @@ function Set-TargetResource
"@context" = '#$delta'
value = @(@{})
}
Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params

#adding forwarding profiles if required
if ($forwardingProfilesList.Count -gt 0) {
$params = @{
"@context" = '#$delta'
value = $forwardingProfilesList
}
Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/networkAccess/connectivity/remoteNetworks/$($currentInstance.Id)/forwardingProfiles" -Method Patch -Body $params
}
}
elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
Expand Down
12 changes: 6 additions & 6 deletions ...ePolicyWindows10/MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,15 +423,15 @@ function Set-TargetResource
{
$value = $presentationValue.clone()
$value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename
$value.add('[email protected]', $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
$value.add('[email protected]', $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
$value.remove('PresentationDefinitionId')
$value.remove('PresentationDefinitionLabel')
$value.remove('id')
$complexPresentationValues += $value
}
}
$complexDefinitionValue = @{
'[email protected]' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
'[email protected]' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
enabled = $definitionValue.Enabled
presentationValues = $complexPresentationValues
}
Expand Down Expand Up @@ -519,15 +519,15 @@ function Set-TargetResource
{
$value = $presentationValue.clone()
$value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename
$value.add('[email protected]', "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
$value.add('[email protected]', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
$value.remove('PresentationDefinitionId')
$value.remove('PresentationDefinitionLabel')
$value.remove('id')
$complexPresentationValues += $value
}
}
$complexDefinitionValue = @{
'[email protected]' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
'[email protected]' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
enabled = $definitionValue.Enabled
presentationValues = $complexPresentationValues
}
Expand All @@ -553,7 +553,7 @@ function Set-TargetResource
$currentPresentationValue = $currentDefinitionValue.PresentationValues | Where-Object { $_.PresentationDefinitionId -eq $presentationValue.presentationDefinitionId }
$value = $presentationValue.clone()
$value = Rename-M365DSCCimInstanceParameter -Properties $value -KeyMapping $keyToRename
$value.add('[email protected]', "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
$value.add('[email protected]', "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')/presentations('$($presentationValue.presentationDefinitionId)')")
$value.remove('PresentationDefinitionId')
$value.remove('PresentationDefinitionLabel')
$value.remove('id')
Expand All @@ -563,7 +563,7 @@ function Set-TargetResource
}
$complexDefinitionValue = @{
id = $currentDefinitionValue.Id
'[email protected]' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
'[email protected]' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/groupPolicyDefinitions('$($definitionValue.Definition.Id)')"
enabled = $definitionValue.Enabled
presentationValues = $complexPresentationValues
}
Expand Down
4 changes: 2 additions & 2 deletions ...tificatePolicyWindows10/MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -521,7 +521,7 @@ function Set-TargetResource
}

#region resource generator code
$CreateParameters.Add("[email protected]", "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')")
$CreateParameters.Add("[email protected]", "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$RootCertificateId')")
$CreateParameters.Add("@odata.type", "#microsoft.graph.windows81SCEPCertificateProfile")
$policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters
$assignmentsHash = ConvertTo-IntunePolicyAssignment -IncludeDeviceFilter:$true -Assignments $Assignments
Expand Down Expand Up @@ -1033,7 +1033,7 @@ function Update-DeviceConfigurationPolicyRootCertificateId

$Uri = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$DeviceConfigurationPolicyId')/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate/`$ref"
$ref = @{
'@odata.id' = $Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')"
'@odata.id' = $Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl + "beta/deviceManagement/deviceConfigurations('$RootCertificateId')"
}

Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body ($ref|ConvertTo-Json) -ErrorAction Stop
Expand Down
12 changes: 6 additions & 6 deletions ...iredNetworkPolicyWindows10/MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -563,7 +563,7 @@ function Set-TargetResource
-CertificateId $RootCertificatesForServerValidationIds[$i] `
-CertificateDisplayName $RootCertificatesForServerValidationDisplayNames[$i] `
-OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate')
$rootCertificatesForServerValidation += "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$rootCertificatesForServerValidation += "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
}
$CreateParameters.Add('[email protected]', $rootCertificatesForServerValidation)
}
Expand All @@ -578,7 +578,7 @@ function Set-TargetResource
'#microsoft.graph.windows81TrustedRootCertificate', `
'#microsoft.graph.windows10PkcsCertificateProfile' `
)
$ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$CreateParameters.Add('[email protected]', $ref)
}

Expand All @@ -592,7 +592,7 @@ function Set-TargetResource
'#microsoft.graph.windows81TrustedRootCertificate', `
'#microsoft.graph.windows10PkcsCertificateProfile' `
)
$ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$CreateParameters.Add('[email protected]', $ref)
}

Expand All @@ -602,7 +602,7 @@ function Set-TargetResource
-CertificateId $RootCertificateForClientValidationId `
-CertificateDisplayName $RootCertificateForClientValidationDisplayName `
-OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate')
$ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$CreateParameters.Add('[email protected]', $ref)
}

Expand All @@ -612,7 +612,7 @@ function Set-TargetResource
-CertificateId $SecondaryRootCertificateForClientValidationId `
-CertificateDisplayName $SecondaryRootCertificateForClientValidationDisplayName `
-OdataTypes @('#microsoft.graph.windows81TrustedRootCertificate')
$ref = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$ref = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$checkedCertId')"
$CreateParameters.Add('[email protected]', $ref)
}

Expand Down Expand Up @@ -1241,7 +1241,7 @@ function Update-DeviceConfigurationPolicyCertificateId
foreach ($certificateId in $CertificateIds)
{
$ref = @{
'@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')"
'@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceManagement/deviceConfigurations('$certificateId')"
}

Invoke-MgGraphRequest -Method $method -Uri $Uri -Body ($ref | ConvertTo-Json) -ErrorAction Stop 4>$null
Expand Down
6 changes: 3 additions & 3 deletions ...65DSC/DSCResources/MSFT_IntuneMobileAppsMacOSLobApp/MSFT_IntuneMobileAppsMacOSLobApp.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -450,8 +450,8 @@ function Set-TargetResource
throw "Mobile App Category with DisplayName $($category.DisplayName) not found."
}

Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{
'@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
Invoke-MgGraphRequest -Uri "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{
'@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
}
}

Expand Down Expand Up @@ -507,7 +507,7 @@ function Set-TargetResource
}

Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{
'@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
'@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
}
}
else
Expand Down
4 changes: 2 additions & 2 deletions ...SFT_IntuneMobileAppsWindowsOfficeSuiteApp/MSFT_IntuneMobileAppsWindowsOfficeSuiteApp.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -487,7 +487,7 @@ function Set-TargetResource
}

Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($app.Id)/categories/`$ref" -Method 'POST' -Body @{
'@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
'@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
}
}

Expand Down Expand Up @@ -544,7 +544,7 @@ function Set-TargetResource
}

Invoke-MgGraphRequest -Uri "/beta/deviceAppManagement/mobileApps/$($currentInstance.Id)/categories/`$ref" -Method 'POST' -Body @{
'@odata.id' = "$($Global:MSCloudLoginAssistant.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
'@odata.id' = "$($Global:MSCloudLoginConnectionProfile.MicrosoftGraph.ResourceUrl)beta/deviceAppManagement/mobileAppCategories/$($currentCategory.Id)"
}
}
else
Expand Down
Loading

0 comments on commit 3354573

Please sign in to comment.