Merge pull request #5307 from NikCharlebois/InsiderRiskLevels

AADConditionalAccessPolicy - Added Support for InsiderRiskLevels
microsoft · Oct 31, 2024 · 34e405e · 34e405e
2 parents 41c799a + 6d34336
commit 34e405e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@
   * Initial release.
 * AADConditionalAccessPolicy
   * FIXES [#5282](https://github.com/microsoft/Microsoft365DSC/issues/5282)
+  * Added support for InsiderRiskLevels.
 * AADCustomSecurityAttributeDefinition
   * Fixed missing permissions in settings.json
 * AADEnrichedAuditLogs
@@ -130,12 +131,12 @@
     properly with their respective parent setting.
 * MISC
   * Fixed references to graph.microsoft.com with dynamic domain name based on target cloud.
-   Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup, 
-   AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10, 
+   Impacted AADAdminConsentRequestPolicy, AADApplication, AADConditionalAccessPolicy, AADGroup,
+   AADNamedLocationPolicy, AADServiePrincipal, IntuneASRRulesPolicyWindows10,
    IntuneAccountProtectionLocalUsersGroupMembershipPolicy, IntuneAccountProtectionPolicy,
    IntuneAppProtectionPolicyiOS,IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10,
    IntuneDeviceConfigurationSCEPCertificatePolicyWindows10, IntuneDeviceConfigurationWiredNetworkPolicyWindows10,
-   IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets, 
+   IntuneDeviceEnrollmentStatusPageWindows10, IntuneDiskEncryptionMacOS, IntunePolicySets,
    IntuneSettingCatalogCustomPolicyWindows10, M365DSCRGUtil
   * Exponential performance improvements by reducing complexity and roundtrips.
 * DEPENDENCIES

diff --git a/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/...t365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1
@@ -219,6 +219,10 @@ function Get-TargetResource
         [System.String]
         $TransferMethods,
 
+        [Parameter()]
+        [System.String]
+        $InsiderRiskLevels,
+
         #generic
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
@@ -709,6 +713,7 @@ function Get-TargetResource
         TransferMethods                          = [System.String]$Policy.Conditions.AuthenticationFlows.TransferMethods
         #Standard part
         TermsOfUse                               = $termOfUseName
+        InsiderRiskLevels                        = $Policy.Conditions.InsiderRiskLevels
         Ensure                                   = 'Present'
         Credential                               = $Credential
         ApplicationSecret                        = $ApplicationSecret
@@ -943,6 +948,10 @@ function Set-TargetResource
         [System.String]
         $TransferMethods,
 
+        [Parameter()]
+        [System.String]
+        $InsiderRiskLevels,
+
         #generic
         [Parameter()]
         [ValidateSet('Present', 'Absent')]
@@ -1577,6 +1586,11 @@ function Set-TargetResource
             }
         }
 
+        if ($null -ne $InsiderRiskLevels)
+        {
+            $conditions.Add("insiderRiskLevels", $InsiderRiskLevels)
+        }
+
         Write-Verbose -Message 'Set-Targetresource: process risk levels and app types'
         Write-Verbose -Message "Set-Targetresource: UserRiskLevels: $UserRiskLevels"
         If ($currentParameters.ContainsKey('UserRiskLevels'))
@@ -2044,6 +2058,10 @@ function Test-TargetResource
         [System.String]
         $TransferMethods,
 
+        [Parameter()]
+        [System.String]
+        $InsiderRiskLevels,
+
         #generic
         [Parameter()]
         [ValidateSet('Present', 'Absent')]

diff --git a/...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/...C/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof
@@ -50,6 +50,7 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
     [Write, Description("Name of the associated authentication strength policy.")] String AuthenticationStrength;
     [Write, Description("Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.")] String TransferMethods;
     [Write, Description("Authentication context class references.")] String AuthenticationContexts[];
+    [Write, Description("Insider risk levels conditions.")] String InsiderRiskLevels;
     [Write, Description("Specify if the Azure AD CA Policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
     [Write, Description("Credentials for the Microsoft Graph delegated permissions."), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;