Skip to content

Commit

Permalink
Merge pull request #3699 from NikCharlebois/TeamsGroupPolicyAssignmen…
Browse files Browse the repository at this point in the history
…t-Fixes

Various Fixes
  • Loading branch information
NikCharlebois authored Sep 19, 2023
2 parents f40c27b + 7fafe19 commit 351314c
Show file tree
Hide file tree
Showing 5 changed files with 61 additions and 64 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@
* O365OrgSettings
* Fixes and issue where a the wrong url was being used in some of the API
calls, resulting in null returns for some properties in the Get method.
* SPOSharingSettings
* Changes verbose prompts to warnings.
* TeamsGroupPolicyAssignment
* Changes to how Group IDs are retrieved and evaluated.
* TeamsAppPermissionPolicy
* Fixes to the Test-TargetResource evaluation of empty arrays.
* DEPENDENCIES
* Updated MicrosoftTeams to version 5.6.0.
FIXES [#3671](https://github.com/microsoft/Microsoft365DSC/issues/3671)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ function Set-TargetResource
if ($null -eq $SharingAllowedDomainList -and $null -eq $SharingBlockedDomainList -and
($null -ne $RequireAcceptingAccountMatchInvitedAccount -and $RequireAcceptingAccountMatchInvitedAccount -eq $false))
{
Write-Verbose -Message 'If SharingAllowedDomainList / SharingBlockedDomainList are set to null RequireAcceptingAccountMatchInvitedAccount must be set to True '
Write-Warning -Message 'If SharingAllowedDomainList / SharingBlockedDomainList are set to null RequireAcceptingAccountMatchInvitedAccount must be set to True '
$CurrentParameters.Remove('RequireAcceptingAccountMatchInvitedAccount') | Out-Null
}

Expand All @@ -444,31 +444,31 @@ function Set-TargetResource
}
if ($SharingCapability -ne 'ExternalUserAndGuestSharing')
{
Write-Verbose -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserAndGuestSharing for that the RequireAnonymousLinksExpireInDays property cannot be configured'
Write-Warning -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserAndGuestSharing for that the RequireAnonymousLinksExpireInDays property cannot be configured'
$CurrentParameters.Remove('RequireAnonymousLinksExpireInDays') | Out-Null
}
if ($SharingCapability -ne 'ExternalUserExpirationRequired')
{
Write-Verbose -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserExpirationRequired for that the ExternalUserExpireInDays property cannot be configured'
Write-Warning -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserExpirationRequired for that the ExternalUserExpireInDays property cannot be configured'
$CurrentParameters.Remove('ExternalUserExpireInDays') | Out-Null
}
if ($RequireAcceptingAccountMatchInvitedAccount -eq $false)
{
Write-Verbose -Message 'RequireAcceptingAccountMatchInvitedAccount is set to be false. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured'
Write-Warning -Message 'RequireAcceptingAccountMatchInvitedAccount is set to be false. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured'
$CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null
$CurrentParameters.Remove('SharingBlockedDomainList') | Out-Null
}

if ($SharingCapability -ne 'ExternalUserAndGuestSharing' -and ($null -ne $FileAnonymousLinkType -or $null -ne $FolderAnonymousLinkType))
{
Write-Verbose -Message 'If anonymous file or folder links are set, SharingCapability must be set to ExternalUserAndGuestSharing '
Write-Warning -Message 'If anonymous file or folder links are set, SharingCapability must be set to ExternalUserAndGuestSharing '
$CurrentParameters.Remove('FolderAnonymousLinkType') | Out-Null
$CurrentParameters.Remove('FileAnonymousLinkType') | Out-Null
}

if ($SharingDomainRestrictionMode -eq 'None')
{
Write-Verbose -Message 'SharingDomainRestrictionMode is set to None. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured'
Write-Warning -Message 'SharingDomainRestrictionMode is set to None. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured'
$CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null
$CurrentParameters.Remove('SharingBlockedDomainList') | Out-Null
}
Expand All @@ -479,7 +479,7 @@ function Set-TargetResource
}
elseif ($SharingDomainRestrictionMode -eq 'BlockList')
{
Write-Verbose -Message 'SharingDomainRestrictionMode is set to BlockList. For that SharingAllowedDomainList cannot be configured'
Write-Warning -Message 'SharingDomainRestrictionMode is set to BlockList. For that SharingAllowedDomainList cannot be configured'
$CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null
}
foreach ($value in $CurrentParameters.GetEnumerator())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,16 +83,34 @@ function Get-TargetResource
return $nullResult
}

$DefaultCatalogAppsValue = $instance.DefaultCatalogApps.Id
if ($instance.DefaultCatalogApps.Count -eq 0)
{
$DefaultCatalogAppsValue = @()
}

$GlobalCatalogAppsValue = $instance.GlobalCatalogApps.Id
if ($instance.GlobalCatalogApps.Count -eq 0)
{
$GlobalCatalogAppsValue = @()
}

$PrivateCatalogAppsValue = $instance.PrivateCatalogApps.Id
if ($instance.PrivateCatalogApps.Count -eq 0)
{
$PrivateCatalogAppsValue = @()
}

Write-Verbose -Message "Found an instance with Identity {$Identity}"
$results = @{
Identity = $instance.Identity.Replace('Tag:', '')
Description = $instance.Description
GlobalCatalogAppsType = $instance.GlobalCatalogAppsType
PrivateCatalogAppsType = $instance.PrivateCatalogAppsType
DefaultCatalogAppsType = $instance.DefaultCatalogAppsType
GlobalCatalogApps = $instance.GlobalCatalogApps.Id
PrivateCatalogApps = $instance.PrivateCatalogApps.Id
DefaultCatalogApps = $instance.DefaultCatalogApps.Id
GlobalCatalogApps = $GlobalCatalogAppsValue
PrivateCatalogApps = $PrivateCatalogAppsValue
DefaultCatalogApps = $DefaultCatalogAppsValue
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ function Get-TargetResource
[System.String]
$GroupDisplayName,

[Parameter(Mandatory = $true)]
[Parameter()]
[System.String]
$GroupId,

Expand Down Expand Up @@ -66,18 +66,21 @@ function Get-TargetResource

try
{
Write-Verbose -Message "Getting GroupPOlicyAssignment for {$GroupId}"
$group = Find-CsGroup -SearchQuery $GroupId
if ($group.Length -gt 1)
if (-not [System.String]::IsNullOrEmpty($GroupId))
{
Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}"
$Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName }
Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupId}"
$group = Find-CsGroup -SearchQuery $GroupId -ErrorAction SilentlyContinue
if ($group.Length -gt 1)
{
Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}"
$Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName }
}
}
else
{
Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupDisplayName}"
$Group = Find-CsGroup -SearchQuery $GroupDisplayName
if ($group.Length -gt 1)
$Group = Find-CsGroup -SearchQuery $GroupDisplayName -ErrorAction SilentlyContinue
if ($Group.Length -gt 1)
{
Write-Verbose -Message "Found $($group.Length) groups with the name $GroupDisplayName"
$Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName }
Expand All @@ -92,6 +95,7 @@ function Get-TargetResource
if ($null -eq $GroupPolicyAssignment)
{
Write-Verbose -Message "GroupPolicyAssignment not found for $GroupDisplayName"
$nullReturn.GroupId = $Group.Id
return $nullReturn
}
Write-Verbose -Message "Found GroupPolicyAssignment $($Group.Displayname) with PolicyType:$($GroupPolicyAssignment.PolicyType) and Policy Name:$($GroupPolicyAssignment.PolicyName)"
Expand Down Expand Up @@ -129,7 +133,7 @@ function Set-TargetResource
[System.String]
$GroupDisplayName,

[Parameter(Mandatory = $true)]
[Parameter()]
[System.String]
$GroupId,

Expand Down Expand Up @@ -183,53 +187,22 @@ function Set-TargetResource
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' -InboundParameters $PSBoundParameters
$CurrentValues = Get-TargetResource @PSBoundParameters

#check policyname
$command = 'get-cs' + $PolicyType
$policies = Invoke-Expression -Command $command -ErrorAction SilentlyContinue
$policymatch = $false
if ($null -ne $policies)
{
Foreach ($policy in $policies.Identity)
{
$match = '^Tag:' + $PolicyName + '$'
if ($policy -match $match)
{
$policymatch = $true
}
}
}
if ($null -eq $policies -or $policymatch -eq $false)
{
Write-Verbose -Message "No PolicyType found for $PolicyType"
return
}

#get groupid
if ($GroupId.Length -eq 0)
{
$Group = Find-CsGroup -SearchQuery $GroupDisplayName
if ($group.Length -gt 1)
{
Write-Verbose -Message "Found $($group.Length) groups with the name $GroupDisplayName"
$Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName }
}
if ($null -eq $Group)
{
Write-Verbose -Message "Group not found for $GroupDisplayName"
return
}
$GroupId = $Group.Id
}
Write-Verbose -Message "Retrieve GroupId for: $($GroupDisplayName)"
try
{
if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent')
{
Write-Verbose -Message "Adding GroupPolicyAssignment for $GroupDisplayName"
New-CsGroupPolicyAssignment -GroupId $GroupId `
-PolicyType $PolicyType `
-PolicyName $PolicyName `
-Rank $Priority `
$parameters = @{
GroupId = $CurrentValues.GroupId
PolicyType = $PolicyType
PolicyName = $PolicyName
}

if (-not [System.String]::IsNullOrEmpty($Priority))
{
$parameters.Add('Rank', $Priority)
}
New-CsGroupPolicyAssignment @parameters `
-ErrorAction Stop
}
elseif ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Present')
Expand All @@ -238,7 +211,7 @@ function Set-TargetResource
Write-Verbose -Message "Remove GroupPolicyAssignment for $GroupDisplayName"
Remove-CsGroupPolicyAssignment -GroupId $CurrentValues.GroupId -PolicyType $CurrentValues.PolicyType
Write-Verbose -Message "Adding GroupPolicyAssignment for $GroupDisplayName"
New-CsGroupPolicyAssignment -GroupId $GroupId `
New-CsGroupPolicyAssignment -GroupId $CurrentValues.GroupId `
-PolicyType $PolicyType `
-PolicyName $PolicyName `
-Rank $Priority `
Expand Down Expand Up @@ -272,7 +245,7 @@ function Test-TargetResource
[System.String]
$GroupDisplayName,

[Parameter(Mandatory = $true)]
[Parameter()]
[System.String]
$GroupId,

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class MSFT_TeamsGroupPolicyAssignment : OMI_BaseResource
{
[Key, Description("Group Displayname of the group the policys are assigned to")] string GroupDisplayName;
[Key, Description("GroupId, alternatively to Group Displayname")] String GroupId;
[Write, Description("GroupId, alternatively to Group Displayname")] String GroupId;
[Key, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy"}, Values{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy"}] String PolicyType;
[Write, Description("Teams PolicyName. The name of the policy to be assigned.")] string PolicyName;
[Write, Description("Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type")] string Priority;
Expand Down

0 comments on commit 351314c

Please sign in to comment.