From 7fafe19514f09b1b437f889c65abd49935bfeed8 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 19 Sep 2023 12:40:19 -0400 Subject: [PATCH] Various Fixes --- CHANGELOG.md | 6 ++ .../MSFT_SPOSharingSettings.psm1 | 14 ++-- .../MSFT_TeamsAppPermissionPolicy.psm1 | 24 +++++- .../MSFT_TeamsGroupPolicyAssignment.psm1 | 79 ++++++------------- ...MSFT_TeamsGroupPolicyAssignment.schema.mof | 2 +- 5 files changed, 61 insertions(+), 64 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6119bf5de8..2ca09d72d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ * O365OrgSettings * Fixes and issue where a the wrong url was being used in some of the API calls, resulting in null returns for some properties in the Get method. +* SPOSharingSettings + * Changes verbose prompts to warnings. +* TeamsGroupPolicyAssignment + * Changes to how Group IDs are retrieved and evaluated. +* TeamsAppPermissionPolicy + * Fixes to the Test-TargetResource evaluation of empty arrays. * DEPENDENCIES * Updated MicrosoftTeams to version 5.6.0. FIXES [#3671](https://github.com/microsoft/Microsoft365DSC/issues/3671) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 index ebf4b72f35..3511c3159f 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOSharingSettings/MSFT_SPOSharingSettings.psm1 @@ -433,7 +433,7 @@ function Set-TargetResource if ($null -eq $SharingAllowedDomainList -and $null -eq $SharingBlockedDomainList -and ($null -ne $RequireAcceptingAccountMatchInvitedAccount -and $RequireAcceptingAccountMatchInvitedAccount -eq $false)) { - Write-Verbose -Message 'If SharingAllowedDomainList / SharingBlockedDomainList are set to null RequireAcceptingAccountMatchInvitedAccount must be set to True ' + Write-Warning -Message 'If SharingAllowedDomainList / SharingBlockedDomainList are set to null RequireAcceptingAccountMatchInvitedAccount must be set to True ' $CurrentParameters.Remove('RequireAcceptingAccountMatchInvitedAccount') | Out-Null } @@ -444,31 +444,31 @@ function Set-TargetResource } if ($SharingCapability -ne 'ExternalUserAndGuestSharing') { - Write-Verbose -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserAndGuestSharing for that the RequireAnonymousLinksExpireInDays property cannot be configured' + Write-Warning -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserAndGuestSharing for that the RequireAnonymousLinksExpireInDays property cannot be configured' $CurrentParameters.Remove('RequireAnonymousLinksExpireInDays') | Out-Null } if ($SharingCapability -ne 'ExternalUserExpirationRequired') { - Write-Verbose -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserExpirationRequired for that the ExternalUserExpireInDays property cannot be configured' + Write-Warning -Message 'The sharing capabilities for the tenant are not configured to be ExternalUserExpirationRequired for that the ExternalUserExpireInDays property cannot be configured' $CurrentParameters.Remove('ExternalUserExpireInDays') | Out-Null } if ($RequireAcceptingAccountMatchInvitedAccount -eq $false) { - Write-Verbose -Message 'RequireAcceptingAccountMatchInvitedAccount is set to be false. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured' + Write-Warning -Message 'RequireAcceptingAccountMatchInvitedAccount is set to be false. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured' $CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null $CurrentParameters.Remove('SharingBlockedDomainList') | Out-Null } if ($SharingCapability -ne 'ExternalUserAndGuestSharing' -and ($null -ne $FileAnonymousLinkType -or $null -ne $FolderAnonymousLinkType)) { - Write-Verbose -Message 'If anonymous file or folder links are set, SharingCapability must be set to ExternalUserAndGuestSharing ' + Write-Warning -Message 'If anonymous file or folder links are set, SharingCapability must be set to ExternalUserAndGuestSharing ' $CurrentParameters.Remove('FolderAnonymousLinkType') | Out-Null $CurrentParameters.Remove('FileAnonymousLinkType') | Out-Null } if ($SharingDomainRestrictionMode -eq 'None') { - Write-Verbose -Message 'SharingDomainRestrictionMode is set to None. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured' + Write-Warning -Message 'SharingDomainRestrictionMode is set to None. For that SharingAllowedDomainList / SharingBlockedDomainList cannot be configured' $CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null $CurrentParameters.Remove('SharingBlockedDomainList') | Out-Null } @@ -479,7 +479,7 @@ function Set-TargetResource } elseif ($SharingDomainRestrictionMode -eq 'BlockList') { - Write-Verbose -Message 'SharingDomainRestrictionMode is set to BlockList. For that SharingAllowedDomainList cannot be configured' + Write-Warning -Message 'SharingDomainRestrictionMode is set to BlockList. For that SharingAllowedDomainList cannot be configured' $CurrentParameters.Remove('SharingAllowedDomainList') | Out-Null } foreach ($value in $CurrentParameters.GetEnumerator()) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppPermissionPolicy/MSFT_TeamsAppPermissionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppPermissionPolicy/MSFT_TeamsAppPermissionPolicy.psm1 index 713061d57c..a80326694c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppPermissionPolicy/MSFT_TeamsAppPermissionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsAppPermissionPolicy/MSFT_TeamsAppPermissionPolicy.psm1 @@ -83,6 +83,24 @@ function Get-TargetResource return $nullResult } + $DefaultCatalogAppsValue = $instance.DefaultCatalogApps.Id + if ($instance.DefaultCatalogApps.Count -eq 0) + { + $DefaultCatalogAppsValue = @() + } + + $GlobalCatalogAppsValue = $instance.GlobalCatalogApps.Id + if ($instance.GlobalCatalogApps.Count -eq 0) + { + $GlobalCatalogAppsValue = @() + } + + $PrivateCatalogAppsValue = $instance.PrivateCatalogApps.Id + if ($instance.PrivateCatalogApps.Count -eq 0) + { + $PrivateCatalogAppsValue = @() + } + Write-Verbose -Message "Found an instance with Identity {$Identity}" $results = @{ Identity = $instance.Identity.Replace('Tag:', '') @@ -90,9 +108,9 @@ function Get-TargetResource GlobalCatalogAppsType = $instance.GlobalCatalogAppsType PrivateCatalogAppsType = $instance.PrivateCatalogAppsType DefaultCatalogAppsType = $instance.DefaultCatalogAppsType - GlobalCatalogApps = $instance.GlobalCatalogApps.Id - PrivateCatalogApps = $instance.PrivateCatalogApps.Id - DefaultCatalogApps = $instance.DefaultCatalogApps.Id + GlobalCatalogApps = $GlobalCatalogAppsValue + PrivateCatalogApps = $PrivateCatalogAppsValue + DefaultCatalogApps = $DefaultCatalogAppsValue Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 index 0e1497c887..486d649580 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.psm1 @@ -8,7 +8,7 @@ function Get-TargetResource [System.String] $GroupDisplayName, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $GroupId, @@ -66,18 +66,21 @@ function Get-TargetResource try { - Write-Verbose -Message "Getting GroupPOlicyAssignment for {$GroupId}" - $group = Find-CsGroup -SearchQuery $GroupId - if ($group.Length -gt 1) + if (-not [System.String]::IsNullOrEmpty($GroupId)) { - Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}" - $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } + Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupId}" + $group = Find-CsGroup -SearchQuery $GroupId -ErrorAction SilentlyContinue + if ($group.Length -gt 1) + { + Write-Verbose -Message "Found $($group.Length) groups with the id {$GroupId}" + $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } + } } else { Write-Verbose -Message "Getting GroupPolicyAssignment for {$GroupDisplayName}" - $Group = Find-CsGroup -SearchQuery $GroupDisplayName - if ($group.Length -gt 1) + $Group = Find-CsGroup -SearchQuery $GroupDisplayName -ErrorAction SilentlyContinue + if ($Group.Length -gt 1) { Write-Verbose -Message "Found $($group.Length) groups with the name $GroupDisplayName" $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } @@ -92,6 +95,7 @@ function Get-TargetResource if ($null -eq $GroupPolicyAssignment) { Write-Verbose -Message "GroupPolicyAssignment not found for $GroupDisplayName" + $nullReturn.GroupId = $Group.Id return $nullReturn } Write-Verbose -Message "Found GroupPolicyAssignment $($Group.Displayname) with PolicyType:$($GroupPolicyAssignment.PolicyType) and Policy Name:$($GroupPolicyAssignment.PolicyName)" @@ -129,7 +133,7 @@ function Set-TargetResource [System.String] $GroupDisplayName, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $GroupId, @@ -183,53 +187,22 @@ function Set-TargetResource $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' -InboundParameters $PSBoundParameters $CurrentValues = Get-TargetResource @PSBoundParameters - #check policyname - $command = 'get-cs' + $PolicyType - $policies = Invoke-Expression -Command $command -ErrorAction SilentlyContinue - $policymatch = $false - if ($null -ne $policies) - { - Foreach ($policy in $policies.Identity) - { - $match = '^Tag:' + $PolicyName + '$' - if ($policy -match $match) - { - $policymatch = $true - } - } - } - if ($null -eq $policies -or $policymatch -eq $false) - { - Write-Verbose -Message "No PolicyType found for $PolicyType" - return - } - - #get groupid - if ($GroupId.Length -eq 0) - { - $Group = Find-CsGroup -SearchQuery $GroupDisplayName - if ($group.Length -gt 1) - { - Write-Verbose -Message "Found $($group.Length) groups with the name $GroupDisplayName" - $Group = $Group | Where-Object { $_.DisplayName -eq $GroupDisplayName } - } - if ($null -eq $Group) - { - Write-Verbose -Message "Group not found for $GroupDisplayName" - return - } - $GroupId = $Group.Id - } - Write-Verbose -Message "Retrieve GroupId for: $($GroupDisplayName)" try { if ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Absent') { Write-Verbose -Message "Adding GroupPolicyAssignment for $GroupDisplayName" - New-CsGroupPolicyAssignment -GroupId $GroupId ` - -PolicyType $PolicyType ` - -PolicyName $PolicyName ` - -Rank $Priority ` + $parameters = @{ + GroupId = $CurrentValues.GroupId + PolicyType = $PolicyType + PolicyName = $PolicyName + } + + if (-not [System.String]::IsNullOrEmpty($Priority)) + { + $parameters.Add('Rank', $Priority) + } + New-CsGroupPolicyAssignment @parameters ` -ErrorAction Stop } elseif ($Ensure -eq 'Present' -and $CurrentValues.Ensure -eq 'Present') @@ -238,7 +211,7 @@ function Set-TargetResource Write-Verbose -Message "Remove GroupPolicyAssignment for $GroupDisplayName" Remove-CsGroupPolicyAssignment -GroupId $CurrentValues.GroupId -PolicyType $CurrentValues.PolicyType Write-Verbose -Message "Adding GroupPolicyAssignment for $GroupDisplayName" - New-CsGroupPolicyAssignment -GroupId $GroupId ` + New-CsGroupPolicyAssignment -GroupId $CurrentValues.GroupId ` -PolicyType $PolicyType ` -PolicyName $PolicyName ` -Rank $Priority ` @@ -272,7 +245,7 @@ function Test-TargetResource [System.String] $GroupDisplayName, - [Parameter(Mandatory = $true)] + [Parameter()] [System.String] $GroupId, diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof index 3dba7714e9..4ab2928fbc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_TeamsGroupPolicyAssignment/MSFT_TeamsGroupPolicyAssignment.schema.mof @@ -2,7 +2,7 @@ class MSFT_TeamsGroupPolicyAssignment : OMI_BaseResource { [Key, Description("Group Displayname of the group the policys are assigned to")] string GroupDisplayName; - [Key, Description("GroupId, alternatively to Group Displayname")] String GroupId; + [Write, Description("GroupId, alternatively to Group Displayname")] String GroupId; [Key, Description("Teams PolicyType. The type of the policy to be assigned. Possible values:"), ValueMap{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy"}, Values{"ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy"}] String PolicyType; [Write, Description("Teams PolicyName. The name of the policy to be assigned.")] string PolicyName; [Write, Description("Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type")] string Priority;