From bdc4fa692a0a84db6f4d18133d8cf6bc314f4c22 Mon Sep 17 00:00:00 2001 From: William-Francillette <79221284+William-Francillette@users.noreply.github.com> Date: Wed, 2 Nov 2022 20:46:24 +0000 Subject: [PATCH] fixes #2463 --- CHANGELOG.md | 6 + ...ntivirusPolicyWindows10SettingCatalog.psm1 | 338 +++++++++++++++++- ...usPolicyWindows10SettingCatalog.schema.mof | Bin 23486 -> 32594 bytes ...rusPolicyWindows10SettingCatalog.Tests.ps1 | 13 +- 4 files changed, 343 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e5b57fa58..85510c8064 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log for Microsoft365DSC +# UNRELEASE + +* IntuneAntivirusPolicyWindows10SettingCatalog + * FIXES [#2463](https://github.com/microsoft/Microsoft365DSC/issues/2463) + * Returns all type of policies from the template family: endpointSecurityAntivirus + # 1.22.1102.1 * AADAdministrativeUnit diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 index 072c32f621..2fbf439b3d 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.psm1 @@ -94,9 +94,62 @@ function Get-TargetResource [System.Int32] $cloudextendedtimeout, + [Parameter()] + [System.String] + $companyname, + [Parameter()] [System.Int32] $daystoretaincleanedmalware, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableaccountprotectionui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableappbrowserui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablecleartpmbutton, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabledevicesecurityui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableenhancednotifications, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablefamilyui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablehealthui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablenetworkui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabletpmfirmwareupdatewarning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablevirusui, [Parameter()] [ValidateSet('0', '1')] @@ -108,6 +161,20 @@ function Get-TargetResource [System.String] $disablecatchupquickscan, + [Parameter()] + [System.String] + $email, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $enablecustomizedtoasts, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $enableinappcustomization, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -130,6 +197,20 @@ function Get-TargetResource [System.String[]] $excludedprocesses, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $hideransomwaredatarecovery, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $hidewindowssecuritynotificationareacontrol, + + [Parameter()] + [System.String] + $phone, + [Parameter()] [ValidateSet('0', '1', '2')] [System.String] @@ -175,6 +256,15 @@ function Get-TargetResource [System.String] $submitsamplesconsent, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $tamperprotection, + + [Parameter()] + [System.String] + $url, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -205,6 +295,11 @@ function Get-TargetResource [System.String] $highseveritythreats, + [Parameter()] + [ValidateSet('d948ff9b-99cb-4ee0-8012-1fbc09685377_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1','804339ad-1553-4478-a742-138fb5807418_1')] + [System.String] + $templateId, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -266,7 +361,7 @@ function Get-TargetResource #Retrieve policy general settings $policy = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction SilentlyContinue - if ($null -eq $policy) + <#if ($null -eq $policy) { Write-Verbose -Message "No Endpoint Protection Policy {$Identity} was found" @@ -274,11 +369,11 @@ function Get-TargetResource $policy = Get-MgDeviceManagementConfigurationPolicy -All:$true |Where-Object -FilterScript { ` $_.name -eq $DisplayName ` -and $_.TemplateReference.TemplateId -eq $policyTemplateId } - } + }#> if ($null -eq $policy) { - Write-Verbose -Message "No Endpoint Protection Policy {$DisplayName} was found" + Write-Verbose -Message "No Endpoint Protection Policy with Id {$Identity} was found" return $nullResult } @@ -291,11 +386,16 @@ function Get-TargetResource $returnHashtable.Add('Identity', $policy.id) $returnHashtable.Add('DisplayName', $policy.name) $returnHashtable.Add('Description', $policy.description) + $returnHashtable.Add('templateId', $policy.templateReference.templateId) foreach ($setting in $settings.settingInstance) { $addToParameters = $true $settingName = $setting.settingDefinitionId.Split('_') | Select-Object -Last 1 + if ($settingName -eq 'options') + { + $settingName='tamperprotection' + } switch ($setting.AdditionalProperties.'@odata.type') { @@ -472,9 +572,62 @@ function Set-TargetResource [System.Int32] $cloudextendedtimeout, + [Parameter()] + [System.String] + $companyname, + [Parameter()] [System.Int32] $daystoretaincleanedmalware, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableaccountprotectionui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableappbrowserui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablecleartpmbutton, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabledevicesecurityui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableenhancednotifications, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablefamilyui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablehealthui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablenetworkui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabletpmfirmwareupdatewarning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablevirusui, [Parameter()] [ValidateSet('0', '1')] @@ -486,6 +639,20 @@ function Set-TargetResource [System.String] $disablecatchupquickscan, + [Parameter()] + [System.String] + $email, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $enablecustomizedtoasts, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $enableinappcustomization, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -508,6 +675,20 @@ function Set-TargetResource [System.String[]] $excludedprocesses, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $hideransomwaredatarecovery, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $hidewindowssecuritynotificationareacontrol, + + [Parameter()] + [System.String] + $phone, + [Parameter()] [ValidateSet('0', '1', '2')] [System.String] @@ -553,6 +734,15 @@ function Set-TargetResource [System.String] $submitsamplesconsent, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $tamperprotection, + + [Parameter()] + [System.String] + $url, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -583,6 +773,11 @@ function Set-TargetResource [System.String] $highseveritythreats, + [Parameter()] + [ValidateSet('d948ff9b-99cb-4ee0-8012-1fbc09685377_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1','804339ad-1553-4478-a742-138fb5807418_1')] + [System.String] + $templateId, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -642,8 +837,11 @@ function Set-TargetResource $PSBoundParameters.Remove('ApplicationSecret') | Out-Null $PSBoundParameters.Remove('CertificateThumbprint') | Out-Null $PSBoundParameters.Remove('ManagedIdentity') | Out-Null + $PSBoundParameters.Remove('templateId') | Out-Null + - $templateReferenceId = '804339ad-1553-4478-a742-138fb5807418_1' + #$policyReference = Get-MgDeviceManagementConfigurationPolicy -DeviceManagementConfigurationPolicyId $Identity -ErrorAction Stop + $templateReferenceId =$templateId $platforms = 'windows10' $technologies = 'mdm,microsoftSense' @@ -801,9 +999,62 @@ function Test-TargetResource [System.Int32] $cloudextendedtimeout, + [Parameter()] + [System.String] + $companyname, + [Parameter()] [System.Int32] $daystoretaincleanedmalware, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableaccountprotectionui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableappbrowserui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablecleartpmbutton, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabledevicesecurityui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disableenhancednotifications, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablefamilyui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablehealthui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablenetworkui, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disabletpmfirmwareupdatewarning, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $disablevirusui, [Parameter()] [ValidateSet('0', '1')] @@ -815,6 +1066,20 @@ function Test-TargetResource [System.String] $disablecatchupquickscan, + [Parameter()] + [System.String] + $email, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $enablecustomizedtoasts, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $enableinappcustomization, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -837,6 +1102,20 @@ function Test-TargetResource [System.String[]] $excludedprocesses, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $hideransomwaredatarecovery, + + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $hidewindowssecuritynotificationareacontrol, + + [Parameter()] + [System.String] + $phone, + [Parameter()] [ValidateSet('0', '1', '2')] [System.String] @@ -882,6 +1161,15 @@ function Test-TargetResource [System.String] $submitsamplesconsent, + [Parameter()] + [ValidateSet('0', '1')] + [System.String] + $tamperprotection, + + [Parameter()] + [System.String] + $url, + [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -912,6 +1200,11 @@ function Test-TargetResource [System.String] $highseveritythreats, + [Parameter()] + [ValidateSet('d948ff9b-99cb-4ee0-8012-1fbc09685377_1', '45fea5e9-280d-4da1-9792-fb5736da0ca9_1','804339ad-1553-4478-a742-138fb5807418_1')] + [System.String] + $templateId, + [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, @@ -1102,12 +1395,12 @@ function Export-TargetResource try { - $policyTemplateID = '804339ad-1553-4478-a742-138fb5807418_1' + $templateFamily = 'endpointSecurityAntivirus' [array]$policies = Get-MgDeviceManagementConfigurationPolicy ` -ErrorAction Stop ` -All:$true ` -Filter $Filter - $policies = $policies | Where-Object -FilterScript { $_.TemplateReference.TemplateId -eq $policyTemplateId } + $policies = $policies | Where-Object -FilterScript { $_.TemplateReference.TemplateFamily -eq $templateFamily } if ($policies.Length -eq 0) { @@ -1123,6 +1416,7 @@ function Export-TargetResource $params = @{ Identity = $policy.id + TemplateId = $policy.templateReference.templateId Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId @@ -1568,15 +1862,35 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings $simpleSettings=@() $simpleSettings+=$templateSettings.SettingInstanceTemplate|Where-Object -FilterScript ` {$_.AdditionalProperties."@odata.type" -ne "#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstanceTemplate"} + + $keys=$DSCParams.keys + $keys=$keys -replace 'tamperprotection', 'options' foreach ($templateSetting in $simpleSettings) { $setting=@{} - $settingKey=$DSCParams.keys|Where-Object -FilterScript {$templateSetting.settingDefinitionId -like "*$($_)"} - if((-not [String]::IsNullOrEmpty($settingKey)) -and $DSCParams."$settingKey") + $settingKey=$keys|Where-Object -FilterScript {$templateSetting.settingDefinitionId -like "*$($_)"} + $originalKey=$settingKey + if($settingKey -eq 'options') + { + $originalKey='tamperprotection' + } + if((-not [String]::IsNullOrEmpty($settingKey)) -and $null -ne $DSCParams."$originalKey") { $setting.add("@odata.type","#microsoft.graph.deviceManagementConfigurationSetting") - $myFormattedSetting= Format-M365DSCParamsToSettingInstance -DSCParams @{$settingKey=$DSCParams."$settingKey"} ` - -TemplateSetting $templateSetting + + $includeValueReference=$true + $noValueReferenceKeys=@( + 'excludedpaths' + 'excludedprocesses' + 'excludedextensions' + ) + if($originalKey -in $noValueReferenceKeys) + { + $includeValueReference=$false + } + $myFormattedSetting= Format-M365DSCParamsToSettingInstance -DSCParams @{$settingKey=$DSCParams."$originalKey"} ` + -TemplateSetting $templateSetting ` + -IncludeSettingValueTemplateId $includeValueReference $setting.add('settingInstance',$myFormattedSetting) $settings+=$setting @@ -1642,7 +1956,7 @@ function Format-M365DSCIntuneSettingCatalogPolicySettings -function Get-MgDeviceManagementConfigurationSettingDefinition +<#function Get-MgDeviceManagementConfigurationSettingDefinition { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] @@ -1700,7 +2014,7 @@ function Get-M365DSCAdditionalProperties } } return $results -} +}#> function Get-M365DSCDRGComplexTypeToHashtable { [CmdletBinding()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog/MSFT_IntuneAntivirusPolicyWindows10SettingCatalog.schema.mof index bbee7c87c94c8c3ab028d388ff5f92961c78886b..effd846270ef605eecbe4836099fc05d57e7a0ad 100644 GIT binary patch delta 4010 zcmd^C-D{gw7(YeamMu1I)2_x?m$WN`X(gYgp@@X0b7fAqrmNB-+uNq0Vfiv&qk;tg z1bHq+wBCsqZtP;CcSf!E^icTV2)O>ApYypxx{Iqx~=dCu?oJzu9k zJsSG$uc78-O;;KY70+UHRMb8)M-mqF>A@~^y^a@jJ8w*GkNHs z%pzt=81vNqiw`7pb@(OAmgfqwywFg2NqM5(c>D&-E>D7{dq6==8l5~J^Dfqv!PASg z+_u52TCku3DN1MYy9sn3>dv0r@j;6 z&i9Ag$yWfV5v_>pGTucU%f>%;R5Qjb*ht+cvC1ibBCFo+&#D}_C*#cK0-knW%KnsB zzIC4;JQqhx&{l^&GIQ6?!of1be++hcXLQ!r$xEQ`s%x?o49c^y`^;4jE8R}VH(9wB z^vjB_GUI*wp=G33}n*#Hal z^{g#_4;GVU(-?coGXmK+VVC`G9cbE~B}h8jo%|Y_Y#n}qFs+;o&;)-)TT8a6fvM0g z2M(;fEU@YK7H;A_NT?FlnLv!#EnG%6g6B+HM%;e3uNqd#X#7c!*B=a_r3)JNR_#<^ipBT z^W_D(<8pg>Gi2yFoFSjPypxB41(gy`ds{Vy)WQvq#M;vDLyK{wDKHG$Pe7fi`o;=Y zYTm=>GIlFx04*NktX1rUv#{G)4wf!zv&=PX8RHZ{Q~;;T+w$G|%xHJCfed-Dkoe;F zGrnzLwSdj^p)6P?-Wmb}w!eFX?Lf>USYZtVtGWW4V#?bAD==Qrsp2B9NpM1X_e34mSz&|G&^2+$j57&nur$<+TpApahi?r8dZ*4-F znQ^&%eH_@6DyHU zrqvsOG7Y&ncJYQ6$2$qBh}MwRI@ut?7$qT9iJ)VLggj z3wsD8jwh;B#vnV7k%iw_8)g(UMlZp0K8zWo@iPr{4g2MrW%vJ;gOA~?3_?OiJZC+O Y3`dm6%?}gu%XC0~bd5dyD3d$$H=PnS+W-In delta 23 fcmccgk8$62#tmhBlh>K8+bm?j