Merge remote-tracking branch 'upstream/Dev' into Dev

CHANGELOG.md

@@ -2,6 +2,62 @@
 
 # UNRELEASED
 
+* DEPENDENCIES
+  * Updated MSCloudLoginAssistant to version 1.0.121.
+
+# 1.23.927.1
+
+* AADApplication
+  * Added support for restoring soft deleted instances.
+* AADRoleSetting
+  * Fixed issue with export where ApplicationSecret was not returned.
+    FIXES [#3695](https://github.com/microsoft/Microsoft365DSC/issues/3695)
+* M365DSCRuleEvaluation
+  * Improvements to how rules are evaluated and how drifts are logged.
+* O365OrgSettings
+  * Changes to how ToDo discrepencies are being fixed in the SET method.
+* DEPENDENCIES
+  * Updated Microsoft.Graph to version 2.6.1.
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.117.
+* MISC
+  * Fixed handling of Graph connection in Update-M365DSCAllowedGraphScopes
+
+# 1.23.920.2
+
+* DEPENDENCIES
+  * Rolled back Microsoft.Graph to version 2.5.0.
+* MISC
+  * M365DSCDRGUtil: Write properties properly indented and in new line
+    FIXES [#3634](https://github.com/microsoft/Microsoft365DSC/issues/3634)
+
+# 1.23.920.1
+
+* O365OrgSettings
+  * Fixes and issue where a the wrong url was being used in some of the API
+    calls, resulting in null returns for some properties in the Get method.
+* SPOSharingSettings
+  * Changes verbose prompts to warnings.
+* TeamsGroupPolicyAssignment
+  * Changes to how Group IDs are retrieved and evaluated.
+* TeamsAppPermissionPolicy
+  * Fixes to the Test-TargetResource evaluation of empty arrays.
+* DEPENDENCIES
+  * Updated Microsoft.Graph to version 2.6.0.
+  * Updated MicrosoftTeams to version 5.6.0.
+    FIXES [#3671](https://github.com/microsoft/Microsoft365DSC/issues/3671)
+* MISC
+  * M365DSCUtil: Fix problem naming similar resources
+    FIXES [#3700](https://github.com/microsoft/Microsoft365DSC/issues/3700)
+
+# 1.23.913.2
+
+* MISC
+  * Fixed a merge conflict in the Uninstall-M365DSCOutdatedDependencies
+    function.
+    FIXES [#3685](https://github.com/microsoft/Microsoft365DSC/issues/3685)
+
+# 1.23.913.1
+
 * AADNamedLocationPolicy
   * Set default value for CountryLookupMethod and removed unwanted properties
     FIXES [#3656](https://github.com/microsoft/Microsoft365DSC/issues/3656)
@@ -36,6 +92,8 @@
 * MISC
   * Improved error logging for methods installing or updating modules.
     FIXES [#3660](https://github.com/microsoft/Microsoft365DSC/issues/3660)
+  * Removed Id as a mandatory parameter for most AAD resources.
+    FIXES [#3344](https://github.com/microsoft/Microsoft365DSC/issues/3344)
   * Single quotes handling in Export for complex CIMInstances
     FIXES [#3479](https://github.com/microsoft/Microsoft365DSC/issues/3479)
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.psm1

@@ -5,7 +5,7 @@ function Get-TargetResource
     param
     (
         #region resource generator code
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -286,7 +286,7 @@ function Set-TargetResource
     param
     (
         #region resource generator code
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -793,7 +793,7 @@ function Test-TargetResource
     param
     (
         #region resource generator code
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADAdministrativeUnit/MSFT_AADAdministrativeUnit.schema.mof

@@ -14,8 +14,8 @@ class MSFT_MicrosoftGraphScopedRoleMembership
 [ClassVersion("1.0.0.0"), FriendlyName("AADAdministrativeUnit")]
 class MSFT_AADAdministrativeUnit : OMI_BaseResource
 {
-    [Key, Description("Object-Id of the Administrative Unit")] String Id;
-    [Required, Description("DisplayName of the Administrative Unit")] String DisplayName;
+    [Key, Description("DisplayName of the Administrative Unit")] String DisplayName;
+    [Write, Description("Object-Id of the Administrative Unit")] String Id;
     [Write, Description("Description of the Administrative Unit")] String Description;
     [Write, Description("Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden")] String Visibility;
     [Write, Description("Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.")] String MembershipType;

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -421,7 +421,44 @@ function Set-TargetResource
     $currentParameters.Remove('LogoutURL') | Out-Null
     $currentParameters.Remove('Homepage') | Out-Null
 
+    $skipToUpdate = $false
+    $AppIdValue = $null
     if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent')
+    {
+        # Before attempting to create a new instance, let's first check to see if there is already an existing instance that is soft deleted
+        if (-not [System.String]::IsNullOrEmpty($AppId))
+        {
+            Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by Id {$AppId}."
+            [Array]$deletedApp = Get-MgBetaDirectoryDeletedItemAsApplication -DirectoryObjectId $AppId -ErrorAction SilentlyContinue
+        }
+
+        if ($null -eq $deletedApp)
+        {
+            Write-Verbose "Trying to retrieve existing deleted Applications from soft delete by DisplayName {$DisplayName}."
+            [Array]$deletedApp = Get-MgBetaDirectoryDeletedItemAsApplication -Filter "DisplayName eq '$DisplayName'" -ErrorAction SilentlyContinue
+        }
+
+        if ($null -ne $deletedApp -and $deletedApp.Length -eq 1)
+        {
+            $deletedSinceInDays = [System.DateTime]::Now.Subtract($deletedApp[0].DeletedDateTime).Days
+            if ($deletedSinceInDays -le 30)
+            {
+                Write-Verbose -Message "Found existing deleted instance of {$DisplayName}. Restoring it instead of creating a new one. This could take a few minutes to complete."
+                Restore-MgBetaDirectoryDeletedItem -DirectoryObjectId $deletedApp.Id
+                $skipToUpdate = $true
+                $AppIdValue = $deletedApp.Id
+            }
+            else
+            {
+                Write-Verbose -Message "Found existing deleted instance of {$DisplayName}. However, the deleted date was over days ago and it cannot be restored. Will recreate a new instance instead."
+            }
+        }
+        elseif ($deletedApp.Length -gt 1)
+        {
+            Write-Verbose -Message "Multiple instances of a deleted application with name {$DisplayName} wehre found. Creating a new instance since we can't determine what instance to restore."
+        }
+    }
+    if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Absent' -and -not $skipToUpdate)
     {
         Write-Verbose -Message "Creating New AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)"
         $currentParameters.Remove('ObjectId') | Out-Null
@@ -441,14 +478,18 @@ function Set-TargetResource
 
     }
     # App should exist and will be configured to desired state
-    if ($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present')
+    elseif (($Ensure -eq 'Present' -and $currentAADApp.Ensure -eq 'Present') -or $skipToUpdate)
     {
         $currentParameters.Remove('ObjectId') | Out-Null
 
-        $currentParameters.Add('ApplicationId', $currentAADApp.ObjectId)
+        if (-not $skipToUpdate)
+        {
+            $AppIdValue = $currentAADApp.ObjectId
+        }
+        $currentParameters.Add('ApplicationId', $AppIdValue)
         Write-Verbose -Message "Updating existing AzureAD Application {$DisplayName} with values:`r`n$($currentParameters | Out-String)"
         Update-MgApplication @currentParameters
-        $currentAADApp.Add('ID', $currentAADApp.ObjectId)
+        $currentAADApp.Add('ID', $AppIdValue)
         $needToUpdatePermissions = $true
     }
     # App exists but should not
@@ -815,7 +856,7 @@ function Export-TargetResource
 
     $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
         -InboundParameters $PSBoundParameters
-    
+
     $dscContent = [System.Text.StringBuilder]::new()
     $i = 1
     Write-Host "`r`n" -NoNewline

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.psm1

@@ -34,7 +34,7 @@ function Get-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $SystemCredentialPreferences,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
         #endregion
@@ -283,7 +283,7 @@ function Set-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $SystemCredentialPreferences,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -405,12 +405,10 @@ function Test-TargetResource
         [Microsoft.Management.Infrastructure.CimInstance]
         $SystemCredentialPreferences,
 
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
-        #endregion
-
         [Parameter()]
         [System.String]
         [ValidateSet('Absent', 'Present')]

Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicy/MSFT_AADAuthenticationMethodPolicy.schema.mof

@@ -42,13 +42,13 @@ class MSFT_MicrosoftGraphSystemCredentialPreferences
 class MSFT_AADAuthenticationMethodPolicy : OMI_BaseResource
 {
     [Write, Description("A description of the policy.")] String Description;
-    [Required, Description("The name of the policy.")] String DisplayName;
+    [Key, Description("The name of the policy.")] String DisplayName;
     [Write, Description("The state of migration of the authentication methods policy from the legacy multifactor authentication and self-service password reset (SSPR) policies. The possible values are: premigration - means the authentication methods policy is used for authentication only, legacy policies are respected. migrationInProgress - means the authentication methods policy is used for both authenication and SSPR, legacy policies are respected. migrationComplete - means the authentication methods policy is used for authentication and SSPR, legacy policies are ignored. unknownFutureValue - Evolvable enumeration sentinel value. Do not use."), ValueMap{"preMigration","migrationInProgress","migrationComplete","unknownFutureValue"}, Values{"preMigration","migrationInProgress","migrationComplete","unknownFutureValue"}] String PolicyMigrationState;
     [Write, Description("The version of the policy in use.")] String PolicyVersion;
     [Write, Description("Days before the user will be asked to reconfirm their method.")] UInt32 ReconfirmationInDays;
     [Write, Description("Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods."), EmbeddedInstance("MSFT_MicrosoftGraphregistrationEnforcement")] String RegistrationEnforcement;
     [Write, Description("Prompt users with their most-preferred credential for multifactor authentication."), EmbeddedInstance("MSFT_MicrosoftGraphsystemCredentialPreferences")] String SystemCredentialPreferences;
-    [Key, Description("The unique identifier for an entity. Read-only.")] String Id;
+    [Write, Description("The unique identifier for an entity. Read-only.")] String Id;
     [Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
     [Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
     [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1

@@ -4,7 +4,7 @@ function Get-TargetResource
     [OutputType([System.Collections.Hashtable])]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -652,7 +652,7 @@ function Set-TargetResource
     [CmdletBinding()]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -1515,7 +1515,7 @@ function Test-TargetResource
     [OutputType([System.Boolean])]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof

@@ -1,8 +1,8 @@
 [ClassVersion("1.0.0.0"), FriendlyName("AADConditionalAccessPolicy")]
 class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
 {
-    [Key, Description("Specifies the GUID for the Policy.")] String Id;
-    [Required, Description("DisplayName of the AAD CA Policy")] String DisplayName;
+    [Key, Description("DisplayName of the AAD CA Policy")] String DisplayName;
+    [Write, Description("Specifies the GUID for the Policy.")] String Id;
     [Write, Description("Specifies the State of the Policy."), ValueMap{"disabled","enabled","enabledForReportingButNotEnforced"}, Values{"disabled","enabled","enabledForReportingButNotEnforced"}] String State;
     [Write, Description("Cloud Apps in scope of the Policy.")] String IncludeApplications[];
     [Write, Description("Cloud Apps out of scope of the Policy.")] String ExcludeApplications[];

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.psm1

@@ -5,7 +5,7 @@ function Get-TargetResource
     param
     (
         #region resource generator code
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -203,7 +203,7 @@ function Set-TargetResource
     param
     (
         #region resource generator code
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -672,7 +672,7 @@ function Test-TargetResource
     param
     (
         #region resource generator code
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackage/MSFT_AADEntitlementManagementAccessPackage.schema.mof

@@ -9,8 +9,8 @@ class MSFT_AccessPackageResourceRoleScope
 [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackage")]
 class MSFT_AADEntitlementManagementAccessPackage : OMI_BaseResource
 {
-    [Key, Description("The Id of the access package.")] String Id;
-    [Required, Description("The display name of the access package.")] String DisplayName;
+    [Key, Description("The display name of the access package.")] String DisplayName;
+    [Write, Description("The Id of the access package.")] String Id;
     [Write, Description("Identifier of the access package catalog referencing this access package.")] String CatalogId;
     [Write, Description("The description of the access package.")] String Description;
     [Write, Description("Whether the access package is hidden from the requestor.")] Boolean IsHidden;

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.psm1

@@ -4,7 +4,7 @@ function Get-TargetResource
     [OutputType([System.Collections.Hashtable])]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -322,7 +322,7 @@ function Set-TargetResource
     [CmdletBinding()]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -545,7 +545,7 @@ function Test-TargetResource
     [OutputType([System.Boolean])]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy/MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy.schema.mof

@@ -119,8 +119,8 @@ class MSFT_MicrosoftGraphcustomextensionendpointconfiguration
 [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageAssignmentPolicy")]
 class MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy : OMI_BaseResource
 {
-    [Key, Description("Id of the access package assignment policy.")] String Id;
-    [Required, Description("The display name of the policy.")] String DisplayName;
+    [Key, Description("The display name of the policy.")] String DisplayName;
+    [Write, Description("Id of the access package assignment policy.")] String Id;
     [Write, Description("Identifier of the access package.")] String AccessPackageId;
     [Write, Description("Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required."), EmbeddedInstance("MSFT_MicrosoftGraphassignmentreviewsettings")] String AccessReviewSettings;
     [Write, Description("Indicates whether a user can extend the access package assignment duration after approval.")] Boolean CanExtend;

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.psm1

@@ -4,7 +4,7 @@ function Get-TargetResource
     [OutputType([System.Collections.Hashtable])]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -149,7 +149,7 @@ function Set-TargetResource
     [CmdletBinding()]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 
@@ -284,7 +284,7 @@ function Test-TargetResource
     [OutputType([System.Boolean])]
     param
     (
-        [Parameter(Mandatory = $true)]
+        [Parameter()]
         [System.String]
         $Id,
 

Modules/Microsoft365DSC/DSCResources/MSFT_AADEntitlementManagementAccessPackageCatalog/MSFT_AADEntitlementManagementAccessPackageCatalog.schema.mof

@@ -1,8 +1,8 @@
 [ClassVersion("1.0.0.0"), FriendlyName("AADEntitlementManagementAccessPackageCatalog")]
 class MSFT_AADEntitlementManagementAccessPackageCatalog : OMI_BaseResource
 {
-    [Key, Description("The id of the access package catalog.")] String Id;
-    [Required, Description("The display name of the access package catalog.")] String DisplayName;
+    [Key, Description("The display name of the access package catalog.")] String DisplayName;
+    [Write, Description("The id of the access package catalog.")] String Id;
     [Write, Description("Has the value Published if the access packages are available for management.")] String CatalogStatus;
     [Write, Description("One of UserManaged or ServiceDefault."), ValueMap{"UserManaged","ServiceDefault"}, Values{"UserManaged","ServiceDefault"}] String CatalogType;
     [Write, Description("The description of the access package catalog.")] String Description;