diff --git a/CHANGELOG.md b/CHANGELOG.md index 33b9577108..fe71c76b71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ # Change log for Microsoft365DSC -# UNRELEASED +# 1.25.129.2 + +* M365DSCRuleEvaluation + * Only provide the ManagedIdentity parameter for resources which supports it. +* SCDLPComplianceRule + * Added the comments property on creation. +* SCPolicyConfig + * Changed parsing logic to account for $null or missing properties in the + API response. # 1.25.129.1 diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 index 6a9ad23f97..073de91c8e 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1 @@ -173,7 +173,6 @@ function Test-TargetResource ApplicationId = $PSBoundParameters.ApplicationId TenantId = $PSBoundParameters.TenantId CertificateThumbprint = $PSBoundParameters.CertificateThumbprint - ManagedIdentity = $PSBoundParameters.ManagedIdentity } if ($null -ne $PSBoundParameters.ApplicationSecret) @@ -189,6 +188,20 @@ function Test-TargetResource Import-Module $module -Force -Function 'Export-TargetResource' | Out-Null $cmdName = "MSFT_$ResourceTypeName\Export-TargetResource" + # Ensure the referenced resource supports ManagedIdentity before adding the parameter. + try + { + $exportFunctionInfo = (Get-Command -Module "MSFT_$ResourceTypeName") | Where-Object -FilterScript {$_.Name -eq 'Export-TargetResource'} + if ($exportFunctionInfo.Parameters.Name -Contains 'ManagedIdentity') + { + $params.Add('ManagedIdentity', $PSBoundParameters.ManagedIdentity) + } + } + catch + { + Write-Verbose $_ + } + [Array]$instances = &$cmdName @params $DSCStringContent = @" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 index 57eddccd1c..10e2159cb7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCDLPComplianceRule/MSFT_SCDLPComplianceRule.psm1 @@ -923,13 +923,8 @@ function Set-TargetResource $CreationParams.Remove('ApplicationSecret') | Out-Null $CreationParams.Remove('AccessTokens') | Out-Null - $NewruleParam = @{ - Name = $CreationParams.Name - Policy = $CreationParams.Policy - AdvancedRule = $CreationParams.AdvancedRule - } Write-Verbose -Message "Calling New-DLPComplianceRule with Values: $(Convert-M365DscHashtableToString -Hashtable $CreationParams)" - New-DLPComplianceRule @NewruleParam + New-DLPComplianceRule @CreationParams } elseif (('Present' -eq $Ensure) -and ('Present' -eq $CurrentRule.Ensure)) { @@ -1390,7 +1385,6 @@ function Test-TargetResource $ValuesToCheck.Remove('ContentContainsSensitiveInformation') | Out-Null $ValuesToCheck.Remove('ExceptIfContentContainsSensitiveInformation') | Out-Null - $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 index fca3493151..44dcc01cb4 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCPolicyConfig/MSFT_SCPolicyConfig.psm1 @@ -177,10 +177,16 @@ function Get-TargetResource $DlpNetworkShareGroupsObject = ConvertFrom-Json $instance.DlpNetworkShareGroups # AdvancedClassificationEnabled - $AdvancedClassificationEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value + $AdvancedClassificationEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AdvancedClassificationEnabled' }).Value) # BandwidthLimitEnabled - $BandwidthLimitEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabledValue' }).Value + $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'BandwidthLimitEnabled' }).Value + $parsedValue = $null + if ($null -ne $toBeParsed) + { + $parsedValue = [Boolean]::Parse($toBeParsed) + } + $BandwidthLimitEnabledValue = $parsedValue # DailyBandwidthLimitInMB $DailyBandwidthLimitInMBValue = [UInt32]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'DailyBandwidthLimitInMB' }).Value @@ -192,7 +198,7 @@ function Get-TargetResource $MacPathExclusionValue = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacPathExclusion' }).Value # MacDefaultPathExclusionsEnabled - $MacDefaultPathExclusionsEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value + $MacDefaultPathExclusionsEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'MacDefaultPathExclusionsEnabled' }).Value) #EvidenceStoreSettings $entry = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'EvidenceStoreSettings' } @@ -208,7 +214,7 @@ function Get-TargetResource } # NetworkPathEnforcementEnabled - $NetworkPathEnforcementEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value + $NetworkPathEnforcementEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathEnforcementEnabled' }).Value) # NetworkPathExclusion $NetworkPathExclusionValue = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'NetworkPathExclusion' }).Value @@ -229,7 +235,7 @@ function Get-TargetResource $app = @{ ExecutableName = $appEntry.ExecutableName Name = $appEntry.Name - Quarantine = [Boolean]$appEntry.Quarantine + Quarantine = [Boolean]::Parse($appEntry.Quarantine) } $entry.Apps += $app } @@ -261,7 +267,13 @@ function Get-TargetResource } # IncludePredefinedUnallowedBluetoothApps - $IncludePredefinedUnallowedBluetoothAppsValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value + $toBeParsed = ($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'IncludePredefinedUnallowedBluetoothApps' }).Value + $parsedValue = $null + if ($null -ne $toBeParsed) + { + $parsedValue = [Boolean]::Parse($toBeParsed) + } + $IncludePredefinedUnallowedBluetoothAppsValue = $parsedValue # UnallowedBluetoothApp $entries = [Array]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'UnallowedBluetoothApp' }) @@ -340,10 +352,10 @@ function Get-TargetResource } # serverDlpEnabled - $serverDlpEnabledValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value + $serverDlpEnabledValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'serverDlpEnabled' }).Value) # AuditFileActivity - $AuditFileActivityValue = [Boolean]($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value + $AuditFileActivityValue = [Boolean]::Parse(($EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'AuditFileActivity' }).Value) # VPNSettings $entity = $EndpointDlpGlobalSettingsValue | Where-Object { $_.Setting -eq 'VPNSettings' } @@ -842,7 +854,7 @@ function Set-TargetResource } } - if ($null -ne $CloudAppMode) + if (-not [System.String]::IsNullOrEmpty($CloudAppMode)) { $EndpointDlpGlobalSettingsValue += @{ Setting = 'CloudAppMode' @@ -1006,9 +1018,13 @@ function Set-TargetResource DlpAppGroups = $DLPAppGroupsValue DlpPrinterGroups = ConvertTo-Json $DlpPrinterGroupsValue -Depth 10 -Compress DLPRemovableMediaGroups = ConvertTo-Json $DLPRemovableMediaGroupsValue -Depth 10 -Compress - EnableSpoAipMigration = $EnableSpoAipMigration EndpointDlpGlobalSettings = $EndpointDlpGlobalSettingsValue } + $CurrentPolicyConfig = Get-TargetResource @PSBoundParameters + if ($EnableSpoAipMigration -ne $CurrentPolicyConfig.EnableSpoAipMigration) + { + $params.Add("EnableSpoAipMigration", $EnableSpoAipMigration) + } Write-Verbose -Message "Updating policy config with values:`r`n$(Convert-M365DscHashtableToString -Hashtable $params)" Set-PolicyConfig @params } @@ -1185,6 +1201,7 @@ function Test-TargetResource #Compare Cim instances $testResult = $true + $testTargetResource = $true foreach ($key in $PSBoundParameters.Keys) { $source = $PSBoundParameters.$key @@ -1197,6 +1214,7 @@ function Test-TargetResource if (-not $testResult) { + $testTargetResource = $false break } @@ -1209,9 +1227,12 @@ function Test-TargetResource -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys - Write-Verbose -Message "Test-TargetResource returned $testResult" - - return $testResult + if (-not $testResult) + { + $testTargetResource = $false + } + Write-Verbose -Message "Test-TargetResource returned $testTargetResource" + return $testTargetResource } function Export-TargetResource diff --git a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 index eb2d6744f5..c45663f9e2 100644 --- a/Modules/Microsoft365DSC/Microsoft365DSC.psd1 +++ b/Modules/Microsoft365DSC/Microsoft365DSC.psd1 @@ -11,7 +11,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '1.25.129.1' + ModuleVersion = '1.25.129.2' # Supported PSEditions # CompatiblePSEditions = @() @@ -147,16 +147,13 @@ IconUri = 'https://github.com/microsoft/Microsoft365DSC/blob/Dev/Modules/Microsoft365DSC/Dependencies/Images/Logo.png?raw=true' # ReleaseNotes of this module - ReleaseNotes = '* AADRoleEligibilityScheduleRequest - * Changed the mapping logic to find Id of a custom role. -* AADServicePrincipal - * Fixes a regression issue when trying to export instances, the authentication - parameters were no longer returned by the Get-TargetResource function. -* IntuneDeviceConfigurationPolicyiOS - * Fixes [#5594] https://github.com/microsoft/Microsoft365DSC/issues/5594 -* MISC - * AAD Workload - * Improved performance of various resources during export.' + ReleaseNotes = '* M365DSCRuleEvaluation + * Only provide the ManagedIdentity parameter for resources which supports it. +* SCDLPComplianceRule + * Added the comments property on creation. +* SCPolicyConfig + * Changed parsing logic to account for $null or missing properties in the + API response.' # Flag to indicate whether the module requires explicit user acceptance for install/update # RequireLicenseAcceptance = $false