Skip to content

Commit

Permalink
Merge pull request #4290 from hosebei/mwu-Added-Parameter
Browse files Browse the repository at this point in the history
fix: Added Parameter ConditionalAccessPolicy to Resource SPOAccessControlSettings
  • Loading branch information
ykuijs authored Feb 26, 2024
2 parents 24363a8 + ddaf36f commit 740b3bc
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 4 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
* IntuneExploitProtectionPolicyWindows10SettingCatalog
* Fix update and removal of resource when Identity is from another tenant
FIXES [#3962](https://github.com/microsoft/Microsoft365DSC/issues/3962)
* SPOAccessControlSettings
* Added support for the ConditionalAccessPolicy parameter based on the PNP Module
* MISC
* M365DSCDRGUtil
Add new parameter for customizable assignment identifier
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,12 @@ function Get-TargetResource

[Parameter()]
[Switch]
$ManagedIdentity
$ManagedIdentity,

[Parameter()]
[ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')]
[System.String]
$ConditionalAccessPolicy
)

Write-Verbose -Message 'Getting configuration of SharePoint Online Access Control Settings'
Expand Down Expand Up @@ -137,6 +142,7 @@ function Get-TargetResource
CertificateThumbprint = $CertificateThumbprint
Managedidentity = $ManagedIdentity.IsPresent
Ensure = 'Present'
ConditionalAccessPolicy = $SPOAccessControlSettings.ConditionalAccessPolicy
}
}
catch
Expand Down Expand Up @@ -245,7 +251,12 @@ function Set-TargetResource

[Parameter()]
[Switch]
$ManagedIdentity
$ManagedIdentity,

[Parameter()]
[ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')]
[System.String]
$ConditionalAccessPolicy
)

Write-Verbose -Message 'Setting configuration of SharePoint Online Access Control Settings'
Expand Down Expand Up @@ -377,7 +388,12 @@ function Test-TargetResource

[Parameter()]
[Switch]
$ManagedIdentity
$ManagedIdentity,

[Parameter()]
[ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')]
[System.String]
$ConditionalAccessPolicy
)
#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies
Expand Down Expand Up @@ -413,7 +429,8 @@ function Test-TargetResource
'DisallowInfectedFileDownload', `
'ExternalServicesEnabled', `
'EmailAttestationRequired', `
'EmailAttestationReAuthDays')
'EmailAttestationReAuthDays',
'ConditionalAccessPolicy')

Write-Verbose -Message "Test-TargetResource returned $TestResult"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,5 @@ class MSFT_SPOAccessControlSettings : OMI_BaseResource
[Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath;
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
[Write, Description("Blocks or limits access to SharePoint and OneDrive content from un-managed devices."), ValueMap{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}, Values{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}] string ConditionalAccessPolicy;
};
1 change: 1 addition & 0 deletions docs/docs/resources/sharepoint/SPOAccessControlSettings.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
| **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | |
| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | |
| **ConditionalAccessPolicy** | Write | SPOConditionalAccessPolicyType | Blocks or limits access to SharePoint and OneDrive content from un-managed devices. | `AllowFullAccess`, `AllowLimitedAccess`, `BlockAccess`, `ProtectionLevel` |


# SPO Access Control Settings
Expand Down

0 comments on commit 740b3bc

Please sign in to comment.