diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a83f72ce9..12f2690310 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ * IntuneExploitProtectionPolicyWindows10SettingCatalog * Fix update and removal of resource when Identity is from another tenant FIXES [#3962](https://github.com/microsoft/Microsoft365DSC/issues/3962) +* SPOAccessControlSettings + * Added support for the ConditionalAccessPolicy parameter based on the PNP Module * MISC * M365DSCDRGUtil Add new parameter for customizable assignment identifier diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index 8a6deac065..c86fde3486 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -88,7 +88,12 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] + [System.String] + $ConditionalAccessPolicy ) Write-Verbose -Message 'Getting configuration of SharePoint Online Access Control Settings' @@ -137,6 +142,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' + ConditionalAccessPolicy = $SPOAccessControlSettings.ConditionalAccessPolicy } } catch @@ -245,7 +251,12 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] + [System.String] + $ConditionalAccessPolicy ) Write-Verbose -Message 'Setting configuration of SharePoint Online Access Control Settings' @@ -377,7 +388,12 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] + [System.String] + $ConditionalAccessPolicy ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -413,7 +429,8 @@ function Test-TargetResource 'DisallowInfectedFileDownload', ` 'ExternalServicesEnabled', ` 'EmailAttestationRequired', ` - 'EmailAttestationReAuthDays') + 'EmailAttestationReAuthDays', + 'ConditionalAccessPolicy') Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof index 2d4ab4ac32..dcde0c4937 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof @@ -22,4 +22,5 @@ class MSFT_SPOAccessControlSettings : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Blocks or limits access to SharePoint and OneDrive content from un-managed devices."), ValueMap{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}, Values{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}] string ConditionalAccessPolicy; }; diff --git a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md index 7272278b04..666cdb9616 100644 --- a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md +++ b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md @@ -25,6 +25,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **ConditionalAccessPolicy** | Write | SPOConditionalAccessPolicyType | Blocks or limits access to SharePoint and OneDrive content from un-managed devices. | `AllowFullAccess`, `AllowLimitedAccess`, `BlockAccess`, `ProtectionLevel` | # SPO Access Control Settings