From f546869290b84e8fe8c10aa8f14451e6cddd35d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= Date: Tue, 6 Feb 2024 11:03:57 +0100 Subject: [PATCH 1/8] fix: Added Parameter ConditionalAccessPolicy to Resource SPOAccessControlSettings --- .../MSFT_SPOAccessControlSettings.psm1 | 25 ++++++++++++++++--- .../MSFT_SPOAccessControlSettings.schema.mof | 1 + .../sharepoint/SPOAccessControlSettings.md | 1 + 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index 8a6deac065..e73c779a8c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -88,7 +88,12 @@ function Get-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] + [System.String] + $ConditionalAccessPolicy ) Write-Verbose -Message 'Getting configuration of SharePoint Online Access Control Settings' @@ -137,6 +142,7 @@ function Get-TargetResource CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent Ensure = 'Present' + ConditionalAccessPolicy = $SPOAccessControlSettings.ConditionalAccessPolicy } } catch @@ -245,7 +251,12 @@ function Set-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] + [System.String] + $ConditionalAccessPolicy ) Write-Verbose -Message 'Setting configuration of SharePoint Online Access Control Settings' @@ -377,7 +388,12 @@ function Test-TargetResource [Parameter()] [Switch] - $ManagedIdentity + $ManagedIdentity, + + [Parameter()] + [ValidateSet('AllowFullAccess', 'AllowLimitedAccess', 'BlockAccess', 'ProtectionLevel')] + [System.String] + $ConditionalAccessPolicy ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies @@ -413,7 +429,8 @@ function Test-TargetResource 'DisallowInfectedFileDownload', ` 'ExternalServicesEnabled', ` 'EmailAttestationRequired', ` - 'EmailAttestationReAuthDays') + 'EmailAttestationReAuthDays', + 'ConditionalAccessPolicy') Write-Verbose -Message "Test-TargetResource returned $TestResult" diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof index 2d4ab4ac32..087b9f818c 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof @@ -22,4 +22,5 @@ class MSFT_SPOAccessControlSettings : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; + [Write, Description("Blocks or limits access to SharePoint and OneDrive content from un-managed devices.")] Boolean ConditionalAccessPolicy; }; diff --git a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md index 7272278b04..666cdb9616 100644 --- a/docs/docs/resources/sharepoint/SPOAccessControlSettings.md +++ b/docs/docs/resources/sharepoint/SPOAccessControlSettings.md @@ -25,6 +25,7 @@ | **CertificatePath** | Write | String | Path to certificate used in service principal usually a PFX file. | | | **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | | | **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | | +| **ConditionalAccessPolicy** | Write | SPOConditionalAccessPolicyType | Blocks or limits access to SharePoint and OneDrive content from un-managed devices. | `AllowFullAccess`, `AllowLimitedAccess`, `BlockAccess`, `ProtectionLevel` | # SPO Access Control Settings From 933301ff852f3b29e99863f5be4f4a851f2a57d2 Mon Sep 17 00:00:00 2001 From: hosebei <35492544+hosebei@users.noreply.github.com> Date: Tue, 6 Feb 2024 17:04:54 +0100 Subject: [PATCH 2/8] fix: Corrected schema definition and added correct Valuemap and ValueList --- .../MSFT_SPOAccessControlSettings.schema.mof | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof index 087b9f818c..dcde0c4937 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.schema.mof @@ -22,5 +22,5 @@ class MSFT_SPOAccessControlSettings : OMI_BaseResource [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity; - [Write, Description("Blocks or limits access to SharePoint and OneDrive content from un-managed devices.")] Boolean ConditionalAccessPolicy; + [Write, Description("Blocks or limits access to SharePoint and OneDrive content from un-managed devices."), ValueMap{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}, Values{"AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"}] string ConditionalAccessPolicy; }; From 49cd4d577ff1e0d5306ac1ca9cf8cd2e14578a54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= <35492544+hosebei@users.noreply.github.com> Date: Sat, 10 Feb 2024 16:26:17 +0100 Subject: [PATCH 3/8] added changelog entry for the parameter support --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c7f05a29c2..56e144d79d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* SPOAccessControlSettings + * Added support for the ConditionalAccessPolicy parameter based on the PNP Module + # 1.24.131.2 * TeamsMeetingPolicy From ffdb34d787c08dde76bfcf7df8331ed8b48bfcda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= <35492544+hosebei@users.noreply.github.com> Date: Sun, 11 Feb 2024 17:42:01 +0100 Subject: [PATCH 4/8] fixed conflict --- CHANGELOG.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 56e144d79d..c136b2bf1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,41 @@ # UNRELEASED +* AADRoleEligibilityScheduleRequest + * Fixed an issue where an error was thrown if no requests were found instead + of simply returning the Null object. +* EXOMobileDeviceMailboxPolicy + * Fixes an issue where an empty MinPasswordLength value was always passed down + to the update logic flow. +* DEPENDENCIES + * Updated Microsoft.Graph dependencies to version 2.13.1. * SPOAccessControlSettings * Added support for the ConditionalAccessPolicy parameter based on the PNP Module +# 1.24.207.2 + +* TeamsAppSetupPolicy + * Changed the logic to retrieve arrays of Ids in the Get method. +* MISC + * Drift Logging + * Now includes the full list of parameters for the current values. + * Telemetry + * Added a new M365DSCTelemetryEventId parameter to track duplication of events. + +# 1.24.207.1 + +* IntuneDeviceEnrollmentPlatformRestriction + * Added Priority parameter + FIXES [#4081](https://github.com/microsoft/Microsoft365DSC/issues/4081) +* SCDLPComplianceRule + * Properly escapes fancy quotes in the Get method. +* TeamsMeetingPolicy + * Ignore the AllowUserToJoinExternalMeeting parameterfor drift evaluation + since it doesn't do anything based on official documentation. +* DEPENDENCIES + * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. + * Updated MSCloudLoginAssistant to version 1.1.11 + * Updated ReverseDSC to version 2.0.0.19 # 1.24.131.2 * TeamsMeetingPolicy From e0708975d678ee2633b560984dd998c75fd98d52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= <35492544+hosebei@users.noreply.github.com> Date: Sun, 11 Feb 2024 17:42:57 +0100 Subject: [PATCH 5/8] fixed typo --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c136b2bf1d..94bbfd65bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -37,6 +37,7 @@ * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.180. * Updated MSCloudLoginAssistant to version 1.1.11 * Updated ReverseDSC to version 2.0.0.19 + # 1.24.131.2 * TeamsMeetingPolicy From 7a0a18bf5721e2f5e753e446cf63cdbc28986f69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= <35492544+hosebei@users.noreply.github.com> Date: Thu, 15 Feb 2024 16:09:18 +0100 Subject: [PATCH 6/8] fix: wrong indentation corrected --- .../MSFT_SPOAccessControlSettings.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 index e73c779a8c..c86fde3486 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SPOAccessControlSettings/MSFT_SPOAccessControlSettings.psm1 @@ -430,7 +430,7 @@ function Test-TargetResource 'ExternalServicesEnabled', ` 'EmailAttestationRequired', ` 'EmailAttestationReAuthDays', - 'ConditionalAccessPolicy') + 'ConditionalAccessPolicy') Write-Verbose -Message "Test-TargetResource returned $TestResult" From e965a5d50a537df59eee23dd741993c06b32eddd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= <35492544+hosebei@users.noreply.github.com> Date: Tue, 20 Feb 2024 20:01:58 +0100 Subject: [PATCH 7/8] removed version 1.24.214.1 from changelog --- CHANGELOG.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e090c314a..153c6d642d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,10 @@ # Change log for Microsoft365DSC -<<<<<<< HEAD # Unreleased * SPOAccessControlSettings * Added support for the ConditionalAccessPolicy parameter based on the PNP Module -======= + # 1.24.214.3 * AADAuthenticationMethodPolicy @@ -37,10 +36,8 @@ quotes. * DEPENDENCIES * Updated Microsoft.Graph to version 2.14.1. ->>>>>>> dev # 1.24.214.2 -# 1.24.214.1 * AADConditionalAccessPolicy * Removed invalid empty string value that was added to the validate set From edf350d133edba97c4d39da5724d360818be6094 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20W=C3=BCthrich?= <35492544+hosebei@users.noreply.github.com> Date: Sat, 24 Feb 2024 18:42:35 +0100 Subject: [PATCH 8/8] merge dev branch in pr --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ccf854bd31..74e626aaae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Change log for Microsoft365DSC +# UNRLEASED + +* SPOAccessControlSettings + * Added support for the ConditionalAccessPolicy parameter based on the PNP Module + # 1.24.221.1 * AADApplication