Merge pull request #3713 from NikCharlebois/M365DSCRuleEvaluation-Imp…

…rovements

M365DSCRuleEvaluation Improvements

CHANGELOG.md

@@ -4,10 +4,13 @@
 
 * AADApplication
   * Added support for restoring soft deleted instances.
+* M365DSCRuleEvaluation
+  * Improvements to how rules are evaluated and how drifts are logged.
 * O365OrgSettings
   * Changes to how ToDo discrepencies are being fixed in the SET method.
 * DEPENDENCIES
   * Updated Microsoft.Graph to version 2.6.1.
+  * Updated Microsoft.PowerApps.Administration.PowerShell to version 2.0.117.
 
 # 1.23.920.2
 

Modules/Microsoft365DSC/DSCResources/MSFT_M365DSCRuleEvaluation/MSFT_M365DSCRuleEvaluation.psm1

@@ -161,9 +161,7 @@ function Test-TargetResource
         Import-Module $module.Path -Force -Function 'Export-TargetResource' | Out-Null
         $cmdName = "MSFT_$ResourceName\Export-TargetResource"
 
-        Write-Verbose -Message "Retrieving Instances"
-        $instances = &$cmdName @params
-        Write-Verbose -Message "Retrieved {$($instances.Length)} Instances"
+        [Array]$instances = &$cmdName @params
 
         $DSCStringContent = @"
         # Generated with Microsoft365DSC version 1.23.906.1
@@ -193,45 +191,70 @@ function Test-TargetResource
         Write-Verbose -Message "Successfully converted {$($DSCConvertedInstances.Length)} DSC Objects."
 
         Write-Verbose -Message "Querying DSC Objects for invalid instances based on the specified Rule Definition."
-        $queryBlock = [Scriptblock]::Create($RuleDefinition)
-        [Array]$invalidInstances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock
-        Write-Verbose -Message "Identified {$($invalidInstances.Length)} invalid instances."
+        if ($RuleDefinition -eq '*')
+        {
+            [Array]$instances = $DSCConvertedInstances
+            Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule."
+        }
+        else
+        {
+            $queryBlock = [Scriptblock]::Create($RuleDefinition)
+            [Array]$instances = $DSCConvertedInstances | Where-Object -FilterScript $queryBlock
+            Write-Verbose -Message "Identified {$($instances.Length)} instances matching rule."
+        }
 
-        $result = $InvalidInstances.Length -eq 0
+        $result = ($instances.Length -$DSCConvertedInstances.Length) -eq 0
 
         if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
         {
             Write-Verbose -Message "Checking the After Rule Count"
-            $afterRuleCountQueryString = "`$invalidInstances.Length $AfterRuleCountQuery"
+            $afterRuleCountQueryString = "`$instances.Length $AfterRuleCountQuery"
             $afterRuleCountQueryBlock = [Scriptblock]::Create($afterRuleCountQueryString)
             $result = [Boolean](Invoke-Command -ScriptBlock $afterRuleCountQueryBlock)
-            Write-Verbose -Message "Output of rule count: $($result | Out-String)"
-        }
+            $message = [System.Text.StringBuilder]::New()
+            if ($instances.Length -eq 0)
+            {
+                [void]$message.AppendLine("No instances were found for the given Rule Definition.")
+            }
+            elseif (-not $result)
+            {
+                $invalidInstancesLogNames = ''
+                foreach ($invalidInstance in $instances)
+                {
+                    $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.ResourceInstanceName)`r`n"
+                }
 
-        if (-not $result)
+                [void]$message.AppendLine("The following resource instance(s) failed a rule validation:`r`n$invalidInstancesLogNames")
+                [void]$message.AppendLine("`r`nRuleDefinition:`r`n$RuleDefinition")
+                [void]$message.AppendLine("`r`AfterRuleCountQuery:`r`n$AfterRuleCountQuery")
+                Add-M365DSCEvent -Message $message.ToString() `
+                            -EventType 'RuleEvaluation' `
+                            -EntryType 'Warning' `
+                            -EventID 1 -Source $CurrentResourceName
+            }
+        }
+        elseif (-not $result)
         {
+            $invalidInstances = Compare-Object -ReferenceObject $DSCConvertedInstances.ResourceInstanceName -DifferenceObject $instances.ResourceInstanceName
             # Log drifts for each invalid instances found.
             $invalidInstancesLogNames = ''
             foreach ($invalidInstance in $invalidInstances)
             {
-                $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.ResourceInstanceName)`r`n"
+                $invalidInstancesLogNames += "[$ResourceName]$($invalidInstance.InputObject)`r`n"
             }
 
             if (-not $result)
             {
                 $message = [System.Text.StringBuilder]::New()
                 [void]$message.AppendLine("The following resource instance(s) failed a rule validation:`r`n$invalidInstancesLogNames")
                 [void]$message.AppendLine("`r`nRuleDefinition:`r`n$RuleDefinition")
-                if (-not [System.String]::IsNullOrEmpty($AfterRuleCountQuery))
-                {
-                    [void]$message.AppendLine("`r`AfterRuleCountQuery:`r`n$AfterRuleCountQuery")
-                }
                 Add-M365DSCEvent -Message $message.ToString() `
                         -EventType 'RuleEvaluation' `
                         -EntryType 'Warning' `
                         -EventID 1 -Source $CurrentResourceName
             }
         }
+        Write-Verbose -Message "Test-TargetResource returned $result"
         return $result
     }
 }

Modules/Microsoft365DSC/Dependencies/Manifest.psd1

@@ -78,7 +78,7 @@
         },
         @{
             ModuleName      = 'Microsoft.PowerApps.Administration.PowerShell'
-            RequiredVersion = '2.0.174'
+            RequiredVersion = '2.0.177'
         },
         @{
             ModuleName      = 'MicrosoftTeams'