Merge pull request #1016 from microsoft/Dev

Release 1.21.113.1

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Change log for Microsoft365DSC
 
+# 1.21.113.1
+
+* AADRoleDefinition
+  * Filters out role definitions without any assigned permissions.
+    Fixes Issue #1007;
+* DEPENDENCIES
+  * Updated Microsoft.PowerApps.Administration.PowerShell
+    to 2.0.104;
+
 # 1.20.1223.1
 
 * SPOHubSite

Modules/Microsoft365DSC/DSCResources/MSFT_AADRoleDefinition/MSFT_AADRoleDefinition.psm1

@@ -383,7 +383,7 @@ function Export-TargetResource
             }
             $Results = Get-TargetResource @Params
 
-            if ($Results.Ensure -eq 'Present')
+            if ($Results.Ensure -eq 'Present' -and ([array]$results.RolePermissions).Length -gt 0)
             {
                 $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
                     -Results $Results

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.psm1

@@ -29,6 +29,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableMailboxIntelligence = $true,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMailboxIntelligenceProtection = $false,
+
         [Parameter()]
         [System.Boolean]
         $EnableOrganizationDomainsProtection = $false,
@@ -41,6 +45,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableSimilarUsersSafetyTips = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableSpoofIntelligence = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableTargetedDomainsProtection = $false,
@@ -49,6 +57,10 @@ function Get-TargetResource
         [System.Boolean]
         $EnableTargetedUserProtection = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableUnauthenticatedSender = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableUnusualCharactersSafetyTips = $false,
@@ -66,6 +78,20 @@ function Get-TargetResource
         [System.String[]]
         $ExcludedSenders = @(),
 
+        [Parameter()]
+        [ValidateSet('Automatic', 'Manual', 'Off')]
+        [System.String]
+        $ImpersonationProtectionState = 'Automatic',
+
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $MailboxIntelligenceProtectionAction = 'NoAction',
+
+        [Parameter()]
+        [System.String[]]
+        $MailboxIntelligenceProtectionActionRecipients = @(),
+
         [Parameter()]
         [System.Boolean]
         $MakeDefault = $false,
@@ -175,30 +201,36 @@ function Get-TargetResource
             }
 
             $result = @{
-                Identity                            = $Identity
-                AdminDisplayName                    = $AntiPhishPolicy.AdminDisplayName
-                AuthenticationFailAction            = $AntiPhishPolicy.AuthenticationFailAction
-                Enabled                             = $AntiPhishPolicy.Enabled
-                EnableAntispoofEnforcement          = $AntiPhishPolicy.EnableAntispoofEnforcement
-                EnableMailboxIntelligence           = $AntiPhishPolicy.EnableMailboxIntelligence
-                EnableOrganizationDomainsProtection = $AntiPhishPolicy.EnableOrganizationDomainsProtection
-                EnableSimilarDomainsSafetyTips      = $AntiPhishPolicy.EnableSimilarDomainsSafetyTips
-                EnableSimilarUsersSafetyTips        = $AntiPhishPolicy.EnableSimilarUsersSafetyTips
-                EnableTargetedDomainsProtection     = $AntiPhishPolicy.EnableTargetedDomainsProtection
-                EnableTargetedUserProtection        = $AntiPhishPolicy.EnableTargetedUserProtection
-                EnableUnusualCharactersSafetyTips   = $AntiPhishPolicy.EnableUnusualCharactersSafetyTips
-                ExcludedDomains                     = $AntiPhishPolicy.ExcludedDomains
-                ExcludedSenders                     = $AntiPhishPolicy.ExcludedSenders
-                MakeDefault                         = $AntiPhishPolicy.MakeDefault
-                PhishThresholdLevel                 = $PhishThresholdLevelValue
-                TargetedDomainActionRecipients      = $AntiPhishPolicy.TargetedDomainActionRecipients
-                TargetedDomainProtectionAction      = $TargetedDomainProtectionAction
-                TargetedDomainsToProtect            = $AntiPhishPolicy.TargetedDomainsToProtect
-                TargetedUserActionRecipients        = $AntiPhishPolicy.TargetedUserActionRecipients
-                TargetedUserProtectionAction        = $TargetedUserProtectionActionValue
-                TargetedUsersToProtect              = $AntiPhishPolicy.TargetedUsersToProtect
-                GlobalAdminAccount                  = $GlobalAdminAccount
-                Ensure                              = 'Present'
+                Identity                                      = $Identity
+                AdminDisplayName                              = $AntiPhishPolicy.AdminDisplayName
+                AuthenticationFailAction                      = $AntiPhishPolicy.AuthenticationFailAction
+                Enabled                                       = $AntiPhishPolicy.Enabled
+                EnableAntispoofEnforcement                    = $AntiPhishPolicy.EnableAntispoofEnforcement
+                EnableMailboxIntelligence                     = $AntiPhishPolicy.EnableMailboxIntelligence
+                EnableMailboxIntelligenceProtection           = $AntiPhishPolicy.EnableMailboxIntelligenceProtection
+                EnableOrganizationDomainsProtection           = $AntiPhishPolicy.EnableOrganizationDomainsProtection
+                EnableSimilarDomainsSafetyTips                = $AntiPhishPolicy.EnableSimilarDomainsSafetyTips
+                EnableSimilarUsersSafetyTips                  = $AntiPhishPolicy.EnableSimilarUsersSafetyTips
+                EnableSpoofIntelligence                       = $AntiPhishPolicy.EnableSpoofIntelligence
+                EnableTargetedDomainsProtection               = $AntiPhishPolicy.EnableTargetedDomainsProtection
+                EnableTargetedUserProtection                  = $AntiPhishPolicy.EnableTargetedUserProtection
+                EnableUnauthenticatedSender                   = $AntiPhishPolicy.EnableUnauthenticatedSender
+                EnableUnusualCharactersSafetyTips             = $AntiPhishPolicy.EnableUnusualCharactersSafetyTips
+                ExcludedDomains                               = $AntiPhishPolicy.ExcludedDomains
+                ExcludedSenders                               = $AntiPhishPolicy.ExcludedSenders
+                ImpersonationProtectionState                  = $AntiPhishPolicy.ImpersonationProtectionState
+                MailboxIntelligenceProtectionAction           = $AntiPhishPolicy.MailboxIntelligenceProtectionAction
+                MailboxIntelligenceProtectionActionRecipients = $AntiPhishPolicy.MailboxIntelligenceProtectionActionRecipients
+                MakeDefault                                   = $AntiPhishPolicy.MakeDefault
+                PhishThresholdLevel                           = $PhishThresholdLevelValue
+                TargetedDomainActionRecipients                = $AntiPhishPolicy.TargetedDomainActionRecipients
+                TargetedDomainProtectionAction                = $AntiPhishPolicy.TargetedDomainProtectionAction
+                TargetedDomainsToProtect                      = $AntiPhishPolicy.TargetedDomainsToProtect
+                TargetedUserActionRecipients                  = $AntiPhishPolicy.TargetedUserActionRecipients
+                TargetedUserProtectionAction                  = $TargetedUserProtectionActionValue
+                TargetedUsersToProtect                        = $AntiPhishPolicy.TargetedUsersToProtect
+                GlobalAdminAccount                            = $GlobalAdminAccount
+                Ensure                                        = 'Present'
             }
 
             Write-Verbose -Message "Found AntiPhishPolicy $($Identity)"
@@ -262,6 +294,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableMailboxIntelligence = $true,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMailboxIntelligenceProtection = $false,
+
         [Parameter()]
         [System.Boolean]
         $EnableOrganizationDomainsProtection = $false,
@@ -274,6 +310,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableSimilarUsersSafetyTips = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableSpoofIntelligence = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableTargetedDomainsProtection = $false,
@@ -282,6 +322,10 @@ function Set-TargetResource
         [System.Boolean]
         $EnableTargetedUserProtection = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableUnauthenticatedSender = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableUnusualCharactersSafetyTips = $false,
@@ -299,6 +343,20 @@ function Set-TargetResource
         [System.String[]]
         $ExcludedSenders = @(),
 
+        [Parameter()]
+        [ValidateSet('Automatic', 'Manual', 'Off')]
+        [System.String]
+        $ImpersonationProtectionState = 'Automatic',
+
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $MailboxIntelligenceProtectionAction = 'NoAction',
+
+        [Parameter()]
+        [System.String[]]
+        $MailboxIntelligenceProtectionActionRecipients = @(),
+
         [Parameter()]
         [System.Boolean]
         $MakeDefault = $false,
@@ -430,6 +488,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableMailboxIntelligence = $true,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableMailboxIntelligenceProtection = $false,
+
         [Parameter()]
         [System.Boolean]
         $EnableOrganizationDomainsProtection = $false,
@@ -442,6 +504,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableSimilarUsersSafetyTips = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableSpoofIntelligence = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableTargetedDomainsProtection = $false,
@@ -450,6 +516,10 @@ function Test-TargetResource
         [System.Boolean]
         $EnableTargetedUserProtection = $false,
 
+        [Parameter()]
+        [System.Boolean]
+        $EnableUnauthenticatedSender = $true,
+
         [Parameter()]
         [System.Boolean]
         $EnableUnusualCharactersSafetyTips = $false,
@@ -467,6 +537,20 @@ function Test-TargetResource
         [System.String[]]
         $ExcludedSenders = @(),
 
+        [Parameter()]
+        [ValidateSet('Automatic', 'Manual', 'Off')]
+        [System.String]
+        $ImpersonationProtectionState = 'Automatic',
+
+        [Parameter()]
+        [ValidateSet('BccMessage', 'Delete', 'MoveToJmf', 'NoAction', 'Quarantine', 'Redirect')]
+        [System.String]
+        $MailboxIntelligenceProtectionAction = 'NoAction',
+
+        [Parameter()]
+        [System.String[]]
+        $MailboxIntelligenceProtectionActionRecipients = @(),
+
         [Parameter()]
         [System.Boolean]
         $MakeDefault = $false,

Modules/Microsoft365DSC/DSCResources/MSFT_EXOAntiPhishPolicy/MSFT_EXOAntiPhishPolicy.schema.mof

@@ -11,15 +11,21 @@ class MSFT_EXOAntiPhishPolicy : OMI_BaseResource
     [Write, Description("Specify if this policy should be enabled. Default is $true.")] Boolean Enabled;
     [Write, Description("The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the policy.")] Boolean EnableAntispoofEnforcement;
     [Write, Description("The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.")] Boolean EnableMailboxIntelligence;
+    [Write, Description("The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.")] Boolean EnableMailboxIntelligenceProtection;
     [Write, Description("The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization.")] Boolean EnableOrganizationDomainsProtection;
     [Write, Description("The EnableSimilarDomainsSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for domain impersonation detections.")] Boolean EnableSimilarDomainsSafetyTips;
     [Write, Description("The EnableSimilarUsersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for user impersonation detections.")] Boolean EnableSimilarUsersSafetyTips;
+    [Write, Description("The EnableSpoofIntelligence parameter specifies whether to enable or disable antispoofing protection for the policy.")] Boolean EnableSpoofIntelligence;
     [Write, Description("The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains.")] Boolean EnableTargetedDomainsProtection;
     [Write, Description("The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter")] Boolean EnableTargetedUserProtection;
+    [Write, Description("The EnableUnauthenticatedSender parameter enables or disables unauthenticated sender identification in Outlook.")] Boolean EnableUnauthenticatedSender;
     [Write, Description("The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections.")] Boolean EnableUnusualCharactersSafetyTips;
     [Write, Description("Make this the default antiphishing policy")] Boolean MakeDefault;
     [Write, Description("The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.")] String ExcludedDomains[];
     [Write, Description("The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.")] String ExcludedSenders[];
+    [Write, Description("The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.")] String ImpersonationProtectionState;
+    [Write, Description("The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.")] String MailboxIntelligenceProtectionAction;
+    [Write, Description("The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.")] String MailboxIntelligenceProtectionActionRecipients[];
     [Write, Description("The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedDomainActionRecipients[];
     [Write, Description("The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.")] String TargetedDomainsToProtect[];
     [Write, Description("The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.")] String TargetedUserActionRecipients[];