Skip to content

Commit

Permalink
Merge pull request #4350 from NikCharlebois/AADConditionalAccessPolic…
Browse files Browse the repository at this point in the history
…y-Fixes

AADConditionalAccessPolicy fixes
  • Loading branch information
NikCharlebois authored Feb 20, 2024
2 parents 07305a5 + 9218c49 commit b7ad149
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 51 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
# Change log for Microsoft365DSC

# UNRELEASED

* AADConditionalAccessPolicy
* Fixing issue where Membership kinds no longer accepted empty values.
ROLLING BACK [#4344](https://github.com/microsoft/Microsoft365DSC/issues/4344)
FIXES [#4347](https://github.com/microsoft/Microsoft365DSC/issues/4347)
* Throws an error if role, user or group was not found in the Set method.
FIXES [#4342](https://github.com/microsoft/Microsoft365DSC/issues/4342)

# 1.24.214.3

* AADAuthenticationMethodPolicy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ function Get-TargetResource

[Parameter()]
[System.String]
[ValidateSet('all', 'enumerated', 'unknownFutureValue')]
[ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
$IncludeExternalTenantsMembershipKind,

[Parameter()]
Expand All @@ -85,7 +85,7 @@ function Get-TargetResource

[Parameter()]
[System.String]
[ValidateSet('all', 'enumerated', 'unknownFutureValue')]
[ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
$ExcludeExternalTenantsMembershipKind,

[Parameter()]
Expand Down Expand Up @@ -755,7 +755,7 @@ function Set-TargetResource

[Parameter()]
[System.String]
[ValidateSet('all', 'enumerated', 'unknownFutureValue')]
[ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
$IncludeExternalTenantsMembershipKind,

[Parameter()]
Expand All @@ -769,7 +769,7 @@ function Set-TargetResource

[Parameter()]
[System.String]
[ValidateSet('all', 'enumerated', 'unknownFutureValue')]
[ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
$ExcludeExternalTenantsMembershipKind,

[Parameter()]
Expand Down Expand Up @@ -1014,6 +1014,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $_
}
if ($null -eq $userguid)
{
Expand All @@ -1022,6 +1023,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
else
{
Expand Down Expand Up @@ -1059,6 +1061,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $_
}
if ($null -eq $userguid)
{
Expand All @@ -1067,6 +1070,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
else
{
Expand Down Expand Up @@ -1102,6 +1106,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $_
}
if ($GroupLookup.Length -gt 1)
{
Expand All @@ -1110,6 +1115,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
elseif ($null -eq $GroupLookup)
{
Expand All @@ -1118,6 +1124,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
else
{
Expand Down Expand Up @@ -1149,6 +1156,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $_
}
if ($GroupLookup.Length -gt 1)
{
Expand All @@ -1157,6 +1165,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
elseif ($null -eq $GroupLookup)
{
Expand All @@ -1165,6 +1174,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
else
{
Expand Down Expand Up @@ -1198,6 +1208,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
else
{
Expand Down Expand Up @@ -1231,6 +1242,7 @@ function Set-TargetResource
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
throw $message
}
else
{
Expand Down Expand Up @@ -1738,7 +1750,7 @@ function Test-TargetResource

[Parameter()]
[System.String]
[ValidateSet('all', 'enumerated', 'unknownFutureValue')]
[ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
$IncludeExternalTenantsMembershipKind,

[Parameter()]
Expand All @@ -1752,7 +1764,7 @@ function Test-TargetResource

[Parameter()]
[System.String]
[ValidateSet('all', 'enumerated', 'unknownFutureValue')]
[ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')]
$ExcludeExternalTenantsMembershipKind,

[Parameter()]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource
[Write, Description("AAD Admin Roles in scope of the Policy.")] String IncludeRoles[];
[Write, Description("AAD Admin Roles out of scope of the Policy.")] String ExcludeRoles[];
[Write, Description("Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String IncludeGuestOrExternalUserTypes[];
[Write, Description("Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"all","enumerated","unknownFutureValue"}, Values{"all","enumerated","unknownFutureValue"}] String IncludeExternalTenantsMembershipKind;
[Write, Description("Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String IncludeExternalTenantsMembershipKind;
[Write, Description("Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String IncludeExternalTenantsMembers[];
[Write, Description("Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String ExcludeGuestOrExternalUserTypes[];
[Write, Description("Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"all","enumerated","unknownFutureValue"}, Values{"all","enumerated","unknownFutureValue"}] String ExcludeExternalTenantsMembershipKind;
[Write, Description("Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String ExcludeExternalTenantsMembershipKind;
[Write, Description("Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String ExcludeExternalTenantsMembers[];
[Write, Description("Client Device Platforms in scope of the Policy.")] String IncludePlatforms[];
[Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -678,11 +678,6 @@ function Test-TargetResource
$TestAdvancedSettings = Test-AdvancedSettings -DesiredProperty $AdvancedSettings -CurrentProperty $CurrentValues.AdvancedSettings
if ($false -eq $TestAdvancedSettings)
{
New-M365DSCLogEntry -Message 'AdvancedSettings do not match!' `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential

return $false
}
}
Expand All @@ -698,12 +693,6 @@ function Test-TargetResource
if ($null -eq $configData -and $null -ne $CurrentValues.ModernGroupLocation `
-and $null -ne $RemoveModernGroupLocation)
{
#last entry removed so trigger drift
New-M365DSCLogEntry -Message 'ModernGroupLocation do not match!' `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential

return $false
}
}
Expand All @@ -721,12 +710,6 @@ function Test-TargetResource
if ($null -eq $configData -and $null -ne $CurrentValues.ModernGroupLocationException `
-and $null -ne $RemoveModernGroupLocationException)
{
#last entry removed so trigger drift
New-M365DSCLogEntry -Message 'ModernGroupLocationException do not match!' `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential

return $false
}
}
Expand All @@ -742,12 +725,6 @@ function Test-TargetResource
if ($null -eq $configData -and $null -ne $CurrentValues.ExchangeLocation `
-and $null -ne $RemoveExchangeLocation)
{
#last entry removed so trigger drift
New-M365DSCLogEntry -Message 'ExchangeLocation do not match!' `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential

return $false
}
}
Expand All @@ -765,12 +742,6 @@ function Test-TargetResource
if ($null -eq $configData -and $null -ne $CurrentValues.ExchangeLocationException `
-and $null -ne $RemoveExchangeLocationException)
{
#last entry removed so trigger drift
New-M365DSCLogEntry -Message 'ExchangeLocationException do not match!' `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential

return $false
}
}
Expand All @@ -788,12 +759,6 @@ function Test-TargetResource
if ($null -eq $configData -and $null -ne $CurrentValues.Labels `
-and $null -ne $RemoveLabels)
{
#last entry removed so trigger drift
New-M365DSCLogEntry -Message 'Labels do not match!' `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential

return $false
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1551,14 +1551,6 @@ function Test-LocaleSettings
}
}

if ($foundSettings -eq $false)
{
New-M365DSCLogEntry -Message "LocaleSettings for label $Name do not match: $($driftedSetting -join ', ')" `
-Source $($MyInvocation.MyCommand.Source) `
-TenantId $TenantId `
-Credential $Credential
}

Write-Verbose -Message "Test LocaleSettings returns $foundSettings"
return $foundSettings
}
Expand Down
4 changes: 4 additions & 0 deletions Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -1327,6 +1327,8 @@ function Export-M365DSCConfiguration

$Tenant = Get-M365DSCTenantNameFromParameterSet -ParameterSet $PSBoundParameters
$data.Add('Tenant', $Tenant)
$currentExportID = (New-Guid).ToString()
$data.Add('M365DSCExportId', $currentExportID)

Add-M365DSCTelemetryEvent -Type 'ExportInitiated' -Data $data
if ($null -ne $Workloads)
Expand Down Expand Up @@ -1392,6 +1394,8 @@ function Export-M365DSCConfiguration
# Clear the exported resource instances' names Global variable
$Global:M365DSCExportedResourceInstancesNames = $null
$Global:M365DSCExportInProgress = $false

Add-M365DSCTelemetryEvent -Type 'ExportCompleted' -Data $data
}

$Script:M365DSCDependenciesValidated = $false
Expand Down

0 comments on commit b7ad149

Please sign in to comment.