diff --git a/CHANGELOG.md b/CHANGELOG.md index ab943add62..48085fb817 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Change log for Microsoft365DSC +# UNRELEASED + +* AADConditionalAccessPolicy + * Fixing issue where Membership kinds no longer accepted empty values. + ROLLING BACK [#4344](https://github.com/microsoft/Microsoft365DSC/issues/4344) + FIXES [#4347](https://github.com/microsoft/Microsoft365DSC/issues/4347) + * Throws an error if role, user or group was not found in the Set method. + FIXES [#4342](https://github.com/microsoft/Microsoft365DSC/issues/4342) + # 1.24.214.3 * AADAuthenticationMethodPolicy diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 index 276bf4a184..c62d6a3aca 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.psm1 @@ -71,7 +71,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('all', 'enumerated', 'unknownFutureValue')] + [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')] $IncludeExternalTenantsMembershipKind, [Parameter()] @@ -85,7 +85,7 @@ function Get-TargetResource [Parameter()] [System.String] - [ValidateSet('all', 'enumerated', 'unknownFutureValue')] + [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')] $ExcludeExternalTenantsMembershipKind, [Parameter()] @@ -755,7 +755,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet('all', 'enumerated', 'unknownFutureValue')] + [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')] $IncludeExternalTenantsMembershipKind, [Parameter()] @@ -769,7 +769,7 @@ function Set-TargetResource [Parameter()] [System.String] - [ValidateSet('all', 'enumerated', 'unknownFutureValue')] + [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')] $ExcludeExternalTenantsMembershipKind, [Parameter()] @@ -1014,6 +1014,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $_ } if ($null -eq $userguid) { @@ -1022,6 +1023,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } else { @@ -1059,6 +1061,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $_ } if ($null -eq $userguid) { @@ -1067,6 +1070,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } else { @@ -1102,6 +1106,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $_ } if ($GroupLookup.Length -gt 1) { @@ -1110,6 +1115,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } elseif ($null -eq $GroupLookup) { @@ -1118,6 +1124,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } else { @@ -1149,6 +1156,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $_ } if ($GroupLookup.Length -gt 1) { @@ -1157,6 +1165,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } elseif ($null -eq $GroupLookup) { @@ -1165,6 +1174,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } else { @@ -1198,6 +1208,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } else { @@ -1231,6 +1242,7 @@ function Set-TargetResource -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential + throw $message } else { @@ -1738,7 +1750,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('all', 'enumerated', 'unknownFutureValue')] + [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')] $IncludeExternalTenantsMembershipKind, [Parameter()] @@ -1752,7 +1764,7 @@ function Test-TargetResource [Parameter()] [System.String] - [ValidateSet('all', 'enumerated', 'unknownFutureValue')] + [ValidateSet('', 'all', 'enumerated', 'unknownFutureValue')] $ExcludeExternalTenantsMembershipKind, [Parameter()] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof index 67ec7174fa..9d1203c2af 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADConditionalAccessPolicy/MSFT_AADConditionalAccessPolicy.schema.mof @@ -16,10 +16,10 @@ class MSFT_AADConditionalAccessPolicy : OMI_BaseResource [Write, Description("AAD Admin Roles in scope of the Policy.")] String IncludeRoles[]; [Write, Description("AAD Admin Roles out of scope of the Policy.")] String ExcludeRoles[]; [Write, Description("Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String IncludeGuestOrExternalUserTypes[]; - [Write, Description("Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"all","enumerated","unknownFutureValue"}, Values{"all","enumerated","unknownFutureValue"}] String IncludeExternalTenantsMembershipKind; + [Write, Description("Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String IncludeExternalTenantsMembershipKind; [Write, Description("Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String IncludeExternalTenantsMembers[]; [Write, Description("Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue."), ValueMap{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}, Values{"none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"}] String ExcludeGuestOrExternalUserTypes[]; - [Write, Description("Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"all","enumerated","unknownFutureValue"}, Values{"all","enumerated","unknownFutureValue"}] String ExcludeExternalTenantsMembershipKind; + [Write, Description("Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type."), ValueMap{"","all","enumerated","unknownFutureValue"}, Values{"","all","enumerated","unknownFutureValue"}] String ExcludeExternalTenantsMembershipKind; [Write, Description("Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.")] String ExcludeExternalTenantsMembers[]; [Write, Description("Client Device Platforms in scope of the Policy.")] String IncludePlatforms[]; [Write, Description("Client Device Platforms out of scope of the Policy.")] String ExcludePlatforms[]; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 index d994b4f7f9..e773c24d7b 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCLabelPolicy/MSFT_SCLabelPolicy.psm1 @@ -678,11 +678,6 @@ function Test-TargetResource $TestAdvancedSettings = Test-AdvancedSettings -DesiredProperty $AdvancedSettings -CurrentProperty $CurrentValues.AdvancedSettings if ($false -eq $TestAdvancedSettings) { - New-M365DSCLogEntry -Message 'AdvancedSettings do not match!' ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - return $false } } @@ -698,12 +693,6 @@ function Test-TargetResource if ($null -eq $configData -and $null -ne $CurrentValues.ModernGroupLocation ` -and $null -ne $RemoveModernGroupLocation) { - #last entry removed so trigger drift - New-M365DSCLogEntry -Message 'ModernGroupLocation do not match!' ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - return $false } } @@ -721,12 +710,6 @@ function Test-TargetResource if ($null -eq $configData -and $null -ne $CurrentValues.ModernGroupLocationException ` -and $null -ne $RemoveModernGroupLocationException) { - #last entry removed so trigger drift - New-M365DSCLogEntry -Message 'ModernGroupLocationException do not match!' ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - return $false } } @@ -742,12 +725,6 @@ function Test-TargetResource if ($null -eq $configData -and $null -ne $CurrentValues.ExchangeLocation ` -and $null -ne $RemoveExchangeLocation) { - #last entry removed so trigger drift - New-M365DSCLogEntry -Message 'ExchangeLocation do not match!' ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - return $false } } @@ -765,12 +742,6 @@ function Test-TargetResource if ($null -eq $configData -and $null -ne $CurrentValues.ExchangeLocationException ` -and $null -ne $RemoveExchangeLocationException) { - #last entry removed so trigger drift - New-M365DSCLogEntry -Message 'ExchangeLocationException do not match!' ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - return $false } } @@ -788,12 +759,6 @@ function Test-TargetResource if ($null -eq $configData -and $null -ne $CurrentValues.Labels ` -and $null -ne $RemoveLabels) { - #last entry removed so trigger drift - New-M365DSCLogEntry -Message 'Labels do not match!' ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - return $false } } diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 index d53ae1df83..92f4d76bc8 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_SCSensitivityLabel/MSFT_SCSensitivityLabel.psm1 @@ -1551,14 +1551,6 @@ function Test-LocaleSettings } } - if ($foundSettings -eq $false) - { - New-M365DSCLogEntry -Message "LocaleSettings for label $Name do not match: $($driftedSetting -join ', ')" ` - -Source $($MyInvocation.MyCommand.Source) ` - -TenantId $TenantId ` - -Credential $Credential - } - Write-Verbose -Message "Test LocaleSettings returns $foundSettings" return $foundSettings } diff --git a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 index 79bbb1650c..0f6e64939b 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 @@ -1327,6 +1327,8 @@ function Export-M365DSCConfiguration $Tenant = Get-M365DSCTenantNameFromParameterSet -ParameterSet $PSBoundParameters $data.Add('Tenant', $Tenant) + $currentExportID = (New-Guid).ToString() + $data.Add('M365DSCExportId', $currentExportID) Add-M365DSCTelemetryEvent -Type 'ExportInitiated' -Data $data if ($null -ne $Workloads) @@ -1392,6 +1394,8 @@ function Export-M365DSCConfiguration # Clear the exported resource instances' names Global variable $Global:M365DSCExportedResourceInstancesNames = $null $Global:M365DSCExportInProgress = $false + + Add-M365DSCTelemetryEvent -Type 'ExportCompleted' -Data $data } $Script:M365DSCDependenciesValidated = $false