Skip to content

Commit

Permalink
Merge branch 'Dev' into SCDLPComplianceRule
Browse files Browse the repository at this point in the history
NikCharlebois authored Feb 7, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents acee04f + bc6319b commit bb0a498
Showing 5 changed files with 145 additions and 22 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -2,6 +2,9 @@

# UNRELEASED

* IntuneDeviceEnrollmentPlatformRestriction
* Added Priority parameter
FIXES [#4081](https://github.com/microsoft/Microsoft365DSC/issues/4081)
* SCDLPComplianceRule
* Properly escapes fancy quotes in the Get method.
* TeamsMeetingPolicy
@@ -57,6 +60,9 @@
* TeamsEmergencyCallRoutingPolicy
* Fix deletion of resource
FIXES [#4261](https://github.com/microsoft/Microsoft365DSC/issues/4261)
* TeamsUserCallingSettings
* Added support for Certificate Authentication
FIXES [#3180](https://github.com/microsoft/Microsoft365DSC/issues/3180)
* TEAMS
* Added support for ManagedIdentity Authentication across Teams resources.
* DEPENDENCIES
Original file line number Diff line number Diff line change
@@ -57,6 +57,10 @@ function Get-TargetResource
[Microsoft.Management.Infrastructure.CimInstance[]]
$Assignments,

[Parameter()]
[System.Int32]
$Priority,

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
@@ -107,7 +111,12 @@ function Get-TargetResource

try
{
$config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction silentlyContinue
try {
$config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $Identity -ErrorAction Stop
}
catch {
$config = $null
}

if ($null -eq $config)
{
@@ -127,6 +136,7 @@ function Get-TargetResource
DisplayName = $config.DisplayName
Description = $config.Description
DeviceEnrollmentConfigurationType = $config.DeviceEnrollmentConfigurationType.toString()
Priority = $config.Priority
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
@@ -229,6 +239,10 @@ function Set-TargetResource
[Microsoft.Management.Infrastructure.CimInstance[]]
$Assignments,

[Parameter()]
[System.Int32]
$Priority,

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
@@ -258,6 +272,7 @@ function Set-TargetResource
[Switch]
$ManagedIdentity
)

$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
-InboundParameters $PSBoundParameters

@@ -276,6 +291,12 @@ function Set-TargetResource
$currentCategory = Get-TargetResource @PSBoundParameters
$PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters
$PSBoundParameters.Remove('Identity') | Out-Null
$PriorityPresent = $false
if ($PSBoundParameters.Keys.Contains('Priority'))
{
$PriorityPresent = $true
$PSBoundParameters.Remove('Priority') | Out-Null
}

if ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Absent')
{
@@ -332,10 +353,19 @@ function Set-TargetResource
$assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments

Update-DeviceConfigurationPolicyAssignment `
-DeviceConfigurationPolicyId $policy.id `
-DeviceConfigurationPolicyId $policy.Id `
-Targets $assignmentsHash `
-Repository 'deviceManagement/deviceEnrollmentConfigurations'
}

if ($PriorityPresent -and $Priority -ne $policy.Priority)
{
$Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $policy.Id
$Body = @{
priority = $Priority
}
Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body
}
}
}
elseif ($Ensure -eq 'Present' -and $currentCategory.Ensure -eq 'Present')
@@ -380,29 +410,36 @@ function Set-TargetResource
#Write-Verbose ($PSBoundParameters | ConvertTo-Json -Depth 20)
Update-MgBetaDeviceManagementDeviceEnrollmentConfiguration `
-BodyParameter ([hashtable]$PSBoundParameters) `
-DeviceEnrollmentConfigurationId $Identity
-DeviceEnrollmentConfigurationId $currentCategory.Identity

#Assignments from DefaultPolicy are not editable and will raise an alert
if ($Identity -notlike '*_DefaultPlatformRestrictions')
if ($currentCategory.Identity -notlike '*_DefaultPlatformRestrictions')
{
if ($null -ne $Assignments -and $Assignments -ne @())
{
$assignmentsHash = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignments

Update-DeviceConfigurationPolicyAssignment `
-DeviceConfigurationPolicyId $Identity `
-Targets $assignmentsHash `
-Repository 'deviceManagement/deviceEnrollmentConfigurations'
-DeviceConfigurationPolicyId $currentCategory.Identity `
-Targets $assignmentsHash `
-Repository 'deviceManagement/deviceEnrollmentConfigurations'
}

if ($PriorityPresent -and $Priority -ne $currentCategory.Priority)
{
$Uri = "/beta/deviceManagement/deviceEnrollmentConfigurations/{0}/setPriority" -f $currentCategory.Identity
$Body = @{
priority = $Priority
}
Invoke-MgGraphRequest -Method POST -Uri $Uri -Body $Body
}
}
}
elseif ($Ensure -eq 'Absent' -and $currentCategory.Ensure -eq 'Present')
{
Write-Verbose -Message "Removing Device Enrollment Platform Restriction {$DisplayName}"
$config = Get-MgBetaDeviceManagementDeviceEnrollmentConfiguration -Filter "displayName eq '$DisplayName'" `
| Where-Object -FilterScript { $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration' }

Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $config.id
Remove-MgBetaDeviceManagementDeviceEnrollmentConfiguration -DeviceEnrollmentConfigurationId $currentCategory.Identity
}
}

@@ -465,6 +502,10 @@ function Test-TargetResource
[Microsoft.Management.Infrastructure.CimInstance[]]
$Assignments,

[Parameter()]
[System.Int32]
$Priority,

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
Original file line number Diff line number Diff line change
@@ -36,6 +36,7 @@ class MSFT_IntuneDeviceEnrollmentPlatformRestriction : OMI_BaseResource
[Write, Description("Mac restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string MacRestriction;
[Write, Description("Mac OS restrictions based on platform, platform operating system version, and device ownership."), EmbeddedInstance("MSFT_DeviceEnrollmentPlatformRestriction")] string MacOSRestriction;
[Write, Description("Assignments of the policy."), EmbeddedInstance("MSFT_DeviceManagementConfigurationPolicyAssignments")] string Assignments[];
[Write, Description("Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration.")] UInt32 Priority;
[Write, Description("Present ensures the restriction exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
[Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
Original file line number Diff line number Diff line change
@@ -61,9 +61,25 @@ function Get-TargetResource
[System.String]
$Ensure = 'Present',

[Parameter(Mandatory = $true)]
[Parameter()]
[System.Management.Automation.PSCredential]
$Credential
$Credential,

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint,

[Parameter()]
[Switch]
$ManagedIdentity
)

Write-Verbose -Message "Getting the Teams Calling Policy $($Identity)"
@@ -111,6 +127,10 @@ function Get-TargetResource
ForwardingTarget = $instance.ForwardingTarget
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
ManagedIdentity = $ManagedIdentity.IsPresent
}
}
catch
@@ -187,9 +207,25 @@ function Set-TargetResource
[System.String]
$Ensure = 'Present',

[Parameter(Mandatory = $true)]
[Parameter()]
[System.Management.Automation.PSCredential]
$Credential
$Credential,

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint,

[Parameter()]
[Switch]
$ManagedIdentity
)

Write-Verbose -Message 'Setting Teams User Calling Settings'
@@ -297,9 +333,25 @@ function Test-TargetResource
[System.String]
$Ensure = 'Present',

[Parameter(Mandatory = $true)]
[Parameter()]
[System.Management.Automation.PSCredential]
$Credential
$Credential,

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint,

[Parameter()]
[Switch]
$ManagedIdentity
)
#Ensure the proper dependencies are installed in the current environment.
Confirm-M365DSCDependencies
@@ -339,9 +391,25 @@ function Export-TargetResource
[OutputType([System.String])]
param
(
[Parameter(Mandatory = $true)]
[Parameter()]
[System.Management.Automation.PSCredential]
$Credential
$Credential,

[Parameter()]
[System.String]
$ApplicationId,

[Parameter()]
[System.String]
$TenantId,

[Parameter()]
[System.String]
$CertificateThumbprint,

[Parameter()]
[Switch]
$ManagedIdentity
)
$ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftTeams' `
-InboundParameters $PSBoundParameters
@@ -371,9 +439,13 @@ function Export-TargetResource
{
Write-Host " |---[$i/$($allUsers.Length)] $($user.UserPrincipalName)" -NoNewline
$params = @{
Identity = $user.UserPrincipalName
Ensure = 'Present'
Credential = $Credential
Identity = $user.UserPrincipalName
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
ManagedIdentity = $ManagedIdentity.IsPresent
}
$Results = Get-TargetResource @Params

Original file line number Diff line number Diff line change
@@ -14,6 +14,9 @@ class MSFT_TeamsUserCallingSettings : OMI_BaseResource
[Write, Description("The forwarding target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. Voicemail is only supported for Immediate forwarding."), ValueMap{"Group","MyDelegates","SingleTarget","Voicemail"}, Values{"Group","MyDelegates","SingleTarget","Voicemail"}] String ForwardingTargetType;
[Write, Description("The forwarding target. Supported types of values are ObjectId's, SIP addresses and phone numbers. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.")] String ForwardingTarget;
[Write, Description("Present ensures the policy exists, absent ensures it is removed."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Required, Description("Credentials of the Teams Global Admin."), EmbeddedInstance("MSFT_Credential")] String Credential;
[Write, Description("Credentials of the Teams Global Admin."), EmbeddedInstance("MSFT_Credential")] String Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId;
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
};

0 comments on commit bb0a498

Please sign in to comment.