From 787512f07187265bc40c0f43fbeac8ce5d92e97b Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 26 Jun 2023 15:02:50 -0400 Subject: [PATCH 1/3] Update MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 --- ...thenticationMethodPolicyAuthenticator.psm1 | 106 +++++------------- 1 file changed, 30 insertions(+), 76 deletions(-) diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 index 9bf5d35d5d..a62467bdfc 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_AADAuthenticationMethodPolicyAuthenticator/MSFT_AADAuthenticationMethodPolicyAuthenticator.psm1 @@ -242,58 +242,6 @@ function Get-TargetResource $complexDisplayLocationInformationRequiredState = $null } $complexFeatureSettings.Add('DisplayLocationInformationRequiredState', $complexDisplayLocationInformationRequiredState) - $complexNumberMatchingRequiredState = @{} - $complexExcludeTarget = @{} - if ($getValue.additionalProperties.featureSettings.numberMatchingRequiredState.excludeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myExcludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.excludeTarget.id - $complexExcludeTarget.Add('Id', $myExcludeTargetsDisplayName.DisplayName) - } - else - { - $complexExcludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.excludeTarget.id) - } - if ($null -ne $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.excludeTarget.targetType) - { - $complexExcludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.excludeTarget.targetType.toString()) - } - if ($complexExcludeTarget.values.Where({ $null -ne $_ }).count -eq 0) - { - $complexExcludeTarget = $null - } - $complexNumberMatchingRequiredState.Add('ExcludeTarget', $complexExcludeTarget) - $complexIncludeTarget = @{} - if ($getValue.additionalProperties.featureSettings.numberMatchingRequiredState.includeTarget.id -notmatch 'all_users|00000000-0000-0000-0000-000000000000') - { - $myIncludeTargetsDisplayName = Get-MgGroup -GroupId $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.includeTarget.id - $complexIncludeTarget.Add('Id', $myIncludeTargetsDisplayName.DisplayName) - } - else - { - $complexIncludeTarget.Add('Id', $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.includeTarget.id) - } - if ($null -ne $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.includeTarget.targetType) - { - $complexIncludeTarget.Add('TargetType', $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.includeTarget.targetType.toString()) - } - if ($complexIncludeTarget.values.Where({ $null -ne $_ }).count -eq 0) - { - $complexIncludeTarget = $null - } - $complexNumberMatchingRequiredState.Add('IncludeTarget', $complexIncludeTarget) - if ($null -ne $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.state) - { - $complexNumberMatchingRequiredState.Add('State', $getValue.additionalProperties.featureSettings.numberMatchingRequiredState.state.toString()) - } - if ($complexNumberMatchingRequiredState.values.Where({ $null -ne $_ }).count -eq 0) - { - $complexNumberMatchingRequiredState = $null - } - $complexFeatureSettings.Add('NumberMatchingRequiredState', $complexNumberMatchingRequiredState) - if ($complexFeatureSettings.values.Where({ $null -ne $_ }).count -eq 0) - { - $complexFeatureSettings = $null - } $complexExcludeTargets = @() foreach ($currentExcludeTargets in $getValue.excludeTargets) @@ -499,15 +447,12 @@ function Set-TargetResource $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $CreateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.foreach('id',$groupid) } - if ($CreateParameters.featureSettings.numberMatchingRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ - $Filter = "Displayname eq '$($CreateParameters.featureSettings.numberMatchingRequiredState.includeTarget.id)'" | Out-String - $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $CreateParameters.featureSettings.numberMatchingRequiredState.includeTarget.foreach('id',$groupid) - } - if ($CreateParameters.featureSettings.numberMatchingRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ - $Filter = "Displayname eq '$($CreateParameters.featureSettings.numberMatchingRequiredState.excludeTarget.id)'" | Out-String - $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $CreateParameters.featureSettings.numberMatchingRequiredState.excludeTarget.foreach('id',$groupid) + + # DEPRECATED + if ($CreateParameters.featureSettings.ContainsKey('NumberMatchingRequiredState')) + { + Write-Verbose -Message "The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration." + $CreateParameters.featureSettings.Remove('NumberMatchingRequiredState') } $keys = (([Hashtable]$CreateParameters).clone()).Keys @@ -558,45 +503,54 @@ function Set-TargetResource $UpdateParameters.Remove('Id') | Out-Null # replace group Displayname with group id - if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ + if ($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) + { $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.includeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ + if ($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('companionAppAllowedState')) + { $Filter = "Displayname eq '$($UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.companionAppAllowedState.excludeTarget.foreach('id',$groupid) } - if ($UpdateParametrs.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ + if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) + { $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.includeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ + if ($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('displayAppInformationRequiredState')) + { $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayAppInformationRequiredState.excludeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ + if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) + { $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayLocationInformationRequiredState.includeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ + if ($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users' -and + $UpdateParameters.featureSettings.ContainsKey('displayLocationInformationRequiredState')) + { $Filter = "Displayname eq '$($UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.id)'" | Out-String $groupid = (Get-MgGroup -Filter $Filter).id.ToString() $UpdateParameters.featureSettings.displayLocationInformationRequiredState.excludeTarget.foreach('id',$groupid) } - if ($UpdateParameters.featureSettings.numberMatchingRequiredState.includeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ - $Filter = "Displayname eq '$($UpdateParameters.featureSettings.numberMatchingRequiredState.includeTarget.id)'" | Out-String - $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.numberMatchingRequiredState.includeTarget.foreach('id',$groupid) - } - if ($UpdateParameters.featureSettings.numberMatchingRequiredState.excludeTarget.id -notmatch '00000000-0000-0000-0000-000000000000|all_users'){ - $Filter = "Displayname eq '$($UpdateParameters.featureSettings.numberMatchingRequiredState.excludeTarget.id)'" | Out-String - $groupid = (Get-MgGroup -Filter $Filter).id.ToString() - $UpdateParameters.featureSettings.numberMatchingRequiredState.excludeTarget.foreach('id',$groupid) + + # DEPRECATED + if ($UpdateParameters.featureSettings.ContainsKey('NumberMatchingRequiredState')) + { + Write-Verbose -Message "The NumberMatchingRequiredState feature is deprecated and will be ignored. Please remove it from your configuration." + $UpdateParameters.featureSettings.Remove('NumberMatchingRequiredState') } $keys = (([Hashtable]$UpdateParameters).clone()).Keys From fdadffb3d465b01a896c14a917eb68f789513aa9 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 26 Jun 2023 15:04:29 -0400 Subject: [PATCH 2/3] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 889ab12d81..e6662e9a7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ # UNRELEASED +* AADAuthenticationMethodPolicyAuthenticator + * Deprecated the NumberMatchingRequiredState Feature Setting. + FIXES [#3406](https://github.com/microsoft/Microsoft365DSC/issues/3406) * EXOAvailabilityConfig * Fixes an error where an error was thrown when the OrgWideAccount wasn't set. FIXES [#3402](https://github.com/microsoft/Microsoft365DSC/issues/3402) From 4ccc41ed067af5e78f425b43ac94a0da6d79e4fd Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Mon, 26 Jun 2023 15:05:45 -0400 Subject: [PATCH 3/3] Update Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 --- ...icationMethodPolicyAuthenticator.Tests.ps1 | 77 ------------------- 1 file changed, 77 deletions(-) diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 index d87861e8cb..8563556698 100644 --- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 +++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.AADAuthenticationMethodPolicyAuthenticator.Tests.ps1 @@ -100,17 +100,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } -ClientOnly) } -ClientOnly) - numberMatchingRequiredState = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodFeatureConfiguration -Property @{ - state = 'default' - includeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - excludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - } -ClientOnly) } -ClientOnly) Id = 'MicrosoftAuthenticator' isSoftwareOathEnabled = $True @@ -191,17 +180,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } -ClientOnly) } -ClientOnly) - numberMatchingRequiredState = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodFeatureConfiguration -Property @{ - state = 'default' - includeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - excludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - } -ClientOnly) } -ClientOnly) Id = 'MicrosoftAuthenticator' isSoftwareOathEnabled = $True @@ -343,17 +321,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } -ClientOnly) } -ClientOnly) - numberMatchingRequiredState = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodFeatureConfiguration -Property @{ - state = 'default' - includeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - excludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - } -ClientOnly) } -ClientOnly) Id = 'MicrosoftAuthenticator' isSoftwareOathEnabled = $True @@ -412,17 +379,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } } - numberMatchingRequiredState = @{ - state = 'default' - includeTarget = @{ - targetType = 'group' - id = 'Fakegroup' - } - excludeTarget = @{ - targetType = 'group' - id = 'Fakegroup' - } - } } '@odata.type' = '#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration' isSoftwareOathEnabled = $True @@ -495,17 +451,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } -ClientOnly) } -ClientOnly) - numberMatchingRequiredState = (New-CimInstance -ClassName MSFT_MicrosoftGraphauthenticationMethodFeatureConfiguration -Property @{ - state = 'default' - includeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - excludeTarget = (New-CimInstance -ClassName MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget -Property @{ - targetType = 'group' - id = 'Fakegroup' - } -ClientOnly) - } -ClientOnly) } -ClientOnly) Id = 'MicrosoftAuthenticator' isSoftwareOathEnabled = $True @@ -565,17 +510,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } } - numberMatchingRequiredState = @{ - state = 'default' - includeTarget = @{ - targetType = 'group' - id = 'Fakegroup' - } - excludeTarget = @{ - targetType = 'group' - id = 'Fakegroup' - } - } } } ExcludeTargets = @( @@ -655,17 +589,6 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture { id = 'Fakegroup' } } - numberMatchingRequiredState = @{ - state = 'default' - includeTarget = @{ - targetType = 'group' - id = 'Fakegroup' - } - excludeTarget = @{ - targetType = 'group' - id = 'Fakegroup' - } - } } '@odata.type' = '#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration' isSoftwareOathEnabled = $True