diff --git a/CHANGELOG.md b/CHANGELOG.md
index e8bca3b413..6b5766a2b2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,8 @@
* IntuneRoleAssignment
* Fixed issue where the export did not the correct type for ScopeType
FIXES [#2889](https://github.com/microsoft/Microsoft365DSC/issues/2889)
+* O365OrgSettings
+ * Initial Release.
* MISC
* Updated required permissions of several resources
FIXES [#2866](https://github.com/microsoft/Microsoft365DSC/issues/2866)
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.psm1
index 2cbbe2ef87..33504d5bec 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgCustomizationSetting/MSFT_O365OrgCustomizationSetting.psm1
@@ -157,7 +157,6 @@ function Set-TargetResource
Add-M365DSCTelemetryEvent -Data $data
#endregion
- Write-Verbose -Message "Setting configuration of Office 365 Group $DisplayName"
$ConnectionMode = New-M365DSCConnection -Workload 'ExchangeOnline' `
-InboundParameters $PSBoundParameters
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1
new file mode 100644
index 0000000000..a330c7dfa5
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1
@@ -0,0 +1,344 @@
+function Get-TargetResource
+{
+ [CmdletBinding()]
+ [OutputType([System.Collections.Hashtable])]
+ param
+ (
+ [Parameter(Mandatory = $true)]
+ [ValidateSet('Yes')]
+ [String]
+ $IsSingleInstance,
+
+ [Parameter()]
+ [System.Boolean]
+ $M365WebEnableUsersToOpenFilesFrom3PStorage,
+
+ [Parameter()]
+ [ValidateSet('Present', 'Absent')]
+ [System.String]
+ $Ensure = 'Present',
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $Credential,
+
+ [Parameter()]
+ [System.String]
+ $ApplicationId,
+
+ [Parameter()]
+ [System.String]
+ $TenantId,
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $ApplicationSecret,
+
+ [Parameter()]
+ [System.String]
+ $CertificateThumbprint,
+
+ [Parameter()]
+ [Switch]
+ $ManagedIdentity
+ )
+
+ if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent')
+ {
+ throw 'This resource is not able to remove Org Settings settings and therefore only accepts Ensure=Present.'
+ }
+
+ $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+ -InboundParameters $PSBoundParameters `
+ -ProfileName 'v1.0'
+
+ #Ensure the proper dependencies are installed in the current environment.
+ Confirm-M365DSCDependencies
+
+ #region Telemetry
+ $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
+ $CommandName = $MyInvocation.MyCommand
+ $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+ -CommandName $CommandName `
+ -Parameters $PSBoundParameters
+ Add-M365DSCTelemetryEvent -Data $data
+ #endregion
+
+ $nullReturn = @{
+ IsSingleInstance = $IsSingleInstance
+ Ensure = 'Absent'
+ }
+
+ try
+ {
+ $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e'
+ $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled'
+
+ return @{
+ IsSingleInstance = 'Yes'
+ M365WebEnableUsersToOpenFilesFrom3PStorage = $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled
+ Ensure = 'Present'
+ Credential = $Credential
+ ApplicationId = $ApplicationId
+ TenantId = $TenantId
+ ApplicationSecret = $ApplicationSecret
+ CertificateThumbprint = $CertificateThumbprint
+ Managedidentity = $ManagedIdentity.IsPresent
+ }
+ }
+ catch
+ {
+ New-M365DSCLogEntry -Message 'Error retrieving data:' `
+ -Exception $_ `
+ -Source $($MyInvocation.MyCommand.Source) `
+ -TenantId $TenantId `
+ -Credential $Credential
+
+ return $nullReturn
+ }
+}
+
+function Set-TargetResource
+{
+ [CmdletBinding()]
+ param
+ (
+ [Parameter(Mandatory = $true)]
+ [ValidateSet('Yes')]
+ [String]
+ $IsSingleInstance,
+
+ [Parameter()]
+ [System.Boolean]
+ $M365WebEnableUsersToOpenFilesFrom3PStorage,
+
+ [Parameter()]
+ [ValidateSet('Present', 'Absent')]
+ [System.String]
+ $Ensure = 'Present',
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $Credential,
+
+ [Parameter()]
+ [System.String]
+ $ApplicationId,
+
+ [Parameter()]
+ [System.String]
+ $TenantId,
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $ApplicationSecret,
+
+ [Parameter()]
+ [System.String]
+ $CertificateThumbprint,
+
+ [Parameter()]
+ [Switch]
+ $ManagedIdentity
+ )
+
+ if ($PSBoundParameters.ContainsKey('Ensure') -and $Ensure -eq 'Absent')
+ {
+ throw 'This resource is not able to remove the Org settings and therefore only accepts Ensure=Present.'
+ }
+
+ #Ensure the proper dependencies are installed in the current environment.
+ Confirm-M365DSCDependencies
+
+ #region Telemetry
+ $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
+ $CommandName = $MyInvocation.MyCommand
+ $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+ -CommandName $CommandName `
+ -Parameters $PSBoundParameters
+ Add-M365DSCTelemetryEvent -Data $data
+ #endregion
+
+ Write-Verbose -Message "Setting configuration of Office 365 Settings"
+ $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+ -InboundParameters $PSBoundParameters `
+ -ProfileName 'v1.0'
+
+ $OfficeOnlineId = 'c1f33bc0-bdb4-4248-ba9b-096807ddb43e'
+ $M365WebEnableUsersToOpenFilesFrom3PStorageValue = Get-MgServicePrincipal -Filter "appId eq '$OfficeOnlineId'" -Property 'AccountEnabled, Id'
+ if ($M365WebEnableUsersToOpenFilesFrom3PStorage -ne $M365WebEnableUsersToOpenFilesFrom3PStorageValue.AccountEnabled)
+ {
+ Write-Verbose -Message "Setting the Microsoft 365 On the Web setting to {$M365WebEnableUsersToOpenFilesFrom3PStorage}"
+ Update-MgservicePrincipal -ServicePrincipalId $($M365WebEnableUsersToOpenFilesFrom3PStorageValue.Id) `
+ -AccountEnabled:$M365WebEnableUsersToOpenFilesFrom3PStorage
+ }
+}
+
+function Test-TargetResource
+{
+ [CmdletBinding()]
+ [OutputType([System.Boolean])]
+ param
+ (
+ [Parameter(Mandatory = $true)]
+ [ValidateSet('Yes')]
+ [String]
+ $IsSingleInstance,
+
+ [Parameter()]
+ [System.Boolean]
+ $M365WebEnableUsersToOpenFilesFrom3PStorage,
+
+ [Parameter()]
+ [ValidateSet('Present', 'Absent')]
+ [System.String]
+ $Ensure = 'Present',
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $Credential,
+
+ [Parameter()]
+ [System.String]
+ $ApplicationId,
+
+ [Parameter()]
+ [System.String]
+ $TenantId,
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $ApplicationSecret,
+
+ [Parameter()]
+ [System.String]
+ $CertificateThumbprint,
+
+ [Parameter()]
+ [Switch]
+ $ManagedIdentity
+ )
+ #Ensure the proper dependencies are installed in the current environment.
+ Confirm-M365DSCDependencies
+
+ #region Telemetry
+ $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
+ $CommandName = $MyInvocation.MyCommand
+ $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+ -CommandName $CommandName `
+ -Parameters $PSBoundParameters
+ Add-M365DSCTelemetryEvent -Data $data
+ #endregion
+
+ Write-Verbose -Message 'Testing configuration for Org Settings.'
+
+ $CurrentValues = Get-TargetResource @PSBoundParameters
+ $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone()
+
+ Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)"
+ Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $PSBoundParameters)"
+
+ $TestResult = Test-M365DSCParameterState -CurrentValues $CurrentValues `
+ -Source $($MyInvocation.MyCommand.Source) `
+ -DesiredValues $PSBoundParameters `
+ -ValuesToCheck $ValuesToCheck.Keys
+
+ Write-Verbose -Message "Test-TargetResource returned $TestResult"
+
+ return $TestResult
+}
+
+function Export-TargetResource
+{
+ [CmdletBinding()]
+ [OutputType([System.String])]
+ param
+ (
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $Credential,
+
+ [Parameter()]
+ [System.String]
+ $ApplicationId,
+
+ [Parameter()]
+ [System.String]
+ $TenantId,
+
+ [Parameter()]
+ [System.Management.Automation.PSCredential]
+ $ApplicationSecret,
+
+ [Parameter()]
+ [System.String]
+ $CertificateThumbprint,
+
+ [Parameter()]
+ [Switch]
+ $ManagedIdentity
+ )
+ $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' `
+ -InboundParameters $PSBoundParameters `
+ -ProfileName 'v1.0'
+
+ #Ensure the proper dependencies are installed in the current environment.
+ Confirm-M365DSCDependencies
+
+ #region Telemetry
+ $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', ''
+ $CommandName = $MyInvocation.MyCommand
+ $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName `
+ -CommandName $CommandName `
+ -Parameters $PSBoundParameters
+ Add-M365DSCTelemetryEvent -Data $data
+ #endregion
+
+ try
+ {
+ $Params = @{
+ IsSingleInstance = 'Yes'
+ Credential = $Credential
+ ApplicationId = $ApplicationId
+ TenantId = $TenantId
+ ApplicationSecret = $ApplicationSecret
+ CertificateThumbprint = $CertificateThumbprint
+ Managedidentity = $ManagedIdentity.IsPresent
+ }
+
+ $Results = Get-TargetResource @Params
+
+ $dscContent = ''
+ if ($Results.Ensure -eq 'Present')
+ {
+ $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode `
+ -Results $Results
+ $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName `
+ -ConnectionMode $ConnectionMode `
+ -ModulePath $PSScriptRoot `
+ -Results $Results `
+ -Credential $Credential
+ $dscContent += $currentDSCBlock
+
+ Save-M365DSCPartialExport -Content $currentDSCBlock `
+ -FileName $Global:PartialExportFileName
+ }
+ Write-Host $Global:M365DSCEmojiGreenCheckMark
+
+ return $dscContent
+ }
+ catch
+ {
+ Write-Host $Global:M365DSCEmojiRedX
+
+ New-M365DSCLogEntry -Message 'Error during Export:' `
+ -Exception $_ `
+ -Source $($MyInvocation.MyCommand.Source) `
+ -TenantId $TenantId `
+ -Credential $Credential
+
+ return ''
+ }
+}
+
+Export-ModuleMember -Function *-TargetResource
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof
new file mode 100644
index 0000000000..491aef84e7
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.schema.mof
@@ -0,0 +1,13 @@
+[ClassVersion("1.0.0.0"), FriendlyName("O365OrgSettings")]
+class MSFT_O365OrgSettings : OMI_BaseResource
+{
+ [Key, Description("Specifies the resource is a single instance, the value must be 'Yes'"), ValueMap{"Yes"}, Values{"Yes"}] String IsSingleInstance;
+ [Write, Description("Let users open files stored in third-party storage services in Microsoft 365 on the Web.")] Boolean M365WebEnableUsersToOpenFilesFrom3PStorage;
+ [Write, Description("Since there is only one setting availble, this must be set to 'Present'"), ValueMap{"Present"}, Values{"Present"}] String Ensure;
+ [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
+ [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
+ [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId;
+ [Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
+ [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
+ [Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
+};
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/readme.md b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/readme.md
new file mode 100644
index 0000000000..53a9f19e89
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/readme.md
@@ -0,0 +1,5 @@
+# O365OrgSettings
+
+## Description
+
+This resource configures the Org settings for a Microsoft 365 tenant.
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json
new file mode 100644
index 0000000000..33a2f5587d
--- /dev/null
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/settings.json
@@ -0,0 +1,22 @@
+{
+ "resourceName": "O365OrgCustomizationSetting",
+ "description": "",
+ "permissions": {
+ "graph": {
+ "delegated": {
+ "read": [],
+ "update": []
+ },
+ "application": {
+ "read": [],
+ "update": []
+ }
+ },
+ "exchange": {
+ "requiredroles": [
+ "Organization Configuration"
+ ],
+ "requiredrolegroups": []
+ }
+ }
+}
diff --git a/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1 b/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1
new file mode 100644
index 0000000000..2dc5aa8956
--- /dev/null
+++ b/Modules/Microsoft365DSC/Examples/Resources/O365OrgSettings/1-ConfigureOrgSettings.ps1
@@ -0,0 +1,26 @@
+<#
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+#>
+
+Configuration Example
+{
+ param(
+ [Parameter(Mandatory = $true)]
+ [PSCredential]
+ $Credscredential
+ )
+
+ Import-DscResource -ModuleName Microsoft365DSC
+
+ node localhost
+ {
+ O365OrgSettings 'O365OrgSettings'
+ {
+ Credential = $Credscredential;
+ Ensure = "Present";
+ IsSingleInstance = "Yes";
+ M365WebEnableUsersToOpenFilesFrom3PStorage = $False;
+ }
+ }
+}
diff --git a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
index 193791b040..7fe7e9f90f 100644
--- a/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
+++ b/Modules/Microsoft365DSC/Modules/M365DSCPermissions.psm1
@@ -1196,7 +1196,7 @@ Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions
Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='Graph';PermissionName='Domain.Read.All'}) -AdminConsent -Type Certificate -CreateSelfSignedCertificate -CertificatePath c:\Temp\M365DSC.cer
.Example
-Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionsName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer
+Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer
.Functionality
Public
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1
new file mode 100644
index 0000000000..3769bde489
--- /dev/null
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.O365OrgSettings.Tests.ps1
@@ -0,0 +1,128 @@
+[CmdletBinding()]
+param(
+)
+$M365DSCTestFolder = Join-Path -Path $PSScriptRoot `
+ -ChildPath '..\..\Unit' `
+ -Resolve
+$CmdletModule = (Join-Path -Path $M365DSCTestFolder `
+ -ChildPath '\Stubs\Microsoft365.psm1' `
+ -Resolve)
+$GenericStubPath = (Join-Path -Path $M365DSCTestFolder `
+ -ChildPath '\Stubs\Generic.psm1' `
+ -Resolve)
+Import-Module -Name (Join-Path -Path $M365DSCTestFolder `
+ -ChildPath '\UnitTestHelper.psm1' `
+ -Resolve)
+
+$Global:DscHelper = New-M365DscUnitTestHelper -StubModule $CmdletModule `
+ -DscResource 'O365OrgSettings' -GenericStubModule $GenericStubPath
+
+Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
+ InModuleScope -ModuleName $Global:DscHelper.ModuleName -ScriptBlock {
+ Invoke-Command -ScriptBlock $Global:DscHelper.InitializeScript -NoNewScope
+
+ BeforeAll {
+ $secpasswd = ConvertTo-SecureString 'test@password1' -AsPlainText -Force
+ $Credential = New-Object System.Management.Automation.PSCredential ('tenantadmin', $secpasswd)
+
+ Mock -CommandName Update-M365DSCExportAuthenticationResults -MockWith {
+ return @{}
+ }
+
+ Mock -CommandName Get-M365DSCExportContentForResource -MockWith {
+ }
+
+ Mock -CommandName Confirm-M365DSCDependencies -MockWith {
+ }
+
+ Mock -CommandName New-M365DSCConnection -MockWith {
+ return 'Credentials'
+ }
+
+ # Mock Write-Host to hide output during the tests
+ Mock -CommandName Write-Host -MockWith {
+ }
+
+ Mock -CommandName Get-MgServicePrincipal -MockWith {
+ }
+ }
+
+ # Test contexts
+ Context -Name 'When Org Settings are already in the Desired State' -Fixture {
+ BeforeAll {
+ $testParams = @{
+ IsSingleInstance = 'Yes'
+ M365WebEnableUsersToOpenFilesFrom3PStorage = $False;
+ Ensure = 'Present'
+ Credential = $Credential
+ }
+
+ Mock -CommandName Get-MgServicePrincipal -MockWith {
+ return @{
+ AccountEnabled = $False
+ }
+ }
+ }
+
+ It 'Should return Present from the Get method' {
+ (Get-TargetResource @testParams).Ensure | Should -Be 'Present'
+ (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False
+ }
+
+ It 'Should return false from the Test method' {
+ (Test-TargetResource @testParams) | Should -Be $true
+ }
+ }
+
+ # Test contexts
+ Context -Name 'When Org Settings NOT in the Desired State' -Fixture {
+ BeforeAll {
+ $testParams = @{
+ IsSingleInstance = 'Yes'
+ M365WebEnableUsersToOpenFilesFrom3PStorage = $True;
+ Ensure = 'Present'
+ Credential = $Credential
+ }
+
+ Mock -CommandName Get-MgServicePrincipal -MockWith {
+ return @{
+ AccountEnabled = $False
+ }
+ }
+ }
+
+ It 'Should return Present from the Get method' {
+ (Get-TargetResource @testParams).Ensure | Should -Be 'Present'
+ (Get-TargetResource @testParams).M365WebEnableUsersToOpenFilesFrom3PStorage | Should -Be $False
+ }
+
+ It 'Should return false from the Test method' {
+ (Test-TargetResource @testParams) | Should -Be $false
+ }
+
+ It 'Should update values from the SET method' {
+ Set-TargetResource @testParams
+ }
+ }
+
+ Context -Name 'ReverseDSC Tests' -Fixture {
+ BeforeAll {
+ $Global:CurrentModeIsExport = $true
+ $testParams = @{
+ Credential = $Credential
+ }
+ }
+
+ It 'Should Reverse Engineer resource from the Export method' {
+ Mock -CommandName Get-MgServicePrincipal -MockWith {
+ return @{
+ AccountEnabled = $False
+ }
+ }
+ Export-TargetResource @testParams
+ }
+ }
+ }
+}
+
+Invoke-Command -ScriptBlock $Global:DscHelper.CleanupScript -NoNewScope
diff --git a/Tests/Unit/Stubs/Generic.psm1 b/Tests/Unit/Stubs/Generic.psm1
index 017885e75b..b5997de91a 100644
--- a/Tests/Unit/Stubs/Generic.psm1
+++ b/Tests/Unit/Stubs/Generic.psm1
@@ -47,20 +47,6 @@ function New-MgGroupOwnerByRef
$BodyParameter
)
}
-
-function Get-MgServicePrincipal
-{
- [CmdletBinding()]
- param(
- [Parameter()]
- [System.String]
- $ServicePrincipalId,
-
- [Parameter()]
- [System.String]
- $Filter
- )
-}
function Confirm-M365DSCDependencies
{
[CmdletBinding()]
diff --git a/docs/docs/resources/office365/O365OrgSettings.md b/docs/docs/resources/office365/O365OrgSettings.md
new file mode 100644
index 0000000000..0363750286
--- /dev/null
+++ b/docs/docs/resources/office365/O365OrgSettings.md
@@ -0,0 +1,65 @@
+# O365OrgSettings
+
+## Parameters
+
+| Parameter | Attribute | DataType | Description | Allowed Values |
+| --- | --- | --- | --- | --- |
+| **IsSingleInstance** | Key | String | Specifies the resource is a single instance, the value must be 'Yes' | `Yes` |
+| **M365WebEnableUsersToOpenFilesFrom3PStorage** | Write | Boolean | Let users open files stored in third-party storage services in Microsoft 365 on the Web. | |
+| **Ensure** | Write | String | Since there is only one setting availble, this must be set to 'Present' | `Present` |
+| **Credential** | Write | PSCredential | Credentials of the Global Admin | |
+| **ApplicationId** | Write | String | Id of the Azure Active Directory application to authenticate with. | |
+| **TenantId** | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
+| **ApplicationSecret** | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
+| **CertificateThumbprint** | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
+| **ManagedIdentity** | Write | Boolean | Managed ID being used for authentication. | |
+
+## Description
+
+This resource configures the Org settings for a Microsoft 365 tenant.
+
+## Permissions
+
+### Exchange
+
+To authenticate with Microsoft Exchange, this resource required the following permissions:
+
+#### Roles
+
+- Organization Configuration
+
+#### Role Groups
+
+- None
+
+## Examples
+
+### Example 1
+
+This example is used to test new resources and showcase the usage of new resources being worked on.
+It is not meant to use as a production baseline.
+
+```powershell
+Configuration Example
+{
+ param(
+ [Parameter(Mandatory = $true)]
+ [PSCredential]
+ $Credscredential
+ )
+
+ Import-DscResource -ModuleName Microsoft365DSC
+
+ node localhost
+ {
+ O365OrgSettings 'O365OrgSettings'
+ {
+ Credential = $Credscredential;
+ Ensure = "Present";
+ IsSingleInstance = "Yes";
+ M365WebEnableUsersToOpenFilesFrom3PStorage = $False;
+ }
+ }
+}
+```
+
diff --git a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md
index d4732bc0d3..5eb209dabf 100644
--- a/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md
+++ b/docs/docs/user-guide/cmdlets/Update-M365DSCAzureAdApplication.md
@@ -55,6 +55,6 @@ This function does not generate any output.
-------------------------- EXAMPLE 3 --------------------------
-`Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionsName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer`
+`Update-M365DSCAzureAdApplication -ApplicationName 'Microsoft365DSC' -Permissions @(@{Api='SharePoint';PermissionName='Sites.FullControl.All'},@{Api='Graph';PermissionName='Group.ReadWrite.All'},@{Api='Exchange';PermissionName='Exchange.ManageAsApp'}) -AdminConsent -Type Certificate -CertificatePath c:\Temp\M365DSC.cer`
diff --git a/docs/docs/user-guide/get-started/authentication-and-permissions.md b/docs/docs/user-guide/get-started/authentication-and-permissions.md
index 9f82463167..42644b7608 100644
--- a/docs/docs/user-guide/get-started/authentication-and-permissions.md
+++ b/docs/docs/user-guide/get-started/authentication-and-permissions.md
@@ -88,7 +88,7 @@ Check out the links in the "More information" section below to learn more about
### Determine Required Permissions
-In order to be able to interact with these components, you need to grant your application or the Microsoft Graph PowerShell one the proper permissions against the Microsoft Graph scope. To determine what permission what permissions are required by a given component that uses Microsoft Graph, you can use the Get-M365DSCCompiledPermissionList cmdlet and pass in the list of parameters for which you wish to grant permissions for.
+In order to be able to interact with these components, you need to grant your application or the Microsoft Graph PowerShell one the proper permissions against the Microsoft Graph scope. To determine what permissions are required by a given component that uses Microsoft Graph, you can use the Get-M365DSCCompiledPermissionList cmdlet and pass in the list of parameters for which you wish to grant permissions for.
