Skip to content

Commit

Permalink
Merge pull request #3914 from ricmestre/fix3913
Browse files Browse the repository at this point in the history
IntuneAccountProtection*Policy: Use proper embedded instance for Assignments on export
  • Loading branch information
ykuijs authored Nov 28, 2023
2 parents cb586e8 + 5adf64f commit c39ef04
Show file tree
Hide file tree
Showing 7 changed files with 39 additions and 31 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,17 @@
# Change log for Microsoft365DSC

# UNRELEASED

* AADRoleSetting
* Export sorted by DisplayName for better comparison
* Enable Filter property to be used on export
FIXES [#3919](https://github.com/microsoft/Microsoft365DSC/issues/3919)
* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy,
IntuneAccountProtectionLocalUserGroupMembershipPolicy,
IntuneAccountProtectionPolicy,
* Fixes export if Assignments is set on existing policies
FIXES [3913](https://github.com/microsoft/Microsoft365DSC/issues/3913)
* Add groupDisplayName to Assignments embedded instance
* DEPENDENCIES
* Updated Microsoft.Graph to version 2.10.0.
* Updated MSCloudLoginAssistant to version 1.1.0.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -752,7 +752,7 @@ function Export-TargetResource

if ($Results.Assignments)
{
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments
if ($complexTypeStringResult)
{
$Results.Assignments = $complexTypeStringResult
Expand Down
Original file line number Diff line number Diff line change
@@ -1,37 +1,38 @@
[ClassVersion("1.0.0.0")]
class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments
{
[Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
[Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
[Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
[Write, Description("The group Id that is the target of the assignment.")] String groupId;
[Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
[Write, Description("The type of the target assignment."), ValueMap{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}, Values{"#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"}] String dataType;
[Write, Description("The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude."), ValueMap{"none","include","exclude"}, Values{"none","include","exclude"}] String deviceAndAppManagementAssignmentFilterType;
[Write, Description("The Id of the filter for the target assignment.")] String deviceAndAppManagementAssignmentFilterId;
[Write, Description("The group Id that is the target of the assignment.")] String groupId;
[Write, Description("The group Display Name that is the target of the assignment.")] String groupDisplayName;
[Write, Description("The collection Id that is the target of the assignment.(ConfigMgr)")] String collectionId;
};

[ClassVersion("1.0.0.0"), FriendlyName("IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy")]
class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy : OMI_BaseResource
{
[Key, Description("Identity of the account protection local administrator password solution policy.")] String Identity;
[Required, Description("Display name of the account protection local administrator password solution policy.")] String DisplayName;
[Write, Description("Description of the account protection local administrator password solution policy.")] String Description;
[Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[];
[Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory;
[Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 PasswordAgeDays_AAD;
[Write, Description("Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365")] UInt32 PasswordAgeDays;
[Write, Description("Configures additional enforcement of maximum password age for the managed local administrator account.")] Boolean PasswordExpirationProtectionEnabled;
[Write, Description("Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12")] UInt32 AdEncryptedPasswordHistorySize;
[Write, Description("Configures whether the password is encrypted before being stored in Active Directory.")] Boolean AdPasswordEncryptionEnabled;
[Write, Description("Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.")] String AdPasswordEncryptionPrincipal;
[Write, Description("Configures the name of the managed local administrator account.")] String AdministratorAccountName;
[Write, Description("Configures the password complexity of the managed local administrator account. 1 - Large letters, 2 - Large + small letters, 3 - Large + small letters + numbers, 4 - Large + small letters + numbers + special characters"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] UInt32 PasswordComplexity;
[Write, Description("Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64")] UInt32 PasswordLength;
[Write, Description("Specifies the actions to take upon expiration of the configured grace period. 1 - Reset password, 3 - Reset password and log off, 5 - Reset password and restart"), ValueMap{"1", "3", "5"}, Values{"1", "3", "5"}] UInt32 PostAuthenticationActions;
[Write, Description("Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24")] UInt32 PostAuthenticationResetDelay;
[Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
[Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId;
[Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
[Key, Description("Identity of the account protection local administrator password solution policy.")] String Identity;
[Required, Description("Display name of the account protection local administrator password solution policy.")] String DisplayName;
[Write, Description("Description of the account protection local administrator password solution policy.")] String Description;
[Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[];
[Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory;
[Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 PasswordAgeDays_AAD;
[Write, Description("Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365")] UInt32 PasswordAgeDays;
[Write, Description("Configures additional enforcement of maximum password age for the managed local administrator account.")] Boolean PasswordExpirationProtectionEnabled;
[Write, Description("Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12")] UInt32 AdEncryptedPasswordHistorySize;
[Write, Description("Configures whether the password is encrypted before being stored in Active Directory.")] Boolean AdPasswordEncryptionEnabled;
[Write, Description("Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.")] String AdPasswordEncryptionPrincipal;
[Write, Description("Configures the name of the managed local administrator account.")] String AdministratorAccountName;
[Write, Description("Configures the password complexity of the managed local administrator account. 1 - Large letters, 2 - Large + small letters, 3 - Large + small letters + numbers, 4 - Large + small letters + numbers + special characters"), ValueMap{"1", "2", "3", "4"}, Values{"1", "2", "3", "4"}] UInt32 PasswordComplexity;
[Write, Description("Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64")] UInt32 PasswordLength;
[Write, Description("Specifies the actions to take upon expiration of the configured grace period. 1 - Reset password, 3 - Reset password and log off, 5 - Reset password and restart"), ValueMap{"1", "3", "5"}, Values{"1", "3", "5"}] UInt32 PostAuthenticationActions;
[Write, Description("Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24")] UInt32 PostAuthenticationResetDelay;
[Write, Description("Present ensures the policy exists, absent ensures it is removed"), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] string Ensure;
[Write, Description("Credentials of the Intune Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
[Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId;
[Write, Description("Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com")] String TenantId;
[Write, Description("Secret of the Azure Active Directory tenant used for authentication."), EmbeddedInstance("MSFT_Credential")] String ApplicationSecret;
[Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint;
[Write, Description("Managed ID being used for authentication.")] Boolean ManagedIdentity;
};
Original file line number Diff line number Diff line change
Expand Up @@ -624,7 +624,7 @@ function Export-TargetResource

if ($Results.Assignments)
{
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments

if ($complexTypeStringResult)
{
Expand Down
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -795,7 +795,7 @@ function Export-TargetResource

if ($Results.Assignments)
{
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName DeviceManagementConfigurationPolicyAssignments
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject ([Array]$Results.Assignments) -CIMInstanceName IntuneAccountProtectionPolicyAssignments

if ($complexTypeStringResult)
{
Expand Down
Binary file not shown.

0 comments on commit c39ef04

Please sign in to comment.