Merge pull request #3907 from NikCharlebois/FIX-#3906

Fixes #3906

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 # UNRELEASED
 
+* AADApplication
+  * Added support for the IsFallbackPublicClient property.
+    FIXES [#3906](https://github.com/microsoft/Microsoft365DSC/issues/3906)
 * AADServicePrincipal
   * Added support to define members.
     FIXES [#3902](https://github.com/microsoft/Microsoft365DSC/issues/3902)

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.psm1

@@ -32,6 +32,10 @@ function Get-TargetResource
         [System.String[]]
         $IdentifierUris,
 
+        [Parameter()]
+        [System.Boolean]
+        $IsFallbackPublicClient,
+
         [Parameter()]
         [System.String]
         $LogoutURL,
@@ -177,12 +181,18 @@ function Get-TargetResource
                 }
             }
 
+            $IsFallbackPublicClientValue = $false
+            if ($AADApp.IsFallbackPublicClient)
+            {
+                $IsFallbackPublicClientValue = $AADApp.IsFallbackPublicClient
+            }
             $result = @{
                 DisplayName             = $AADApp.DisplayName
                 AvailableToOtherTenants = $AvailableToOtherTenantsValue
                 GroupMembershipClaims   = $AADApp.GroupMembershipClaims
                 Homepage                = $AADApp.web.HomepageUrl
                 IdentifierUris          = $AADApp.IdentifierUris
+                IsFallbackPublicClient  = $IsFallbackPublicClientValue
                 KnownClientApplications = $AADApp.Api.KnownClientApplications
                 LogoutURL               = $AADApp.web.LogoutURL
                 PublicClient            = $isPublicClient
@@ -259,6 +269,10 @@ function Set-TargetResource
         [System.String[]]
         $KnownClientApplications,
 
+        [Parameter()]
+        [System.Boolean]
+        $IsFallbackPublicClient,
+
         [Parameter()]
         [System.String]
         $LogoutURL,
@@ -680,6 +694,10 @@ function Test-TargetResource
         [System.String[]]
         $IdentifierUris,
 
+        [Parameter()]
+        [System.Boolean]
+        $IsFallbackPublicClient,
+
         [Parameter()]
         [System.String[]]
         $KnownClientApplications,

Modules/Microsoft365DSC/DSCResources/MSFT_AADApplication/MSFT_AADApplication.schema.mof

@@ -17,6 +17,7 @@ class MSFT_AADApplication : OMI_BaseResource
     [Write, Description("A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. The bitmask values are: 0: None, 1: Security groups and Azure AD roles, 2: Reserved, and 4: Reserved. Setting the bitmask to 7 will get all of the security groups, distribution groups, and Azure AD directory roles that the signed-in user is a member of.")] String GroupMembershipClaims;
     [Write, Description("The URL to the application's homepage.")] String Homepage;
     [Write, Description("User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.")] string IdentifierUris[];
+    [Write, Description("Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.")] Boolean IsFallbackPublicClient;
     [Write, Description("Client applications that are tied to this resource application.")] string KnownClientApplications[];
     [Write, Description("The logout url for this application.")] string LogoutURL;
     [Write, Description("Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.")] Boolean PublicClient;