Merge pull request #3137 from NikCharlebois/FIXES-#3046

FIXES #3046

CHANGELOG.md

@@ -162,6 +162,8 @@
   * Updated the Update-M365DSCModule to unload dependencies before updating them and then to reload the new versions.
     FIXES [#3097](https://github.com/microsoft/Microsoft365DSC/issues/3097)
   * Added a new internal function to remove the authentication parameters from the bound paramters. `Remove-M365DSCAuthenticationParameter`
+  * Enforcing tenant ID to be in the tenant.onmicrosoft.com form.
+    FIXES [#3046](https://github.com/microsoft/Microsoft365DSC/issues/3046)
 * DEPENDENCIES
   * Updated Microsoft.Graph dependencies to version 1.25.0.
   * Updated MicrosoftTeams dependency to version 5.1.0.

Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1

@@ -1071,6 +1071,35 @@ function Export-M365DSCConfiguration
         $ApplicationId,
 
         [Parameter(ParameterSetName = 'Export')]
+        [ValidateScript({
+            $invalid = $false
+            try
+            {
+                [System.Guid]::Parse($_) | Out-Null
+                $invalid = $true
+            }
+            catch
+            {
+                $invalid = $false
+            }
+            if ($invalid)
+            {
+                throw "Please provide the tenant name (e.g., contoso.onmicrosoft.com) for TenantId instead of its GUID."
+            }
+            else
+            {
+                $invalid = $_ -notmatch ".onmicrosoft."
+                if (-not $invalid)
+                {
+                    return $true
+                }
+                else
+                {
+                    Write-Warning -Message "We recommend providing the TenantId property in the format of <tenant>.onmicrosoft.*"
+                }
+            }
+            return $true
+        })]
         [System.String]
         $TenantId,
 
@@ -1083,6 +1112,18 @@ function Export-M365DSCConfiguration
         $CertificateThumbprint,
 
         [Parameter(ParameterSetName = 'Export')]
+        [ValidateScript({
+            $invalid = $_.Username -notmatch ".onmicrosoft."
+            if (-not $invalid)
+            {
+                return $true
+            }
+            else
+            {
+                Write-Warning -Message "We recommend providing the username in the format of <tenant>.onmicrosoft.* for the Credential property."
+            }
+            return $true
+        })]
         [System.Management.Automation.PSCredential]
         $Credential,
 
@@ -1528,6 +1569,51 @@ function New-M365DSCConnection
         $Workload,
 
         [Parameter(Mandatory = $true)]
+        [ValidateScript({
+            if ($null -ne $_.Credential)
+            {
+                $invalid = $_.Credential.Username -notmatch ".onmicrosoft."
+                if (-not $invalid)
+                {
+                    return $true
+                }
+                else
+                {
+                    Write-Warning -Message "We recommend providing the username in the format of <tenant>.onmicrosoft.* for the Credential property."
+                }
+            }
+
+            if ($null -ne $_.TenantId)
+            {
+                $invalid = $false
+                try
+                {
+                    [System.Guid]::Parse($_.TenantId) | Out-Null
+                    $invalid = $true
+                }
+                catch
+                {
+                    $invalid = $false
+                }
+                if ($invalid)
+                {
+                    throw "Please provide the tenant name (e.g., contoso.onmicrosoft.com) for TenantId instead of its GUID."
+                }
+                else
+                {
+                    $invalid = $_.TenantId -notmatch ".onmicrosoft."
+                    if (-not $invalid)
+                    {
+                        return $true
+                    }
+                    else
+                    {
+                        Write-Warning -Message "We recommend providing the tenant name in format <tenant>.onmicrosoft.* for TenantId."
+                    }
+                }
+            }
+            return $true
+        })]
         [System.Collections.Hashtable]
         $InboundParameters,
 

docs/docs/blog/april-2023-major-release.md

@@ -38,10 +38,6 @@ We have modified the logic of all the resources below to ensure we have a primar
 * IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled
 * IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10
 
-## TeamsGroupPolicyAssignment: New Key Parameters ([3054](https://github.com/microsoft/Microsoft365DSC/issues/3054))
-
-TeamsGroupPolicyAssignment used to have the Priority as key parameter. This could cause issues due to duplicate keys. With this release the previous key is now replaced by the following three parameters: GroupId, GroupDisplayName and PolicyType. This will ensure that the resource is unique and will not cause any issues. If the GroupId is not known or no group with the given id exists, the display name will be used instead.
-
 ## Removed the Identity Parameters from EXOIRMConfiguration, EXOPerimeterConfiguration & EXOResourceConfiguraton
 
 The Identity parameter, which was the primary key for the resources listed, has been replaced by the IsSingleInstance parameter. This is because there could only ever be one instance of these resources on the tenants and in order to align with other tenant-wide resources, the IsSingleInstance parameter needs to be present. This parameter only ever accepts a value of 'Yes' and its sole purpose is to ensure there isn't more than one instance of the given resource per configuration file.
@@ -132,6 +128,10 @@ We are removing parameters that have been deprecated from various resources as p
   </ul></li>
   </ul>
 
+## TeamsGroupPolicyAssignment: New Key Parameters ([3054](https://github.com/microsoft/Microsoft365DSC/issues/3054))
+
+TeamsGroupPolicyAssignment used to have the Priority as key parameter. This could cause issues due to duplicate keys. With this release the previous key is now replaced by the following three parameters: GroupId, GroupDisplayName and PolicyType. This will ensure that the resource is unique and will not cause any issues. If the GroupId is not known or no group with the given id exists, the display name will be used instead.
+
 ## AADGroup - Added SecurityEnabled and MailEnabled as Mandatory Parameters ([#3077](https://github.com/microsoft/Microsoft365DSC/pull/3077))
 
 We've updated the AADGroup resource to enforce the MailEnabled and SecurityEnabled parameters as mandatory. Omitting these parameters was throwing an error since they were required by the Microsoft Graph API associated with it. To update existing configurations, simply make sure that every instances of the AADGroup resource includes both the MailEnabled and SecurityEnabled parameters.
@@ -176,3 +176,7 @@ Set-M365DSCLoggingOption -IncludeNonDrifted $True
 
 These events will be reported as Information entries having an Event ID of 2.
 ![image](https://raw.githubusercontent.com/microsoft/Microsoft365DSC/Dev/docs/docs/Images/April2023MR-EventViewer.png)
+
+## Enforcing Tenant ID to be in Format '.onmicrosoft.' ([#3137](https://github.com/microsoft/Microsoft365DSC/pull/3137))
+
+Starting with this version, the TenantID property will no longer be accepting GUIDs. Instead customers should provide their tenants' name, ideally in the format of <tenant>.onmicrosoft.<extension>.