From df1f3c8e2c1dae2ff2a52640786b20ae5b405307 Mon Sep 17 00:00:00 2001 From: Nik Charlebois Date: Tue, 12 Nov 2024 08:33:37 -0500 Subject: [PATCH] Revert "Fix property naming and settings catalog handling" --- CHANGELOG.md | 8 ----- ...alAdministratorPasswordSolutionPolicy.psm1 | 10 +++---- ...nistratorPasswordSolutionPolicy.schema.mof | 2 +- ...T_IntuneSecurityBaselineMicrosoftEdge.psm1 | 30 ------------------- ...neSecurityBaselineMicrosoftEdge.schema.mof | 3 +- .../1-Create.ps1 | 2 +- .../2-Update.ps1 | 2 +- .../Modules/M365DSCDRGUtil.psm1 | 2 +- .../M365DSCIntuneSettingsCatalogUtil.psm1 | 3 +- 9 files changed, 11 insertions(+), 51 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c5c7d350b..8e122cdcfb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,22 +2,14 @@ # UNRELEASED -* IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy - * Update property `PasswordAgeDays_AAD` to be lower-case. - FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (1/2) * IntuneAntivirusExclusionsPolicyMacOS * Initial release. * IntuneAntivirusPolicyWindows10SettingCatalog * Update properties to be upper-case. Fixes [#5373](https://github.com/microsoft/Microsoft365DSC/issues/5373) -* IntuneSecurityBaselineMicrosoftEdge - * Deprecate property `authschemes` and replace with `AuthSchemes_AuthSchemes` * M365DSCDRGUtil * Restrict CIM instance access to properties that appear multiple times. * Switch log type for not found Intune assignments to `Warning`. -* M365DSCIntuneSettingsCatalogUtil - * Add ADMX handling for `edge~httpauthentication_`. - FIXES [#5378](https://github.com/microsoft/Microsoft365DSC/issues/5378) (2/2) * DEPENDENCIES * Updated DSCParser to version 2.0.0.12. diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 index b9fc29e2af..9a6140387a 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.psm1 @@ -24,7 +24,7 @@ function Get-TargetResource [Parameter()] [System.Int32] [ValidateRange(7, 365)] - $passwordagedays_aad, + $PasswordAgeDays_AAD, [Parameter()] [System.Int32] @@ -118,7 +118,7 @@ function Get-TargetResource -ErrorAction Stop #Ensure the proper dependencies are installed in the current environment. - #Confirm-M365DSCDependencies + Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' @@ -237,7 +237,7 @@ function Set-TargetResource [Parameter()] [System.Int32] [ValidateRange(7, 365)] - $passwordagedays_aad, + $PasswordAgeDays_AAD, [Parameter()] [System.Int32] @@ -324,7 +324,7 @@ function Set-TargetResource ) #Ensure the proper dependencies are installed in the current environment. - #Confirm-M365DSCDependencies + Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName -replace 'MSFT_', '' @@ -433,7 +433,7 @@ function Test-TargetResource [Parameter()] [System.Int32] [ValidateRange(7, 365)] - $passwordagedays_aad, + $PasswordAgeDays_AAD, [Parameter()] [System.Int32] diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof index a3eb529bec..33aeb469d7 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy.schema.mof @@ -17,7 +17,7 @@ class MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy : OMI [Write, Description("Description of the account protection local administrator password solution policy.")] String Description; [Write, Description("Assignments of the account protection local administrator password solution policy."), EmbeddedInstance("MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments")] String Assignments[]; [Write, Description("Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD"), ValueMap{"0", "1", "2"}, Values{"0", "1", "2"}] UInt32 BackupDirectory; - [Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 passwordagedays_aad; + [Write, Description("Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365")] UInt32 PasswordAgeDays_AAD; [Write, Description("Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365")] UInt32 PasswordAgeDays; [Write, Description("Configures additional enforcement of maximum password age for the managed local administrator account.")] Boolean PasswordExpirationProtectionEnabled; [Write, Description("Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12")] UInt32 AdEncryptedPasswordHistorySize; diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 index 35d258852e..c3b6e71fd2 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.psm1 @@ -80,10 +80,6 @@ function Get-TargetResource [System.String] $authschemes, - [Parameter()] - [System.String] - $AuthSchemes_AuthSchemes, - [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -342,10 +338,6 @@ function Set-TargetResource [System.String] $authschemes, - [Parameter()] - [System.String] - $AuthSchemes_AuthSchemes, - [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -449,13 +441,6 @@ function Set-TargetResource $platforms = 'windows10' $technologies = 'mdm' - if ($BoundParameters.ContainsKey('authschemes')) - { - Write-Warning -Message "The parameter 'authschemes' is deprecated. Please use 'AuthSchemes_AuthSchemes' instead." - $BoundParameters['AuthSchemes_AuthSchemes'] = $BoundParameters['authschemes'] - $BoundParameters.Remove('authschemes') | Out-Null - } - if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Security Baseline Microsoft Edge with Name {$DisplayName}" @@ -604,10 +589,6 @@ function Test-TargetResource [System.String] $authschemes, - [Parameter()] - [System.String] - $AuthSchemes_AuthSchemes, - [Parameter()] [ValidateSet('0', '1')] [System.String] @@ -749,17 +730,6 @@ function Test-TargetResource } } - if ($PSBoundParameters.ContainsKey('authschemes')) - { - Write-Warning -Message "The parameter 'authschemes' is deprecated. Please use 'AuthSchemes_AuthSchemes' instead." - if ($PSBoundParameters['authschemes'] -ne $CurrentValues['AuthSchemes_AuthSchemes']) - { - $testResult = $false - } - $ValuesToCheck.Remove('authschemes') | Out-Null - $ValuesToCheck.Remove('AuthSchemes_AuthSchemes') | Out-Null - } - $ValuesToCheck.Remove('Id') | Out-Null $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.schema.mof index d8a2607bcb..8a9515e3d3 100644 --- a/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.schema.mof +++ b/Modules/Microsoft365DSC/DSCResources/MSFT_IntuneSecurityBaselineMicrosoftEdge/MSFT_IntuneSecurityBaselineMicrosoftEdge.schema.mof @@ -28,8 +28,7 @@ class MSFT_IntuneSecurityBaselineMicrosoftEdge : OMI_BaseResource [Write, Description("Force WebSQL to be enabled (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String WebSQLAccess; [Write, Description("Allow Basic authentication for HTTP (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String BasicAuthOverHttpEnabled; [Write, Description("Supported authentication schemes (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String MicrosoftEdge_HTTPAuthentication_AuthSchemes; - [Write, Description("(Deprecated) - Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes")] String authschemes; - [Write, Description("Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes")] String AuthSchemes_AuthSchemes; + [Write, Description("Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes")] String authschemes; [Write, Description("Allow user-level native messaging hosts (installed without admin permissions) (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String NativeMessagingUserLevelHosts; [Write, Description("Specifies whether to allow insecure websites to make requests to more-private network endpoints (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String InsecurePrivateNetworkRequestsAllowed; [Write, Description("Show the Reload in Internet Explorer mode button in the toolbar (0: Disabled, 1: Enabled)"), ValueMap{"0", "1"}, Values{"0", "1"}] String InternetExplorerModeToolbarButtonEnabled; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 index 6018fdbd85..0e1d844cfc 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/1-Create.ps1 @@ -34,7 +34,7 @@ Configuration Example } ); BackupDirectory = "1"; - passwordagedays_aad = 10; + PasswordAgeDays_AAD = 10; AdministratorAccountName = "Administrator"; PasswordAgeDays = 20; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 index c67e11eee7..08d2c88584 100644 --- a/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 +++ b/Modules/Microsoft365DSC/Examples/Resources/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy/2-Update.ps1 @@ -34,7 +34,7 @@ Configuration Example } ); BackupDirectory = "1"; - passwordagedays_aad = 15; # Updated Property + PasswordAgeDays_AAD = 15; # Updated Property AdministratorAccountName = "Administrator"; PasswordAgeDays = 20; ApplicationId = $ApplicationId; diff --git a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 index 9e9392dc88..1fa5f90e54 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCDRGUtil.psm1 @@ -2480,7 +2480,7 @@ function Update-IntuneDeviceConfigurationPolicy 'settings' = $Settings } $body = $policy | ConvertTo-Json -Depth 20 - # Write-Verbose -Message $body -Verbose + Write-Verbose -Message $body -Verbose Invoke-MgGraphRequest -Method PUT -Uri $Uri -Body $body -ErrorAction Stop } catch diff --git a/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 b/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 index 465189fd7a..2888ff7ad7 100644 --- a/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 +++ b/Modules/Microsoft365DSC/Modules/M365DSCIntuneSettingsCatalogUtil.psm1 @@ -67,7 +67,7 @@ } # When there is no parent, we can't use the parent setting name to make the setting name unique - # Instead, we traverse up the OffsetUri. + # Instead, we traverse up the OffsetUri. if ($null -eq $parentSetting) { $settingResult = Get-UniqueSettingDefinitionNameFromMultipleMatches -SettingDefinition $SettingDefinition -SettingName $settingName -SettingsWithSameName $settingsWithSameName @@ -98,7 +98,6 @@ 'pub16v2~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v2~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV2_') } 'pub16v3~Policy~L_MicrosoftOfficePublisher~*' { $settingName = $settingName.Replace('pub16v3~Policy~L_MicrosoftOfficePublisher', 'MicrosoftPublisherV3_') } 'microsoft_edge~Policy~microsoft_edge~*' { $settingName = $settingName.Replace('microsoft_edge~Policy~microsoft_edge', 'MicrosoftEdge_') } - 'edge~httpauthentication*' { $settingName = $settingName.Replace('edge~httpauthentication', 'MicrosoftEdge_HTTPAuthentication') } '*~L_Security~*' { $settingName = $settingName.Replace('~L_Security', 'Security') } '*~L_TrustCenter*' { $settingName = $settingName.Replace('~L_TrustCenter', '_TrustCenter') } '*~L_ProtectedView_*' { $settingName = $settingName.Replace('~L_ProtectedView', 'ProtectedView') }