Skip to content

Commit

Permalink
Merge branch 'microsoft:Dev' into andikrueger/issue3454_1
Browse files Browse the repository at this point in the history
  • Loading branch information
andikrueger authored Jul 26, 2023
2 parents 2f1b562 + bde0e4b commit f4c37c1
Show file tree
Hide file tree
Showing 4 changed files with 117 additions and 24 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@
FIXES [#3454](https://github.com/microsoft/Microsoft365DSC/issues/3454)

# 1.23.719.1

* AADCrossTenant
* Added Automatic Consent for inbound and Outbound trust settings
* EXOSharedMailbox
* Added capability to change the PrimarySMTPAddress of a Shared Mailbox
* SPOExternalUserExpireInDays
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ function Get-TargetResource
[Microsoft.Management.Infrastructure.CimInstance]
$InboundTrust,

[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$AutomaticUserConsentSettings,

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
Expand Down Expand Up @@ -79,7 +83,7 @@ function Get-TargetResource
$nullResult.Ensure = 'Absent'

$getValue = Get-MgBetaPolicyCrossTenantAccessPolicyPartner -CrossTenantAccessPolicyConfigurationPartnerTenantId $PartnerTenantId `
-ErrorAction SilentlyContinue
-ErrorAction SilentlyContinue

if ($null -eq $getValue)
{
Expand All @@ -104,24 +108,29 @@ function Get-TargetResource
{
$B2BDirectConnectOutboundValue = $getValue.B2BDirectConnectOutbound
}
if ($null -ne $getValue.AutomaticUserConsentSettings)
{
$AutomaticUserConsentSettingsValue = $getValue.AutomaticUserConsentSettings
}
if ($null -ne $getValue.InboundTrust)
{
$InboundTrustValue = $getValue.InboundTrust
}
$results = @{
PartnerTenantId = $getValue.TenantId
B2BCollaborationInbound = $B2BCollaborationInboundValue
B2BCollaborationOutbound = $B2BCollaborationOutboundValue
B2BDirectConnectInbound = $B2BDirectConnectInboundValue
B2BDirectConnectOutbound = $B2BDirectConnectOutboundValue
InboundTrust = $InboundTrustValue
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
TenantId = $TenantId
ApplicationSecret = $ApplicationSecret
CertificateThumbprint = $CertificateThumbprint
ManagedIdentity = $ManagedIdentity.IsPresent
PartnerTenantId = $getValue.TenantId
B2BCollaborationInbound = $B2BCollaborationInboundValue
B2BCollaborationOutbound = $B2BCollaborationOutboundValue
B2BDirectConnectInbound = $B2BDirectConnectInboundValue
B2BDirectConnectOutbound = $B2BDirectConnectOutboundValue
AutomaticUserConsentSettings = $AutomaticUserConsentSettingsValue
InboundTrust = $InboundTrustValue
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
TenantId = $TenantId
ApplicationSecret = $ApplicationSecret
CertificateThumbprint = $CertificateThumbprint
ManagedIdentity = $ManagedIdentity.IsPresent
}

return [System.Collections.Hashtable] $results
Expand Down Expand Up @@ -163,6 +172,9 @@ function Set-TargetResource
[Microsoft.Management.Infrastructure.CimInstance]
$B2BDirectConnectOutbound,

[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$AutomaticUserConsentSettings,
[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$InboundTrust,
Expand Down Expand Up @@ -212,13 +224,13 @@ function Set-TargetResource
$currentInstance = Get-TargetResource @PSBoundParameters

$OperationParams = ([Hashtable]$PSBoundParameters).Clone()
$OperationParams.Remove("Credential") | Out-Null
$OperationParams.Remove("ManagedIdentity") | Out-Null
$OperationParams.Remove("ApplicationId") | Out-Null
$OperationParams.Remove("TenantId") | Out-Null
$OperationParams.Remove("CertificateThumbprint") | Out-Null
$OperationParams.Remove("ApplicationSecret") | Out-Null
$OperationParams.Remove("Ensure") | Out-Null
$OperationParams.Remove('Credential') | Out-Null
$OperationParams.Remove('ManagedIdentity') | Out-Null
$OperationParams.Remove('ApplicationId') | Out-Null
$OperationParams.Remove('TenantId') | Out-Null
$OperationParams.Remove('CertificateThumbprint') | Out-Null
$OperationParams.Remove('ApplicationSecret') | Out-Null
$OperationParams.Remove('Ensure') | Out-Null

if ($null -ne $OperationParams.B2BCollaborationInbound)
{
Expand All @@ -240,6 +252,10 @@ function Set-TargetResource
$OperationParams.B2BDirectConnectOutbound = (Get-M365DSCAADCrossTenantAccessPolicyB2BSetting -Setting $OperationParams.B2BDirectConnectOutbound)
$OperationParams.B2BDirectConnectOutbound = (Update-M365DSCSettingUserIdFromUPN -Setting $OperationParams.B2BDirectConnectOutbound)
}
if ($null -ne $OperationParams.AutomaticUserConsentSettings)
{
$OperationParams.AutomaticUserConsentSettings = (Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettings -Setting $OperationParams.AutomaticUserConsentSettings)
}
if ($null -ne $OperationParams.InboundTrust)
{
$OperationParams.InboundTrust = (Get-M365DSCAADCrossTenantAccessPolicyInboundTrust -Setting $OperationParams.InboundTrust)
Expand Down Expand Up @@ -297,6 +313,10 @@ function Test-TargetResource
[Microsoft.Management.Infrastructure.CimInstance]
$InboundTrust,

[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$AutomaticUserConsentSettings,

[Parameter()]
[System.String]
[ValidateSet('Absent', 'Present')]
Expand Down Expand Up @@ -477,6 +497,10 @@ function Export-TargetResource
{
$Results.B2BDirectConnectOutbound = Get-M365DSCAADCrossTenantAccessPolicyB2BSettingAsString -Setting $Results.B2BDirectConnectOutbound
}
if ($null -ne $Results.AutomaticUserConsentSettings)
{
$Results.AutomaticUserConsentSettings = Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsString -Setting $Results.AutomaticUserConsentSettings
}
if ($null -ne $Results.InboundTrust)
{
$Results.InboundTrust = Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString -Setting $Results.InboundTrust
Expand Down Expand Up @@ -508,6 +532,11 @@ function Export-TargetResource
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
-ParameterName 'B2BDirectConnectOutbound'
}
if ($null -ne $Results.AutomaticUserConsentSettings)
{
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
-ParameterName 'AutomaticUserConsentSettings'
}
if ($null -ne $Results.InboundTrust)
{
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock `
Expand Down Expand Up @@ -702,13 +731,58 @@ function Get-M365DSCAADCrossTenantAccessPolicyB2BSetting
}
#endregion
$results = @{
Applications = $applications
Applications = $applications
UsersAndGroups = $usersAndGroups
}

return $results
}

function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettings
{
[CmdletBinding()]
[OutputType([System.Collections.Hashtable])]
param(
[Parameter(Mandatory = $true)]
[System.Object]
$Setting
)

$result = @{
InboundAllowed = $Setting.InboundAllowed
OutboundAllowed = $Setting.OutboundAllowed
}

return $result
}

function Get-M365DSCAADCrossTenantAccessPolicyAutomaticUserConsentSettingsAsString
{
[CmdletBinding()]
[OutputType([System.String])]
param(
[Parameter(Mandatory = $true)]
$Setting
)

$StringContent = $null
if ($null -ne $Setting.InboundAllowed -or $null -ne $Setting.OutboundAllowed)
{
$StringContent = "MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings {`r`n"
if ($null -ne $Setting.InboundAllowed)
{
$StringContent += " InboundAllowed = `$" + $Setting.InboundAllowed.ToString() + "`r`n"
}
if ($null -ne $Setting.OutboundAllowed)
{
$StringContent += " OutboundAllowed = `$" + $Setting.OutboundAllowed.ToString() + "`r`n"
}
$StringContent += " }`r`n"
}

return $StringContent
}

function Get-M365DSCAADCrossTenantAccessPolicyInboundTrust
{
[CmdletBinding()]
Expand Down Expand Up @@ -739,7 +813,7 @@ function Get-M365DSCAADCrossTenantAccessPolicyInboundTrustAsString

$StringContent = $null
if ($null -ne $Setting.IsCompliantDeviceAccepted -or $null -ne $Setting.IsHybridAzureADJoinedDeviceAccepted -or `
$null -ne $Setting.IsMfaAccepted)
$null -ne $Setting.IsMfaAccepted)
{
$StringContent = "MSFT_AADCrossTenantAccessPolicyInboundTrust {`r`n"
if ($null -ne $Setting.IsCompliantDeviceAccepted)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@ class MSFT_AADCrossTenantAccessPolicyB2BSetting
[Write, Description("The list of users and groups targeted with your cross-tenant access policy."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyTargetConfiguration")] String UsersAndGroups;
};

[ClassVersion("1.0.0")]
class MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings
{
[Write, Description("Specifies whether you want to automatically trust Inbound invitations..")] Boolean InboundAllowed;
[Write, Description("Specifies whether you want to automatically trust Outbound invitations.")] Boolean OutboundAllowed;
};

[ClassVersion("1.0.0")]
class MSFT_AADCrossTenantAccessPolicyInboundTrust
{
Expand All @@ -35,6 +42,7 @@ class MSFT_AADCrossTenantAccessPolicyConfigurationPartner : OMI_BaseResource
[Write, Description("Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BCollaborationOutbound;
[Write, Description("Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BDirectConnectInbound;
[Write, Description("Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyB2BSetting")] String B2BDirectConnectOutbound;
[Write, Description("Determines the partner-specific configuration for accepting trust claims from other tenant invitations."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings")] String AutomaticUserConsentSettings;
[Write, Description("Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations."), EmbeddedInstance("MSFT_AADCrossTenantAccessPolicyInboundTrust")] String InboundTrust;
[Write, Description("Specify if the policy should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure;
[Write, Description("Credentials of the Admin"), EmbeddedInstance("MSFT_Credential")] string Credential;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
| **B2BCollaborationOutbound** | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration. | |
| **B2BDirectConnectInbound** | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect. | |
| **B2BDirectConnectOutbound** | Write | MSFT_AADCrossTenantAccessPolicyB2BSetting | Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect. | |
| **AutomaticUserConsentSettings** | Write | MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings | Determines the partner-specific configuration for accepting trust claims from other tenant invitations. | |
| **InboundTrust** | Write | MSFT_AADCrossTenantAccessPolicyInboundTrust | Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations. | |
| **Ensure** | Write | String | Specify if the policy should exist or not. | `Present`, `Absent` |
| **Credential** | Write | PSCredential | Credentials of the Admin | |
Expand Down Expand Up @@ -45,6 +46,15 @@
| **Applications** | Write | MSFT_AADCrossTenantAccessPolicyTargetConfiguration | The list of applications targeted with your cross-tenant access policy. | |
| **UsersAndGroups** | Write | MSFT_AADCrossTenantAccessPolicyTargetConfiguration | The list of users and groups targeted with your cross-tenant access policy. | |

### MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings

#### Parameters

| Parameter | Attribute | DataType | Description | Allowed Values |
| --- | --- | --- | --- | --- |
| **InboundAllowed** | Write | Boolean | Specifies whether you want to automatically trust Inbound invitations.. | |
| **OutboundAllowed** | Write | Boolean | Specifies whether you want to automatically trust Outbound invitations. | |

### MSFT_AADCrossTenantAccessPolicyInboundTrust

#### Parameters
Expand Down

0 comments on commit f4c37c1

Please sign in to comment.